How toreviews


Want create site? Find Free WordPress Themes and plugins.

Hey guys and how are you? So today we will be talking about website security, particularly wordpress users.

As we all know protecting you website is not all in a days work, so i have taken it upon my self to ensure that your website does not get hacked especially for bloggers that are still new to the blogging stuff.


WordPress security has always been a food for thought. Even though most of the latest updates deal with the safety issues, but there is still a lot of ways to improve that security even by the less techy-savvy of us.In this article, ill consider showing a couple of ways I can hack a website and hope you learn from them.

STEP 1-FINDING VULNERABILITies in your website

The first thing I would do if I own a website that has passed it’s development stage is that I would try to hack it using an hacking tool called Haviji pro to check for sql vulnerability. I know you are wondering “but I have plugins”? Yes,it can still be hacked. So let me show how;

you must take a look on plugin files and their coding. Might be somewhere coder is using sql queries without awareness of SQL Injection way to hack wordpress website. If this is somewhere, hacker will use union query and can fetch your all database rows from wp_users table and below is an example query to fetch all wordpress users using union query to know email addresses of all users.

What exactly  the hacker is doing is here to know email of the admin, for this, he is using an union query.

Also Read  What To Do when your phone drops into water

Few months ago, Plugin all-video-gallery had a Vulnerabilities in config.php because of following code.

In this query, Plugin developer was using $_pid variable directly in query without any type casting.


So hacker could pass this union query using pid attribute parameter in url like this.

if you append that union query in this query it’s become as below.

This file output is a xml file

how to hack wordpress site step 1 How to Hack a WordPress Site using SQL Injection

Step 2 -Reset WordPress Password and Get Activation Key

After the hacker must have used union query to know the email if the email of the admin,

Now the hacker will  try to reset your password using administrator’s email. For this, they’ll go to login page and will click on Lost Your Password link. On this time, A new activation code will be mailed to administrator’s email and hacker will get this activation code using following query.

Again, They’ll pass this union query as previous step.

This file output is a xml file as below

Also Read  How To Get A Working Whatsapp For BB Z10,Q10,Q30 And Passport

how to hack wordpress website step 2 How to Hack a WordPress Site using SQL Injection

Step 3 -use activation key and reset password

This one is last step where he’ll actually reset your password and will get full control on your wordpress website. In this step, He’ll use activation key to reset password and will follow this link http://{DOMAIN_NAME_HERE}/wp-login.php?action=rp&key={ACTIVATION_KEY_HERE}&login={USERNAME_HERE}

So a hacker could be able to access your wordpress website and can have full control on your website. Normally they insert malicious code on your files or modify a plugin file to become that as a wordpress backdoor to hack your website again.


Did you find apk for android? You can find new Free Android Games and apps.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: