WPScan is a tool designed to test the security of a WordPress web site.
To use it, simply type:
wpscan --url <websitetocheck>
Adding -e u parameter it will try to find also users
wpscan --url <websitetocheck> -e u
It’s possible to use also brute force to guess users and password using –usernames <filenameWithUserList> –passwords <filenameWithpasswordList>
If you already know the username: -u <username> -P <filenameWithpasswordList>