HOW TO: Inject an admin user when you're locked out of WordPress wp-admin

October 12, 2019

PLEASE USE THIS GUIDE RESPONSIBLY

First, a disclaimer

We've all been there. I've lost access to the email address associated with my WordPress admin user, or just forgotten what it was altogether at least once one a month. I've also had clients accidentally remove me from the user list and head off for a month-long holiday. It's tricky to maintain a site when I can't get into wp-admin!

There are number of ways to add an administrator user account to a WordPress site without already having direct wp-admin access (many legitimate, many not so legitimate). For the purposes of this guide, I am sharing 3 distinct methods that require that you have one of the following:

  • MySQL/PHPmyadmin access
  • FTP/SFTP access
  • SSH/Command line access

If you don't have one of the above, you should contact your hosting company for information on how to get access. If the site or hosting does not belong to you, you should request that the owner of the site provides you with a login.

Alrighty! Let's get to it...

Method 1: Using PHPMyAdmin to add a user

The PHPMyAdmin is pretty straightforward, but the exact syntax to run your query can be a little tricky to get right if you don't deal with SQL queries everyday. First, use the form below to spit out the exact query you need to inject a user -then follow the steps to run the query inside PHPMyAdmin.

The MySQL query:

Here's a demo query for you to rewrite. You'll just need to swap any instances of WP_DATABASE_NAME, SITEADMINUSERNAME, [email protected] and A$tR0ngPA$$w0rd.

INSERT INTO `WP_DATABASE_NAME`.`wp_users` (`ID`, `user_login`, `user_pass`, `user_nicename`, `user_email`, `user_url`, `user_registered`, `user_activation_key`, `user_status`, `display_name`) VALUES ('9999999', 'SITEADMINUSERNAME', MD5('A$tR0ngPA$$w0rd'), 'SITEADMINUSERNAME', '[email protected]', '', '2011-06-07 00:00:00', '', '0', 'SITEADMINUSERNAME');

INSERT INTO `WP_DATABASE_NAME`.`wp_usermeta` (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, '4', 'wp_capabilities', 'a:1:{s:13:"administrator";s:1:"1";}');

INSERT INTO `WP_DATABASE_NAME`.`wp_usermeta` (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, '4', 'wp_user_level', '10');

Head your PHPMyAdmin dashboard and select the SQL tab, then paste the above code in the input box like this:

HOW TO: Inject an admin user when you're locked out of WordPress

Then click the Go button the bottom right. You should see this:

HOW TO: Inject an admin user when you're locked out of WordPress

You should now be able to login to your wordpress site like normal. Don't forget to update your email address and any other details you want on the Users -> Your Profile page.

Method 2: Using FTP & SFTP to add a user

We're going to make a plugin!

This method requires that you drop a PHP file in /wp-content/mu-plugins. You may need to create this directory if it doesn't already exist. The /wp-content/mu-plugins (or "must use plugins") folder behaves just like the vanilla /wp-content/plugins directory.

The only exception is that any plugin that lives there will be active by default. They cannot be deactivated (only deleted, or "physically" moved out to another directory).

Your plugin code:

<?php
// This adds the following admin user to your site on pageload
// Please delete this file once the user is created
// Should be placed in /wp-content/mu-plugins/add-admin-user.php


// Adds notice to delete this file on all wp-admin pages
function add_admin_notice__error() {
    $message = __( 'Please delete the /wp-content/mu-plugins/add-admin-user.php file and update your email address now that you\'re logged in.', 'add-admin-user-text' );

    printf( '<div class="notice notice-error"><p>%2$s</p></div>', esc_attr( $class ), esc_html( $message ) ); 
}
add_action( 'admin_notices', 'add_admin_notice__error' );

// Writes the admin user to the database
add_action( 'init', function () {
  
    $username = 'YOUR_USERNAME';
    $password = 'YOUR_PASSWORD';
    $email_address = 'YOUR_EMAIL_ADDRESS';
    if ( ! username_exists( $username ) ) {
        $user_id = wp_create_user( $username, $password, $email_address );
        $user = new WP_User( $user_id );
        $user->set_role( 'administrator' );
    }
}
);

Just copy and paste the above code, swap the YOUR_USERNAME, YOUR_PASSWORD and YOUR_EMAIL_ADDRESS variables and paste it into a file called add-admin-user.php in /wp-content/mu-plugins (the full file path should look like /wp-content/mu-plugins/add-admin-user.php)

DELETE THIS PlUGIN FILE IMMEDIATELY AFTER YOU'RE LOGGED IN

Method 3: Using SSH (command line) with WP CLI to add a user

If you have SSH - or command line - (and WP CLI is available in your server environment) you can simply run the following line, just change YOUR_USERNAME and [email protected] and YOUR_PASSWORD to your details:

wp user create YOUR_USERNAME [email protected] --role=administrator --user_pass="YOUR_PASSWORD"

You'll now be able to login.