Opening a Backdoor in WordPress Dashboard

I recently found this neat little snippet of code, which essentially can be entered into any theme’s functions.php file and can be used to inject a user account with a specific name/password and full administrative rights into any WordPress install by simply visiting a secret URL. Fun! This thing seems pretty malicious, but I can think of a few

Read the full article…