WordPress emergency admin

I received an emergency call from a client, his WordPress site didn't work. None of the logins either. Well, here's another script to the rescue if all you have left is an ftp login or some other way to upload files. It will create a new admin user with the credentials you specify. Upload this file to the wp-content/mu-plugins/ directory, create it if necessary. The script will only run if you enter your IP address, and you will have to delete the script after it has created the new user.

Raw
<?php
/**
 * Upload to wp-content/mu-plugins/whichevernameyoulike.php
 */
$login = 'foobar'; # New username
$password = 'barbaz'; # Password for the new user
$email = 'you@example.com'; # Email address of the new user
$ip = '127.0.0.1'; # Insert your IP, http://google.com/search?&q=what%20is%20my%20ip

if ($_SERVER['REMOTE_ADDR'] === $ip) {
    require_once(ABSPATH . WPINC . '/pluggable.php');
    require_once(ABSPATH . 'wp-admin/includes/' . 'user.php');

    $userdata = array(
        'user_login' => $login,
        'user_pass' => $password,
        'user_email' => $email,
        'role' => 'administrator',
    );
    $user_id = wp_insert_user($userdata);
    var_dump($user_id);
    die('delete me!');
}

19 comments

  1. avatar
    wrote this comment on
    Thanks, but how do I "upload to the plug-in directory"? Do I need FTP? I have never used that for WP. Thanks! Carol
  2. avatar
    wrote this comment on
    Yes, you need FTP. Your hoster should provide the information you need. Make sure to read the script, and to modify the necessary values.
  3. avatar
    wrote this comment on
    Hello, thanks for the script. I follow all you advices but it doesn't work. I create the directory, i modified the login, the password, i indicate my email and my IP adress but it seems there is a problem on the line 12. What can i do ?
  4. avatar
    wrote this comment on
    What's the error message?
  5. avatar
    wrote this comment on
    Thank you Nicholas .. I tried using it and the method was successful. Though I am not a technical guy who loves to code but the way you have explained it; it is pretty simple to use. Thank again for your help. My comments: Everyone must delete this file after resetting the password. Cheers! Pankaj
  6. avatar
    wrote this comment on
    Thank you for posting this Nicolas. I'm having a bit of trouble getting it to run I'm hoping you can shed some insight on. I'm getting an "access denied" message when I try to run it. I even tried renaming index.php and replacing it with the script file but still get the error. This is on an internal NAS device that I have admin rights on...... not the url above...the form just required a valid one, so I used the public site (no scripts there) Any ideas? Thank you, -Ed G.
  7. avatar
    wrote this comment on
    Same here. It says something about pluggable.php. I'm desperate to recover the password of a wordpress site that I can't recall and no way I can retrieve it via email (it says the key is invalid) or via myphpadmin trying to update the user_pass field. Thanks for your help! Claudio
  8. avatar
    wrote this comment on
    What's the error message?
  9. avatar
    wrote this comment on
    Dear Nicolas, Just wanted to say thank you for your script. After my site was automatically upgraded to 4.2.3, I found ads plastered all over the site. Not good - I use my site for potential employers. I then found I could no longer log in to wordpress. The "forgot password" link would not work - I received no emails. After two very frustrating days I found your script, used it to create a new admin user. Logged in successfully, found out my site had been hacked - ad script inserted on every page, and the email address for my account changed. All now back to normal. Merci beaucoup - very much appreciated.
  10. avatar
    wrote this comment on
    It worked successfully! I had to create a directory named "mu-plugins" under the "wp-content", as you suggested. After I uploaded the file and accessed wp-admin, it said "int(3) delete me!" so I deleted the file, then I accessed the wp-admin again. Then I logged in with the new username and password!! Thank you so much, Nicolas!!!
  11. avatar
    wrote this comment on
    Hello Nicolas, thank you very much for your efforts. Unfortunately the script seems not to work in my WP 4. I am only having sftp access, no shell access because it is a web hosting package. And also no error messages. What can I do in order to run the script? I have requested the ip using nslookup, created mu-plugin and uploaded the script with modified parameters. Best regards Peter
  12. avatar
    wrote this comment on
    How should I name the script?
  13. avatar
    wrote this comment on
    If by chance you happen to catch this... Thank you for helping! Should I take the # symbol out before putting the name, ip, address, password, etc.? If you could make a script that has shows what it looks like in action that would be very helpful. Many thanks, Sam
  14. avatar
    wrote this comment on
    Hi Sam, the text behind the # symbols are comments, you can remove them if you like. But PHP will ignore them anyway.
  15. avatar
    wrote this comment on
    Thank you so much for this script Nicholas! I was getting very nervous about not being able to log on to my site. I believe the password generator on the WordPress panel is too quick, there should be a better safety net before a password is changed. That's what happened to me, I accidentally generated a new password, logged out and boom. Luckily I found your info and it worked. Thanks again!
  16. avatar
    wrote this comment on
    I added the script, loaded it into wp-content/mu-plugins/ directory, but how do i get it to run?
  17. avatar
    wrote this comment on
    The script always runs. You probably forgot to add your ip address to the header?
  18. avatar
    wrote this comment on
    Worked like a charm. Lifesaver! Thanx
  19. avatar
    wrote this comment on
    It worked with the output 'init(3) - delete me!' (without the quote marks) - for some reason I expected an email to be sent to the email address that I provided but that did not happen. I then removed the script and tried to log in using the new username and password. I might have tried to access the SQL database but I neither have shell access nor access to PHP Admin, just the file manager of the cpanel installation of my web space. Thank you and cheers. WP 4.7.3 .

Reply

Cancel reply
Markdown. Syntax highlighting with <code lang="php"><?php echo "Hello, world!"; ?></code> etc.
DjangoPythonBitcoinTuxDebianHTML5 badgeSaltStackUpset confused bugMoneyHackerUpset confused bugX.OrggitFirefoxWindowMakerBashIs it worth the time?i3 window managerWagtailContainerIrssiNginxSilenceUse a maskWorldInternet securityPianoFontGnuPGThunderbirdJenkinshome-assistant-logo