![]() For someone to create such backdoor, he or she would need FTP access to your WordPress website. Please note that by posting information about this WordPress backdoor online, we are not exposing anything malicious. This information in this post should only be used for educational and learning purposes. WP White Security Tip: We DO NOT recommend you to use such WordPress backdoor. Also use a strong username and password (specified on line 8). If you would like to use the above WordPress backdoor for whatever reason you might have, use a different URL (by changing the GET variable and value on line 5) from the one specified in the above exampled. Password: Pa55W0rd Using the WordPress Backdoor Using the above example, once the WordPress backdoor is triggered a new WordPress administrator account is created with the following credentails: How Does the WordPress Password Backdoor Work? The backdoor can be triggered by accessing the URL (if installed on (this is a NON working example)). It is a simple PHP function that can be added to the WordPress theme’s functions.php file. The WordPress backdoor is listed in the below example. In fact we DO NOT recommend anyone to use such a backdoor in his or her WordPress installation. Note: This post is for educational and learning purposes ONLY. ![]() In this post we will have a look at this WordPress backdoor’s code and explain how it works. Once the WordPress backdoor is triggered, a new WordPress user with Administrator role is automatically created on the customer’s WordPress website, which a malicious user can use to regain access to someone’s WordPress installation any time he or she wants. The WordPress backdoor is a very simple, yet powerful PHP script which can be triggered by accessing a specific URL using a normal web browser, such as Google Chrome of Firefox. While doing a WordPress security audit and WordPress security lock down for one of our customers, I noticed he had a WordPress password backdoor installed on his WordPress installation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |