If you’re locked out of WordPress and can’t reset your password, the official docs list several options that allow you to access your administrator account again. But what if you want to create an entirely new admin user?

When developing a WordPress site, I typically create an admin user for the development team, set to a general email address, and then another user for the client. That way, the client can manage their own password and reset it when necessary, and we will still will have access for upgrades and changes. For blogs that I have FTP access to, but no working WordPress password, I threw together the following script to create admin users.

How to Use

  1. Change the configuration variables for username, password, and e-mail
  2. Save PHP file in your root WordPress directory
  3. Access the file via your web browser.
  4. You will see a message with the results. If successful, go ahead and delete the file from your server.
  5. Log in to WordPress!

Full Source Code

This was originally tested with WordPress 3.1.2. It should be working with all latest versions (3.8+):

Comments on this Article

  1. gins says:

    Hi,
    thank you for the script.

  2. Jordan says:

    it keeps giving me the whoops, Looks like you did not set a password, username or email. And i put the code in correctly

    • Josh says:

      Did you set the 3 config variables at the top? It will only throw that error if they’re set to the initial test values.

  3. RJS says:

    I can’t log into my WordPress site. I had help from Go Daddy reps, but nothing worked, including: resetting my password, and adding a new user. It says that I’m locked out for security reasons, but when I click on the reset password link, it takes me back to the login page. It says that they key is invalid. If you have any advice, I’d appreciate it. I don’t know what else to do. Thanks.

  4. Muhammad Ali says:

    Dear,
    I tried you code, but it gives the following error
    Call to undefined function get_user_by() in C:wampwwwwordpressregistrationwp-includesuser.php on line 1170
    Any help would be appreciated
    Thanks

    • Josh says:

      I would imagine this has something to do with your version of WordPress. What version are you running? If it’s older, it may not work. If it’s the latest version, perhaps the syntax/functions have changed and I’ll have to make an update.

  5. Muhammad Ali says:

    Thanks Josh
    I removed that error, by including the following files,
    require_once(‘wp-includes/registration.php’);
    require_once(‘wp-includes/pluggable.php’);

    Now i am using wp_insert_user() below is the code
    $displayname = $record->name ;
    $user_login = $record->user_name;
    $user_pass=$record->password;
    $user_email = $record->email;
    $userlevel = $record->userlevel;
    $user_pass=wp_generate_password(12,false);
    $myLastUserId = wp_insert_user( array (‘user_pass ‘ =>$user_pass,’user_login’=>$user_login,’user_email’=>$user_email,’role’=>$userlevel) ) ;

    The problem is now that, when user is created successfully i want to send as an email to the user containing user name and password, when i send user name and password is not working, when i change manually using MD5() the password in phpmyadmin in wp_users db table then user can be logged in with the password,
    I think there wp_create_user() uses some technique to store password other then MD5() , i googled alot but so for i did not find any help, so i want to send plain password from wp_users db table not encrypted.

    • Josh says:

      I’m not sure how WordPress encrypts it, but it is standard practice to store passwords in a database using 1-way encryption, not as plain text, for a whole lot of security reasons. So therefore you would not be able to retrieve and send the original password without doing some heavy modification to WordPress. Straight MD5 is not secure because most can be looked up on a rainbow table, so usually the password generation uses a salt, or some other more secure hashing algorithm.

  6. dev says:

    Thank for this script :)

  7. Prasath Pree says:

    Great Script, thanks.

  8. jon says:

    somethings wrong, ie says file can’t be found, firefox say config variables aren’t set, but they are.

    • Josh says:

      Sounds like two issues there. Accessing the page wouldn’t be dependent on the browser unless you’re caching. I just set my 3 variables and tested on the latest version of WordPress, 3.5.1, and it’s still working.

  9. Paul says:

    Thanks, Josh! This worked for me. 3.5.2. What a great script!

  10. Patrick says:

    Thanks for this!!!

Leave a Reply

You can use the <pre> tag to post a block of code, or <code> to highlight code within text.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>