Backdoor login to WordPress

For the situation where you do not have a WordPress admin login/password to an existing site, but do have FTP access, there is a solution.

There is a snippet of code you can add to the functions.php file that will instantly create a user upon access to the site.

Instructions:

  1. Determine the theme that the site is using. To figure this out,  open any web site page.  Using the browser tools, view the source code. Search the code for the path /wp-content/themes. The theme name will be directly after the /themes folder.
  2. FTP into the site, and find  the functions.php file under the theme directory identified above.
  3. For safety, make a copy of the functions.php file, in case you edit fails.
  4. Paste the code below, and change the username, password and email address to the desired user.

add_action( ‘init’, function () {

$username = ‘admin’;
$password = ‘password’;
$email_address = ‘webmaster@mydomain.com’;

if ( ! username_exists( $username ) ) {
$user_id = wp_create_user( $username, $password, $email_address );
$user = new WP_User( $user_id );
$user->set_role( ‘administrator’ );
}

} );

  1. View any page on the site. Once you load a page, the code will run, and the new user will be added.
  2. Delete the code that was just added from the functions.php file.
  3. Test the login by going to the WordPress login screen for the site.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.