Aug 312006

Wordpress Permission Hack

I wanted to make a few edits to some blog drafts but lacked sufficient permissions.

I'm no WordPress expert and our IT staff had left for the day.

Here's a quick way to get WP admin privileges if you have a root password for the relevant server:

  • Retrieve the WordPress mysql admin username and password from wp-config.php.
    (This file is at the WordPress base directory.)
  • In mysql, look in wordpress.wp_users to find your userid.
  • Update your wp_level to 10.

Shazam -- you're good to go. Happy edits.


4 Responses to "Wordpress Permission Hack"
Hacker says:
Perhaps a little bit more text would make this post healthy. is this some kind of hacking trick about word press?
It isn't a security hack as you need to have command line access and permissions to the wordpress server. It is a admin hack as it retrieves wordpress login data from outside wordpress, bypassing wordpress screens.
Hacker_1 says:
Is there no way for an ordinary member to hack to change his privelages to admin?
If the WP install is secure, an outsider shouldn't be able to change their privileges upward. If you're trusted enough to have root on the server (the situation in this post), then you have the power to do anything. If an outsider compromises root, then game over, and WP privileges are the least of your worries.

Leave A Comment