diff --git a/modules/exploits/unix/webapp/wp_admin_shell_upload.rb b/modules/exploits/unix/webapp/wp_admin_shell_upload.rb
index ee800e3cebe2..6bf475daf80c 100644
--- a/modules/exploits/unix/webapp/wp_admin_shell_upload.rb
+++ b/modules/exploits/unix/webapp/wp_admin_shell_upload.rb
@@ -42,10 +42,10 @@ def initialize(info = {})
   def check
     cookie = wordpress_login(username, password)
     if cookie.nil?
-      store_valid_credential(user: username, private: password, proof: cookie)
       return CheckCode::Safe
     end
 
+    store_valid_credential(user: username, private: password, proof: cookie)
     CheckCode::Appears
   end