If you’re locked out of WordPress and can’t reset your password, the official docs list several options that allow you to access your administrator account again. But what if you want to create an entirely new admin user?
When developing a WordPress site, I typically create an admin user for the development team, set to a general email address, and then another user for the client. That way, the client can manage their own password and reset it when necessary, and we will still will have access for upgrades and changes. For blogs that I have FTP access to, but no working WordPress password, I threw together the following script to create admin users.
How to Use
- Change the configuration variables for username, password, and e-mail
- Save PHP file in your root WordPress directory
- Access the file via your web browser.
- You will see a message with the results. If successful, go ahead and delete the file from your server.
- Log in to WordPress!
Full Source Code
This was originally tested with WordPress 3.1.2. It should be working with all latest versions (4.x+):
Hi,
thank you for the script.
it keeps giving me the whoops, Looks like you did not set a password, username or email. And i put the code in correctly
Did you set the 3 config variables at the top? It will only throw that error if they’re set to the initial test values.
I can’t log into my WordPress site. I had help from Go Daddy reps, but nothing worked, including: resetting my password, and adding a new user. It says that I’m locked out for security reasons, but when I click on the reset password link, it takes me back to the login page. It says that they key is invalid. If you have any advice, I’d appreciate it. I don’t know what else to do. Thanks.
You may want to try completely clearing your cache and cookies (or trying logging in from a different browser).. I can’t think of anything else that would prevent logging in with a brand new user, besides modification to the files or interfering plugins. For more help, check with the WP forums.
Dear,
I tried you code, but it gives the following error
Call to undefined function get_user_by() in C:wampwwwwordpressregistrationwp-includesuser.php on line 1170
Any help would be appreciated
Thanks
I would imagine this has something to do with your version of WordPress. What version are you running? If it’s older, it may not work. If it’s the latest version, perhaps the syntax/functions have changed and I’ll have to make an update.
Thanks Josh
I removed that error, by including the following files,
require_once(‘wp-includes/registration.php’);
require_once(‘wp-includes/pluggable.php’);
Now i am using wp_insert_user() below is the code
$displayname = $record->name ;
$user_login = $record->user_name;
$user_pass=$record->password;
$user_email = $record->email;
$userlevel = $record->userlevel;
$user_pass=wp_generate_password(12,false);
$myLastUserId = wp_insert_user( array (‘user_pass ‘ =>$user_pass,’user_login’=>$user_login,’user_email’=>$user_email,’role’=>$userlevel) ) ;
The problem is now that, when user is created successfully i want to send as an email to the user containing user name and password, when i send user name and password is not working, when i change manually using MD5() the password in phpmyadmin in wp_users db table then user can be logged in with the password,
I think there wp_create_user() uses some technique to store password other then MD5() , i googled alot but so for i did not find any help, so i want to send plain password from wp_users db table not encrypted.
I’m not sure how WordPress encrypts it, but it is standard practice to store passwords in a database using 1-way encryption, not as plain text, for a whole lot of security reasons. So therefore you would not be able to retrieve and send the original password without doing some heavy modification to WordPress. Straight MD5 is not secure because most can be looked up on a rainbow table, so usually the password generation uses a salt, or some other more secure hashing algorithm.
Thank for this script š
Great Script, thanks.
somethings wrong, ie says file can’t be found, firefox say config variables aren’t set, but they are.
Sounds like two issues there. Accessing the page wouldn’t be dependent on the browser unless you’re caching. I just set my 3 variables and tested on the latest version of WordPress, 3.5.1, and it’s still working.
Thanks, Josh! This worked for me. 3.5.2. What a great script!
Thanks for this!!!
Thanks!! Josh you are my angel. Finally I got my admin control back!! Thanks!!
Hey Josh,
Thanks for this neat script. I came across it after spending hours looking for something similar. ToolPress’ WP Access All Areas appears to have gone amiss, and Yoast’s emergency.php requires a user to have the MySQL password.
I am curious though as to the config variables…
Under the commented out section of
CONFIG
these variables need to be changed to create the new user, but what is the second set of variables for underMake sure you set CONFIG variables
?Thanks š
It is referring to the CONFIG above. This is just a security precaution so that no one accidentally runs the file before setting a username, password, and email. It’s beginner and accident proof. I’m editing the post to clarify.
Thank you for this, worked perfectly.
Thanks, it worked perfectly straight out of the box, no changes needed.
This is very, very, clever! I might be much more excited about this than I probably should be. I have already used it three times in two day. AWESOME SAUCE! Thank you!
I’m glad it was helpful!
Always have contractors forgetting to set up an admin account for me to use. This script is way easier than tapping in to the database and adding the user and usermeta directly.
You might be able to make it more fool-proof if you let it only run once using get_option or something similar, and check the file creation date in case someone forgets to delete the file. But this sort of thing doesn’t NEED to be complicated! People just need to be smarter š
Thnx.. nice script.
YES! Worked a treat.
Thanks.
You saved my life. Thank you.
You are a hero, my man – thank you for sharing!
Thanks mate, this is great!
Seems like WP 5.0 now blocks this script.
Thanks to you very much. You are good people, Saved our time, solved and fix a great issue. Great.
Works fine and much better than create in ddbb, works fine with wordpress 5.2.3