| Title: | Wordpress Permission Hack |
| URL: | http://www.rimmkaufman.com/rkgblog/2006/08/31/wordpress-permission-hack/ |
| Printed: | March 14, 2010 |
| Source: | The Rimm-Kaufman Group Blog, info@rimmkaufman.com |
- August 31, 2006
- 4 comments
I wanted to make a few edits to some blog drafts but lacked sufficient permissions.
I’m no WordPress expert and our IT staff had left for the day.
Here’s a quick way to get WP admin privileges if you have a root password for the relevant server:
- Retrieve the WordPress mysql admin username and password from wp-config.php.
(This file is at the WordPress base directory.) - In mysql, look in wordpress.wp_users to find your userid.
- Update your wp_level to 10.
Shazam — you’re good to go. Happy edits.
If you like this post, consider subscribing to our RSS feed. You can also have new posts sent to you via email.
Related Posts
- WordPress as CMS: Scope and Initial Progress We're migrating our corporate brochureware site to Wordpress. A few days into the project, we discuss project scope, plugins, url structures. Progress is slow due...
- More Tips For Using WordPress As A Web Content Management System Some thoughts on migrating our corporate site to Wordpress, along with some code snippets....
- Block Russian Comment Spam In Wordpress Configure Akismet to vanish Russian spam comments. ...
- WordPress As CMS During January, we're going to migrate our public website to WordPress, and we intend to blog about this migration process as we do so. We'll...
Perhaps a little bit more text would make this post healthy. is this some kind of hacking trick about word press?
It isn’t a security hack as you need to have command line access and permissions to the wordpress server.
It is a admin hack as it retrieves wordpress login data from outside wordpress, bypassing wordpress screens.
Is there no way for an ordinary member to hack to change his privelages to admin?
If the WP install is secure, an outsider shouldn’t be able to change their privileges upward. If you’re trusted enough to have root on the server (the situation in this post), then you have the power to do anything. If an outsider compromises root, then game over, and WP privileges are the least of your worries.