How to Find Candidates on WordPress Sites
Learn effective techniques for finding candidates on WordPress sites. Discover the strategies and methods to streamline your candidate search and optimize your recruitment process.
Did you know that 43.1% of all websites on the internet are built on WordPress? According to data from W3Techs, WordPress powers over 43.1% of all websites and accounts for 63.1% of the global CMS market share.
What is WordPress?
WordPress is a free and open-source content management system based on PHP and MySQL. With over 810 million websites running on WordPress as of 2022, it powers over 43% of all websites on the internet.
Out of the total websites using WordPress, around 37.7% or 172 million are hosted on WordPress.com, the hosted service operated by Automattic. The rest are self-hosted WordPress sites installed independently. This means over 20% of all self-hosted websites use WordPress software, indicating its widespread popularity.
However, with large adoption comes security concerns. Many WordPress site owners fail to regularly update their sites and properly secure access. In particular, leaving default WordPress directories like /wp-admin, /wp-content, and /wp-includes unprotected with authentication methods like .htaccess is a common mistake.
To understand WordPress security, it helps to know how the platform organizes content. The /wp-content directory contains user-generated data like themes, plugins, media uploads. The /uploads subfolder under /wp-content stores all uploaded files, making it a particularly interesting area.
How to Find Candidates on WordPress Sites
We need to target only one folder, which is /wp-content/ because we are interested in one specific subfolder in this folder. The /wp-content/ folder has three subfolders: plugins, themes, and uploads. Also, as you have probably already guessed, we are going to be targeting the /uploads/ subfolder.
The reason is simple: this is where all the files are stored.
Targeting Unprotected WordPress Upload Folders
WordPress stores user-uploaded files in the /wp-content/uploads/ directory by default. Unfortunately, many site owners neglect to protect access to this folder, creating security vulnerabilities.
Using search engines to scan for unprotected upload directories represents one approach to finding exposed resumes or CVs. The query:
inurl:/wp-content/uploads/
Will locate WordPress sites permitting open access to upload folders. Adding resume-related keywords expands results:
inurl:/wp-content/uploads/ (CV OR resume OR "curriculum vitae")
This searches for upload directories containing files with “CV”, “resume” or “curriculum vitae” in the titles.
However, accessing these sites to obtain private information raises legal and ethical concerns. Therefore, any actions and access are solely your responsibility. Nevertheless, this technique can be used by white-hat researchers to inform site owners and help enhance their security measures.
Advanced Techniques for Finding Exposed Documents
Search queries can be refined to focus on specific file types and keywords in unprotected WordPress upload folders:
inurl:/wp-content/uploads/ (CV OR resume OR "curriculum vitae") filetype:pdf -sample -example
This targets PDF files with curriculum vitae-related titles, excluding false positives such as "sample resume.pdf".
Additionally:
inurl:/wp-content/uploads/ filetype:xlsx "attendees"
Locates potentially exposed Microsoft Excel sheets with "attendees" keyword.
inurl:/wp-content/uploads/ filetype:doc "Confidential"
Overall, these examples demonstrate techniques a responsible security researcher could use to help websites fix vulnerabilities.
Search on WordPress Sites
WordPress's open nature and widespread usage make auditing its security a priority. The content management platform's default file structure centralizes user uploads in the /wp-content/uploads/ folder, often left unprotected. Through carefully crafted search engine queries, one can surface misconfigured sites exposing private resumes and documents.
However, viewing others' personal information without consent brings up ethical issues, even if negligence enabled access. Instead of exploiting vulnerabilities, the responsible approach is to discreetly notify site owners to fix exposed directories.
For well-meaning security analysts, WordPress' adoption provides opportunities to assist administrators in shoring up oversights.
What is behind the paywall?
How to Locate Email Addresses on Security Experts
How to Find Candidates on WordPress with Boolean Search Examples:
Search by Specific Professions or Skills
Search by Education or Certifications
Search for Portfolio Files
Searching for Leadership and Management Roles
Looking for Freelancers or Contractors
Finding List of Attendees