Creating a WordPress User when you don’t have an existing admin login to use
Posted on August 3, 2015
A long time ago we wrote a post on how to insert yourself into WordPress as an admin that has been very popular.
Just to be clear, this won’t help you hack a WordPress site. You have to have some kind of server level access to make use of any of these, but in our work we often have scenarios where we only have access to a server.
There are 3 quick ways to create a WordPress user from outside the WordPress dashboard.
Creating a WordPress user with WP CLI USER CREATE
My new favorite way is using WP CLI. This requires that WP CLI is installed on the server, but recently WP Engine started rolling out WP-CLI Support to Select Partners for Beta Testing.
It’s not just a WP Engine thing though, a few other hosts provide WP CLI support via shell access and if you’re running on your own server you can install it. You’re not likely to be able to install this yourself on shared hosting.
Assuming you do have access to WP CLI it’s as easy as SSH’ing into your server or using the WP Engine portal, and typing
wp user create name [email protected] --role=administrator
You can specify a password with –user_pass=”Password!” or if you don’t it’ll create a random and very secure password for you!
Create a WordPress user via MySQL
If you don’t have SSH access and WP CLI already installed the next quickest way is to insert a user via MySQL.
Here is the code snippet you can use,
SET @user_login := '9seeds';
SET @user_pass := 'muDAy2CUcTcuPnyCBXfqJysD';
SET @user_email := '[email protected]';
INSERT INTO `wp_users`
(`user_login`, `user_pass`, `user_email`, `user_registered`)
VALUES
(@user_login, MD5(@user_pass), @user_email, now());
SELECT @user_id := LAST_INSERT_ID();
INSERT INTO `wp_usermeta`
(`user_id`, `meta_key`, `meta_value`)
VALUES
(@user_id, 'wp_capabilities', 'a:1:{s:13:"administrator";b:1;}');
INSERT INTO `wp_usermeta`
(`user_id`, `meta_key`, `meta_value`)
VALUES
(@user_id, 'wp_user_level', '10');
Most hosts include PHPMyAdmin so you can just jump into there, select the database you want to insert a user into, then go to the SQL tab and paste this code in. Don’t forget to edit the values on the first three lines before clicking the Go button to run the SQL query.
Create a WordPress user via FTP
This used to be my favorite way because often all the access I was given to a site was FTP access and I was less comfortable with MySQL then I am these days.
You simply FTP to root directory of the site you need access to and create a new empty PHP file (or just “duplicate” an existing file and clear it out, that’s fine too).
Open up the file and insert the PHP code below. Again be sure you change the user, pass, and email values and save the edits to the file. Then, visit the file in
Once you’ve run the file once you should delete the file just to be safe.
<?php
/**
* Script to create administrator user in WordPress
*
* @package none
* @link https://9seeds.com/creating-a-wordpress-user-when-you-dont-have-an-existing-admin-login-to-use/
*/
$s9_password = 'PASSWORD';
$s9_username = '9seeds';
$s9_email = '[email protected]';
if ( 'PASSWORD' === $s9_password ) {
die;
}
require_once 'wp-blog-header.php';
if ( ! username_exists( $s9_username ) && ! email_exists( $s9_email ) ) {
$user_id = wp_create_user( $s9_username, $s9_password, $s9_email );
if ( is_int( $user_id ) ) {
$wp_user_object = new WP_User( $user_id );
$wp_user_object->set_role( 'administrator' );
echo 'Success!';
} else {
echo 'Error with wp_insert_user. No users were created.';
}
} else {
echo 'This user or email already exists. Nothing was done.';
}
That is it! 3 fairly easy ways to create a WordPress user when you don’t already have administrator level access to the WP dashboard.
What we tend to use when we work on client sites is to just log-in as one of the admin users. We have a little "hack" function that we just inject into the active theme's functions.php file. It basically just listens for a $_GET parameter(you can make this completely random and sometimes we also check the $_SERVER['REMOTE_ADDR'] to make this more secure) and if it's present, we attempt to log-in with(if not empty) the $_GET parameter's value as either a user ID or username or just find an Administrator user and log-in as them. Here's a gist of the code: https://gist.github.com/nikolov-tmw/72580c11411acbf2fe69 Fairly simple - you add it to functions.php(pro-tip: create an easy to remember macro in your favorite code editor :) ), go to the site, get logged-in, remove it from functions.php and you're happy :) I like it mostly because it doesn't create a new user in WordPress that you might have to delete later on. And also it gives you the ability to log-in as any user(as long as you know their ID/username) which could be useful for quick debugging(I prefer the User Switcher plugin if this is a more frequent necessity).
For the FTP method, is the code missing from this article?
Well that's embarrassing. Not sure what happened but I put it back in.
No worries :) Thank You!
Thanks for your snippet, Raz! It worked!
This was very helpful, thanks!
FYI, your WP-CLI command has a typo. You need to switch "create" and "user" places. Correct syntax: wp user create username email Your console screenshot has the correct syntax, but the snippet has the typo. Thanks!
Fixed thanks!