Snoop Around and Access Someone’s WordPress Dashboard Panel

While doing some testing on one of my websites that uses WordPress, I registered as a subscriber.   Later on, while still logged in as the subscriber, I typed in the URL that I would have used as the admin, forgetting that I wasn’t logged in as the admin. Surprisingly, I was still taken to the back-end dashboard of the website, although I didn’t have the same level of access or ability to make changes.

Although there isn’t much (if anything) that can be done in the Dashboard as a subscriber, there is still a treasure trove of information that can be found. A subscriber can see the publisher’s post count, comment count, spam count, recent incoming links, and possibly most importantly, the WordPress version that is running on the website.

The reason it’s important to shield others from seeing the WordPress version you are running is because many WP updates have security components due to known exploits. If someone is behind on their upgrade, a hacker may be able to do something malicious with one of the known exploits. There are other ways to find out what version of WP someone is running (footer or source code), but many people prevent the display of this info by using a special plugin or coding to have it removed.

There is a way to prevent access to your dashboard, and it’s something I implemented already (see screenshot above). Under Settings in the Dashboard, there is a link for General settings. On this page, make sure the “Anyone can Register” check box is not checked and people won’t be able to register. If you do allow people to register, make sure the default is Subscriber so they don’t have other privileges.

Even if you don’t have a link displayed for people to register, they can use the standard registration url used by all WordPress blogs and websites (just substituting your domain name). It’s not terrible if someone gains access to your Dashboard, but I don’t think it’s helpful either.

Elliot Silver
Elliot Silver
About The Author: Elliot Silver is an Internet entrepreneur and publisher of DomainInvesting.com. Elliot is also the founder and President of Top Notch Domains, LLC, a company that has closed eight figures in deals. Please read the DomainInvesting.com Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest. Reach out to Elliot: Twitter | Facebook | LinkedIn

3 COMMENTS

  1. El-Sil,

    thanks for thinking of us and posting this. You rock. Buy a double Lagavulin Islay scotch for yourself at Domainfest, and send me the bill… 😉

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Recent Posts

Squadhelp Adds Escrow.com as a Payment Option

1
Squadhelp has added Escrow.com as a payment option for buyers. The addition of the Escrow.com option was shared by ARIYAS on X this morning: 👍...

Some Thoughts on .AI Domain Names

10
There is no question that .AI domain names have become a hot topic of late. With considerable amounts of venture funding flowing into AI...

Handoff to Dan on Imported Leads Can be Confusing

0
I've been using the lead import option at Dan.com more regularly. Although the 5% commission is not ideal, transactions tend to move more quickly...

ArtificialIntelligence.com Goes Up for Sale

11
I tried to buy the ArtificialIntelligence.com domain name multiple times over the last 10 years. The emails I sent to the registrant went unanswered,...

EU Gives More IP Protection to Food & Drink Producers

0
Did you know that some well-known food and drink varieties are protected intellectual property regulations? Popular types of drinks and foods that are protected...