Created
May 25, 2018 02:18
-
-
Save Shagshag/cf0f3b0b4c9134804b9bb0b05d5185c5 to your computer and use it in GitHub Desktop.
This script allows to login to WordPress without password. Put it on the root of your blog by FTP then visit the URL http://yourblog/wp_logtoadmin.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * 1. Change the password below, it's encoded with m5d https://duckduckgo.com/?q=md5+toto | |
| * 2. Put this file at the root of your shop | |
| * 3. Visit the URL http://yourblog/wp_logtoadmin.php | |
| **/ | |
| $auth_pass = "f71dbe52628a3f83a77ab494817525c6"; //toto | |
| // display login screen | |
| if (!isset($_POST['pass']) | |
| || (md5($_POST['pass']) != $auth_pass) | |
| ) { | |
| ?><!doctype html> | |
| <html class="no-js" lang="en"> | |
| <head> | |
| <meta charset="utf-8"/> | |
| <meta name="viewport" content="width=device-width, initial-scale=1.0"/> | |
| <title data-l10n-id="title">Admin login</title> | |
| <link rel="stylesheet" href="http://dhbhdrzi4tiry.cloudfront.net/cdn/sites/foundation.min.css"> | |
| </head> | |
| <body> | |
| <br/> | |
| <div class="row"> | |
| <div class="medium-12 columns"> | |
| <div class="callout alert"> | |
| <h5>This form allows to login in administration panel when you forgot your password.</h5> | |
| <p>Don't forget to delete it after use.</p> | |
| </div> | |
| </div> | |
| <form method="post"> | |
| <div class="medium-12 columns"> | |
| <label for="pass">Password : <input type="password" name="pass" id="pass" autofocus /></label> | |
| </div> | |
| <div class="medium-12 columns"> | |
| <input type="submit" value="Send" class="button"> | |
| </div> | |
| <div class="medium-12 columns"> | |
| <input type="checkbox" name="sucide" id="suicide" checked="checked"/> | |
| <label for="suicide">Delete this file</label> | |
| </div> | |
| </form> | |
| </div> | |
| </body> | |
| </html><?php | |
| exit; | |
| } | |
| // delete this file | |
| if (isset($_POST['sucide'])) { | |
| @unlink(__FILE__); | |
| } | |
| require_once(dirname(__FILE__).'/wp-load.php'); | |
| $admin = reset(get_users('role=administrator&number=1')); | |
| wp_set_current_user($admin->ID, $admin->user_login); | |
| wp_set_auth_cookie($admin->ID); | |
| do_action('wp_login', $admin->user_login); | |
| // redirect to admin | |
| ?><!doctype html> | |
| <html> | |
| <meta http-equiv="Refresh" content="0;URL=<?php echo get_admin_url(); ?>"> | |
| <head> | |
| <script language="javascript" type="text/javascript"> | |
| window.location.replace("<?php echo get_admin_url(); ?>"); | |
| </script> | |
| <div style="text-align:center; margin-top:250px;"><a href="<?php echo get_admin_url(); ?>">Click here to launch Administration panel</a></div> | |
| </head> | |
| </html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment