11 May2011

Create a New WordPress Admin User from PHP

Posted in Web Development by with 13 Comments

TAGS:

Tags: ,

If you’re locked out of WordPress and can’t reset your password, the official docs list several options that allow you to access your administrator account again. But what if you want to create an entirely new admin user? When developing a WordPress site, I typically create an admin user for the development team, set to a general email address, and then another user for the client. That way, the client can manage their own password and reset it when necessary, and we will still will have access for upgrades and changes. For blogs that I have FTP access to, but no working WordPress password, I threw together the following script to create admin users.

How to Use

  1. Change the configuration variables for username, password, and e-mail
  2. Save PHP file in your root WordPress directory
  3. Access the file via your web browser.
  4. You will see a message with the results. If successful, go ahead and delete the file from your server.
  5. Log in to WordPress!

Full Source Code

This is tested with WordPress 3.1.2:

// ADD NEW ADMIN USER TO WORDPRESS
// ----------------------------------
// Put this file in your Wordpress root directory and run it from your browser.
// Delete it when you're done.

require_once('wp-blog-header.php');
require_once('wp-includes/registration.php');

// CONFIG
$newusername = 'YOURUSERNAME';
$newpassword = 'YOURPASSWORD';
$newemail = 'YOUREMAIL@TEST.com';

// Make sure you set CONFIG variables
if ( $newpassword != 'YOURPASSWORD' &&
   $newemail != 'YOUREMAIL@TEST.com' &&
   $newusername !='YOURUSERNAME' )
{
  // Check that user doesn't already exist
  if ( !username_exists($newusername) && !email_exists($newemail) )
  {
    // Create user and set role to administrator
    $user_id = wp_create_user( $newusername, $newpassword, $newemail);
    if ( is_int($user_id) )
    {
      $wp_user_object = new WP_User($user_id);
      $wp_user_object->set_role('administrator');
      echo 'Successfully created new admin user. Now delete this file!';
    }
    else {
      echo 'Error with wp_insert_user. No users were created.';
    }
  }
  else {
    echo 'This user or email already exists. Nothing was done.';
  }
}
else {
  echo 'Whoops, looks like you did not set a password, username, or email';
  echo 'before running the script. Set these variables and try again.';
}

Post discussion

13 Responses to “Create a New WordPress Admin User from PHP”

  • gins June 15, 2011 Reply to

    Hi,
    thank you for the script.
  • Jordan October 17, 2011 Reply to

    it keeps giving me the whoops, Looks like you did not set a password, username or email. And i put the code in correctly

    • Josh October 17, 2011

      Did you set the 3 config variables at the top? It will only throw that error if they’re set to the initial test values.
  • RJS January 16, 2012 Reply to

    I can’t log into my WordPress site. I had help from Go Daddy reps, but nothing worked, including: resetting my password, and adding a new user. It says that I’m locked out for security reasons, but when I click on the reset password link, it takes me back to the login page. It says that they key is invalid. If you have any advice, I’d appreciate it. I don’t know what else to do. Thanks.
  • Muhammad Ali May 4, 2012 Reply to

    Dear,
    I tried you code, but it gives the following error
    Call to undefined function get_user_by() in C:\wamp\www\wordpressregistration\wp-includes\user.php on line 1170
    Any help would be appreciated
    Thanks
    • Josh May 7, 2012

      I would imagine this has something to do with your version of WordPress. What version are you running? If it’s older, it may not work. If it’s the latest version, perhaps the syntax/functions have changed and I’ll have to make an update.
  • Muhammad Ali June 4, 2012 Reply to

    Thanks Josh
    I removed that error, by including the following files,
    require_once(‘wp-includes/registration.php’);
    require_once(‘wp-includes/pluggable.php’);

    Now i am using wp_insert_user() below is the code
    $displayname = $record->name ;
    $user_login = $record->user_name;
    $user_pass=$record->password;
    $user_email = $record->email;
    $userlevel = $record->userlevel;
    $user_pass=wp_generate_password(12,false);
    $myLastUserId = wp_insert_user( array (‘user_pass ‘ =>$user_pass,’user_login’=>$user_login,’user_email’=>$user_email,’role’=>$userlevel) ) ;

    The problem is now that, when user is created successfully i want to send as an email to the user containing user name and password, when i send user name and password is not working, when i change manually using MD5() the password in phpmyadmin in wp_users db table then user can be logged in with the password,
    I think there wp_create_user() uses some technique to store password other then MD5() , i googled alot but so for i did not find any help, so i want to send plain password from wp_users db table not encrypted.
    • Josh June 6, 2012

      I’m not sure how WordPress encrypts it, but it is standard practice to store passwords in a database using 1-way encryption, not as plain text, for a whole lot of security reasons. So therefore you would not be able to retrieve and send the original password without doing some heavy modification to WordPress. Straight MD5 is not secure because most can be looked up on a rainbow table, so usually the password generation uses a salt, or some other more secure hashing algorithm.
  • dev November 10, 2012 Reply to

    Thank for this script :)

  • Prasath Pree December 3, 2012 Reply to

    Great Script, thanks.
  • jon May 29, 2013 Reply to

    somethings wrong, ie says file can’t be found, firefox say config variables aren’t set, but they are.
    • Josh May 29, 2013

      Sounds like two issues there. Accessing the page wouldn’t be dependent on the browser unless you’re caching. I just set my 3 variables and tested on the latest version of WordPress, 3.5.1, and it’s still working.

Leave a comment

Mandatory Social Networking Icons

Subscribe to the blog via RSS, join my LinkedIn network, or follow me on Twitter. Email me using the contact form.

  • Blog RSS Feed
  • LinkedIn Profile
  • Twitter Page
Looking for something?

This search box may or may not be able to help you.