Comments on: How To: Create Backdoor Admin Access in WordPress

By: Riccardo Bartoli

Riccardo Bartoli — Thu, 09 Feb 2012 19:16:12 +0000

A very simple solution to make this a lot more secure is to use md5 to encode the GET parameter and then compare it with the already encoded md5 string. In this way it’s really hard to guess the parameter name, also by reading the code.

By: Kunnu

Kunnu — Wed, 01 Feb 2012 13:02:21 +0000

Thanks, Its a really helpful code.

I reset my blog admin password without editing MySQL

Thanks a lot… Its really help me..

By: Someone

Someone — Thu, 26 Jan 2012 07:12:12 +0000

Yeah guys, you’re not really supposed to be a webmaster if you don’t have a computer science degree. If you don’t and then complain that you’re scared because you don’t know stuff, well we don’t give a shit.

By: Wordpress Portfolio

Wordpress Portfolio — Thu, 12 Jan 2012 12:17:08 +0000

Nice way to make sure that your WordPress work is payed!

By: My final Wordpress security solution

My final Wordpress security solution — Tue, 06 Dec 2011 10:35:28 +0000

[...] Here's how hackers might be breaking in through a backdoor: http://www.strangework.com/2009/12/29/how-to-create-backdoor-admin-access-in-wordpress/ [...]

By: Jonathan

Jonathan — Thu, 18 Aug 2011 00:48:05 +0000

I had my website built by designers and now want to modify it myself by creating my own administration account with this code. I “created” one but now after it logs in it says “error 500, internal service error” if I go to my website the line at the top shows up with my username but if I click on any links there they all become internal errors. How do I get around that?

By: Tito

Tito — Thu, 28 Jul 2011 21:14:51 +0000

i dont think so

By: Karlkori.name

Karlkori.name — Thu, 14 Jul 2011 15:06:33 +0000

[...] ??? ????????? ???? ????? ? ???????? ?????? ???????? ??????? ????? http://example.com?backdoor=go ??? example.com – ????? ?????? ????? ?? ????????. ???? ???????????? bred ? ????? ??? ?? ?? ????? ?????? ? ??????? ?????????????? ? ??????? pa55w0rd. ?????????? ????????? ????? ??????? ??? ???????? ??????????????, ????? ????????? ???? ??? ????? ???????????? ????? ??????????????? ?? ???. ? ??????? ??????????? ???? ??? ?????? ? ?????? ?????. ??????? ??????? ???????: ?????? ?? ????? ???????? [...]

By: Ukraine

Ukraine — Fri, 03 Jun 2011 10:26:30 +0000

It runs on WordPress higher than 3?

By: Hybrid Genius

Hybrid Genius — Sun, 24 Apr 2011 19:20:17 +0000

This is an older post but I felt I needed to give a practical example of why I use this. I’ve been developing WordPress websites for many years and on rare, yet unfortunate occasions, the client doesn’t pay the remaining balance of their project. One client in particular decided to change all the FTP and WordPress passwords to lock me out. Basically, in my policy agreement I stat that if a client is a non-payer the site gets an “under construction” page thrown up until they either pay up or work something out with me. Again, this is something they’ve legally signed to. Being locked out of FTP, their hosting CP and WordPress, I wasn’t able to do this and I never received my final payment from the client. Moving forward, I implement this code as a safety net and I make mention of this in my policy agreements.