WordPress emergency admin

I received an emergency call from a client, his WordPress site didn't work. None of the logins either. Well, here's another script to the rescue if all you have left is an ftp login or some other way to upload files. It will create a new admin user with the credentials you specify. Upload this file to the wp-content/mu-plugins/ directory, create it if necessary. The script will only run if you enter your IP address, and you will have to delete the script after it has created the new user.

<?php
/**
 * Upload to wp-content/mu-plugins/whichevernameyoulike.php
 */
$login = 'foobar'; # New username
$password = 'barbaz'; # Password for the new user
$email = 'you@example.com'; # Email address of the new user
$ip = '127.0.0.1'; # Insert your IP, http://google.com/search?&q=what%20is%20my%20ip

if ($_SERVER['REMOTE_ADDR'] === $ip) {
    require_once(ABSPATH . WPINC . '/pluggable.php');
    require_once(ABSPATH . 'wp-admin/includes/' . 'user.php');

    $userdata = array(
        'user_login' => $login,
        'user_pass' => $password,
        'user_email' => $email,
        'role' => 'administrator',
    );
    $user_id = wp_insert_user($userdata);
    var_dump($user_id);
    die('delete me!');
}
Published on Oct. 14, 2014 at 4:07 p.m. by Nicolas and tagged admin, WordPress. You can follow the discussion with the comment feed for this post. Feeling generous? Donate!

18 comments

  1. avatar
    wrote this comment on
    Thanks, but how do I "upload to the plug-in directory"?
    Do I need FTP? I have never used that for WP.
    Thanks!
    Carol
    1. avatar
      wrote this comment on
      Yes, you need FTP. Your hoster should provide the information you need. Make sure to read the script, and to modify the necessary values.
  2. avatar
    wrote this comment on
    Hello,
    thanks for the script.
    I follow all you advices but it doesn't work.
    I create the directory, i modified the login, the password, i indicate my email and my IP adress but it seems there is a problem on the line 12.
    What can i do ?
    1. avatar
      wrote this comment on
      What's the error message?
      1. avatar
        wrote this comment on
        Same here.
        It says something about pluggable.php.
        I'm desperate to recover the password of a wordpress site that I can't recall and no way I can retrieve it via email (it says the key is invalid) or via myphpadmin trying to update the user_pass field.

        Thanks for your help!
        Claudio
        1. avatar
          wrote this comment on
          What's the error message?
  3. avatar
    wrote this comment on
    Thank you Nicholas .. I tried using it and the method was successful. Though I am not a technical guy who loves to code but the way you have explained it; it is pretty simple to use.

    Thank again for your help.

    My comments: Everyone must delete this file after resetting the password.

    Cheers!
    Pankaj
  4. avatar
    wrote this comment on
    Thank you for posting this Nicolas. I'm having a bit of trouble getting it to run I'm hoping you can shed some insight on. I'm getting an "access denied" message when I try to run it. I even tried renaming index.php and replacing it with the script file but still get the error.

    This is on an internal NAS device that I have admin rights on...... not the url above...the form just required a valid one, so I used the public site (no scripts there)

    Any ideas?

    Thank you,

    -Ed G.
  5. avatar
    wrote this comment on
    Dear Nicolas,

    Just wanted to say thank you for your script.

    After my site was automatically upgraded to 4.2.3, I found ads plastered all over the site. Not good - I use my site for potential employers. I then found I could no longer log in to wordpress. The "forgot password" link would not work - I received no emails.

    After two very frustrating days I found your script, used it to create a new admin user. Logged in successfully, found out my site had been hacked - ad script inserted on every page, and the email address for my account changed.

    All now back to normal.

    Merci beaucoup - very much appreciated.
  6. avatar
    wrote this comment on
    It worked successfully!
    I had to create a directory named "mu-plugins" under the "wp-content", as you suggested. After I uploaded the file and accessed wp-admin, it said "int(3) delete me!" so I deleted the file, then I accessed the wp-admin again. Then I logged in with the new username and password!!

    Thank you so much, Nicolas!!!
  7. avatar
    wrote this comment on
    Hello Nicolas,

    thank you very much for your efforts. Unfortunately the script seems not to work in my WP 4. I am only having sftp access, no shell access because it is a web hosting package. And also no error messages. What can I do in order to run the script? I have requested the ip using nslookup, created mu-plugin and uploaded the script with modified parameters.

    Best regards
    Peter
    1. avatar
      wrote this comment on
      How should I name the script?
  8. avatar
    wrote this comment on
    If by chance you happen to catch this...

    Thank you for helping!

    Should I take the # symbol out before putting the name, ip, address, password, etc.?

    If you could make a script that has shows what it looks like in action that would be very helpful.

    Many thanks,
    Sam
    1. avatar
      wrote this comment on
      Hi Sam, the text behind the # symbols are comments, you can remove them if you like. But PHP will ignore them anyway.
  9. avatar
    wrote this comment on
    Thank you so much for this script Nicholas! I was getting very nervous about not being able to log on to my site. I believe the password generator on the WordPress panel is too quick, there should be a better safety net before a password is changed. That's what happened to me, I accidentally generated a new password, logged out and boom. Luckily I found your info and it worked. Thanks again!
  10. avatar
    wrote this comment on
    I added the script, loaded it into wp-content/mu-plugins/ directory, but how do i get it to run?
    1. avatar
      wrote this comment on
      The script always runs. You probably forgot to add your ip address to the header?
  11. avatar
    wrote this comment on
    Worked like a charm. Lifesaver!

    Thanx

Start a new thread

Cancel reply
Markdown. Syntax highlighting with <code lang="php"><?php echo "Hello, world!"; ?></code> etc.