What is wordpress? According to Wikipedia: WordPress is a free and open source blogging tool and a content management system (CMS) based on PHP and MySQL which runs on a Web hosting service. Features include a plug-in architecture and a template system.
WordPress is used by over 14.7% of Alexa Internet's 'top 1 million' websites, and as of August 2011 manages 22% of all new websites. WordPress is currently the most popular blogging system in use on the Web, powering over 60 million websites worldwide. And this is the definition about Social Engineering: Social engineering, in the context of information security, is understood to mean the art of manipulating people into performing actions or divulging confidential information. This is a type of confidence trick for the purpose of information gathering, fraud, or gaining computer system access. It differs from traditional cons in that often the attack is a mere step in a more complex fraud scheme.
A few days back I got a premium wordpress themes from one of my friends, this themes was downloaded from warez website. Doesn't mean I suspected the warez website to spread the malicious code (even mostly you will find it 😛 ), because there's still many good guy there, but it is good if you examine first all the code that you will use in your website. Today we will learn about the technique how to inject a wordpress theme with a backdoor inserted on the source code. This is for learning purpose only, at the end of this we also will learn about the conclusion how to detect and remove the backdoor in your wordpress themes.
Requirements: 1. 
Understand PHP. Know wordpress codex.
Get a free wordpress themes (I use this one wordpress.org/ themes/ download/attitude.1.2.1.zip in this ) Step by Step WordPress Hacking Tutorials to Add Administrator User Secretly: 1. I've already download my wordpress themes (I use the free one from the link above). This is the file content preview 2. Usually the file that always called by wordpress is the function.php file.
This is the preview of the function.php.( /attitude/library/functions/functions.php) 3. We've already have a small script to be inserted in this functions.php file. You can download the script below(only for subscribers). We can trigger the add user function by sending the v4l parameter with value ok through GET method.
Hacking Tutorials. 6,063 likes 126 talking about this. Increasing security awareness, teaching the basics of security, pentesting and ethical hacking. How To Hack Windows 8 Admin Password. Learn to Hack Windows 8, Windows 8.1 Login Passwords and become Administrator. Hacking Facebook – Fb Status Hack; How To Install NetFramework 3.5 Offline On Windows 10 & Windows 8.1 / 8; How To Jailbreak iPhone 4, iPhone 3GS, iPod Touch 4G on iOS 6.1.3 Using Redsn0w. Finale notepad download for mac.
E.g: website-target.com//? The information for username and password for this are: username: hackingtutorial password: 12345 you can change this username and password by your own The step by step WordPress Tutorials to Add Administrator User Secretly you can view on the video below: Conclusion: 1. Download the wordpress themes only from the trusted source. Buy was better than 'free download' 😀 3. Usually this kind of attack you can find on a premium wordpress themes(nulled edition or warez), make sure you check one by one the themes code to prevent the attack.
You can give a try to find the strings below in your themes code (especially the nulled and warez edition) to check whether it has a malicious code or not. Base64_encode (most attacker use base64 encoding) (check the URL that going somewhere), anyone want to add? Hope you found it useful 🙂 Update: View the related about.