9
import requests

with requests.Session() as s:
    headers1 = {'Cookie':'wordpress_test_cookie=WP Cookie check'}
    datas={'log':'admin','pwd':'admin','wp-submit':'Log In','redirect_to':'/wordpress/wp-admin/','testcookie':'1'}
    s.post("http://ip/wordpress/wp-admin",headers=headers1,data=datas)
    re = s.get("http://ip/wordpress/wp-admin").text
    print (re)

With this code I should be able to login my wordpress, but doesn't work. Using a web proxy I found that when clicking the login button, my browser sends a session cookie to the webserver. With Python, I don't know how to do that task and my hypothesis is: I need to find a way to send a cookie when sending the post request (login form).

Bob Ebert
  • 1,342
  • 4
  • 22
  • 41
  • hi there - good day dear Bob. Many thanks for stepping up the plate with this great question. i also want to log into Wordpress. - i need to log into the support forums - here: https://wordpress.org/support/forums/ i think that we can do this with the python-requests. This is probalbly doable. What do you say!? I love to hear from you. Regards martin – zero Jun 20 '20 at 20:47

1 Answers1

18

Your code is ok, but you should submit the post data to /wp-login.php, not /wp-admin/ 

wp_login = 'http://ip/wordpress/wp-login.php'
wp_admin = 'http://ip/wordpress/wp-admin/'
username = 'admin'
password = 'admin'

with requests.Session() as s:
    headers1 = { 'Cookie':'wordpress_test_cookie=WP Cookie check' }
    datas={ 
        'log':username, 'pwd':password, 'wp-submit':'Log In', 
        'redirect_to':wp_admin, 'testcookie':'1'  
    }
    s.post(wp_login, headers=headers1, data=datas)
    resp = s.get(wp_admin)
    print(resp.text)

If it still doesn't work try with 'Referer' and 'User-Agent' in the headers

t.m.adam
  • 15,106
  • 3
  • 32
  • 52
  • 1
    Not to worry @t.m.adam. You have always been an immense help. – asmitu Mar 30 '20 at 19:35
  • hi there - good day dear t.m.adam. Many thanks for stepping up the plate with this great question. i also want to log into Wordpress. - i need to log into the support forums - here: https://wordpress.org/support/forums/ i think that we can do this with the python-requests. This is probalbly doable. What do you say!? I love to hear from you. Regards martin – zero Jun 20 '20 at 20:48
  • 1
    @zero Generally yes, we can use `requetst` to login to Wordpress sites, and the code would be very similar to the one in my answer. But with this site there is a problem. The login form is protected by captcha, as far as I can tell. There are services that solve captchas but I can't recommend any of them because I haven't tested them. If you post a new question, you'll probably get more help – t.m.adam Jun 20 '20 at 22:35
  • many thanks for the reply and our hints.. - thats very good to hear from you,. probably we need to go with Selenium on that login, i also think that it uses Google reCaptcha V3 token when login. If think it's Browser then can maybe bypass it. guess selenium would help here: `from selenium import webdriver from selenium.webdriver.chrome.options import Options from selenium.webdriver.common.keys import Keys from bs4 import BeautifulSoup import time` and so forth... – zero Jun 21 '20 at 22:26
  • 1
    @zero I have the impression that it's not that easy to bypass Google reCaptcha v2 and v3, even with Selenium. See this post [How does recaptcha 3 know I'm using selenium/chromedriver?](https://stackoverflow.com/questions/55501524/how-does-recaptcha-3-know-im-using-selenium-chromedriver) for more details and possible solutions. Best of luck! – t.m.adam Jun 22 '20 at 20:04
  • @t.m.adam, is there any way to return true or false? `resp.text` returns the HTML code, but I want to get only true, or false. – Paul Viorel Feb 02 '22 at 12:37
  • @PaulViorel You mean something like a boolean `is_authenticated`? There are several ways to do that - check for a string in `.text`, check the `.url`, check for authenticated cookies in `s.cookies`. For example, this may work `is_authenticated = datas['wp-submit'] in resp.text`, because if the "wp-submit" field exists in the response, it probably means we're redirected to the login page – t.m.adam Feb 05 '22 at 00:59