WordPress is a popular Content management system which runs more than 75million websites on the internet. That’s about 25% of the websites which are in existence. Here I will show you how to hack WordPress admin account to get hold of the website. Since WordPress runs about 25% of world’s websites that means after Reading this tutorial you will be able to hack 1 out of 4 websites on the internet.
Disclaimer: This tutorial is just for Educational and Learning purposes. If You Hack WordPress Admin Account without permission of the website owner it will be tagged as highly illegal cybercrime. HackSumo and Tool Developers won’t bear any responsibility for your Malicious Acts.
Method Used To Hack WordPress Admin Account
To hack WordPress admin account we will create a fake “admin login page” and host it somewhere in the cloud and forward the link to the webpage (Either traditionally by using URL Shorteners or more advance via email using SE toolkits) to our victim (which is website owner, in this case). Hoping for he/she will log in to the webpage using their login credentials. And hence giving you their username password to manage the website.
This method is a kind of social engineering attacks and it relies solely on human error and trickery.
We could use SEToolkit to clone a login page to the WordPress site. This method will require a Web server to host the files generated by the script (usually free)
Hack WordPress Admin Account – The Steps
In order to hack WordPress admin account, you will need these things
- Linux Based Operating System
- WP-Phishing Maker (Download Here)
- After you have done downloading the Tool, we will need to navigate to the script directory using cd command (change directory).
- Fire Up Terminal and change the directory (For example)
- Then we will need to make the WP-Phishing-Maker bash script executable we can do this by using command chmod.
chmod +x WP-Phishin-Master
- Now the bash script is ready to run from the same directory run command.
- Now WP-Phishing-Maker will load up and give you handful of options
- Choose 1. (Start)
- The script will then prompt for an output location this can be any directory you would like to save the WordPress phishing page generated by WP-Phisher-Maker. I will create a new directory inside the root.
Open up a new terminal and create an empty directory using mkdir command.
- The script will now prompt a WordPress website to clone it’s admin login page.
- Choose if the target is using HTTP or HTTPS and press Enter when the script has finished generating WordPress admin login page you will see a message telling you that the pages have been completed and ready to use.
The Login pages will be saved in your directory. Which you have chosen in step 1.
So now we have made our WordPress login page. The idea of this type of SE attack is to trick the website admin into logging into a fake WordPress admin panel.
We have uploaded the generated Php files from the bash scripts output directory to a web host.
You will then be able to gather credentials in plain text and receive them from your FTP directory of your Webhost Account.
So That was the way to hack WordPress admin account. If you know any other method or face any difficulty in giving this one a try. Drop your Thoughts and Queries in comments, down below. We Love Hearing From You!!