diff --git a/WPScan-User-Documentation.md b/WPScan-User-Documentation.md
index 6ec4bf6..98fc985 100644
--- a/WPScan-User-Documentation.md
+++ b/WPScan-User-Documentation.md
@@ -6,6 +6,25 @@ WPScan is a free, for non-commercial use, black box WordPress vulnerability scan
 
 WPScan is written in the Ruby programming language. The first version of WPScan was released on the [16th of June 2011](https://blog.dewhurstsecurity.com/2011/06/16/introducing-wpscan-wordpress-security-scanner.html).
 
+## What can WPScan check for?
+
+- The version of WordPress installed and any associated vulnerabilities
+- What plugins are installed and any associated vulnerabilities
+- What themes are installed and any associated vulnerabilities
+- Username enumeration
+- Users with weak passwords via password brute forcing
+- Backed up and publicly accessible wp-config.php files
+- Database dumps that may be publicly accessible
+- If error logs are exposed by plugins
+- Media file enumeration
+- Vulnerable Timthumb files
+- If the WordPress readme file is present
+- If WP-Cron is enabled
+- If user registration is enabled
+- Full Path Disclose
+- Upload directory listing
+- And much more...
+
 ## Installation
 
 ### Ruby Gem