Add WP Theme file with limited access

Recently I found myself with limited access to a client site. All I had was wp-admin. No server or database or anything.

A neat trick to add a theme file, use in the header.php, hit a page on the site, remove it. And you now have a new template file you can edit on the client’s site.

No remote access required.

It does show you how vulnerable your whole site is if someone gets logged in with admin privileges.