If you’re locked out of WordPress and can’t reset your password, the official docs list several options that allow you to access your administrator account again. But what if you want to create an entirely new admin user?

When developing a WordPress site, I typically create an admin user for the development team, set to a general email address, and then another user for the client. That way, the client can manage their own password and reset it when necessary, and we will still will have access for upgrades and changes. For blogs that I have FTP access to, but no working WordPress password, I threw together the following script to create admin users.

How to Use

  1. Change the configuration variables for username, password, and e-mail
  2. Save PHP file in your root WordPress directory
  3. Access the file via your web browser.
  4. You will see a message with the results. If successful, go ahead and delete the file from your server.
  5. Log in to WordPress!

Full Source Code

This was originally tested with WordPress 3.1.2. It should be working with all latest versions (4.x+):

Comments on this Article

  1. gins says:

    Hi,
    thank you for the script.

  2. Jordan says:

    it keeps giving me the whoops, Looks like you did not set a password, username or email. And i put the code in correctly

    • Josh says:

      Did you set the 3 config variables at the top? It will only throw that error if they’re set to the initial test values.

  3. RJS says:

    I can’t log into my WordPress site. I had help from Go Daddy reps, but nothing worked, including: resetting my password, and adding a new user. It says that I’m locked out for security reasons, but when I click on the reset password link, it takes me back to the login page. It says that they key is invalid. If you have any advice, I’d appreciate it. I don’t know what else to do. Thanks.

  4. Muhammad Ali says:

    Dear,
    I tried you code, but it gives the following error
    Call to undefined function get_user_by() in C:wampwwwwordpressregistrationwp-includesuser.php on line 1170
    Any help would be appreciated
    Thanks

    • Josh says:

      I would imagine this has something to do with your version of WordPress. What version are you running? If it’s older, it may not work. If it’s the latest version, perhaps the syntax/functions have changed and I’ll have to make an update.

  5. Muhammad Ali says:

    Thanks Josh
    I removed that error, by including the following files,
    require_once(‘wp-includes/registration.php’);
    require_once(‘wp-includes/pluggable.php’);

    Now i am using wp_insert_user() below is the code
    $displayname = $record->name ;
    $user_login = $record->user_name;
    $user_pass=$record->password;
    $user_email = $record->email;
    $userlevel = $record->userlevel;
    $user_pass=wp_generate_password(12,false);
    $myLastUserId = wp_insert_user( array (‘user_pass ‘ =>$user_pass,’user_login’=>$user_login,’user_email’=>$user_email,’role’=>$userlevel) ) ;

    The problem is now that, when user is created successfully i want to send as an email to the user containing user name and password, when i send user name and password is not working, when i change manually using MD5() the password in phpmyadmin in wp_users db table then user can be logged in with the password,
    I think there wp_create_user() uses some technique to store password other then MD5() , i googled alot but so for i did not find any help, so i want to send plain password from wp_users db table not encrypted.

    • Josh says:

      I’m not sure how WordPress encrypts it, but it is standard practice to store passwords in a database using 1-way encryption, not as plain text, for a whole lot of security reasons. So therefore you would not be able to retrieve and send the original password without doing some heavy modification to WordPress. Straight MD5 is not secure because most can be looked up on a rainbow table, so usually the password generation uses a salt, or some other more secure hashing algorithm.

  6. dev says:

    Thank for this script šŸ™‚

  7. Prasath Pree says:

    Great Script, thanks.

  8. jon says:

    somethings wrong, ie says file can’t be found, firefox say config variables aren’t set, but they are.

    • Josh says:

      Sounds like two issues there. Accessing the page wouldn’t be dependent on the browser unless you’re caching. I just set my 3 variables and tested on the latest version of WordPress, 3.5.1, and it’s still working.

  9. Paul says:

    Thanks, Josh! This worked for me. 3.5.2. What a great script!

  10. Patrick says:

    Thanks for this!!!

  11. Patrick says:

    Thanks!! Josh you are my angel. Finally I got my admin control back!! Thanks!!

  12. Dave says:

    Hey Josh,
    Thanks for this neat script. I came across it after spending hours looking for something similar. ToolPress’ WP Access All Areas appears to have gone amiss, and Yoast’s emergency.php requires a user to have the MySQL password.

    I am curious though as to the config variables…
    Under the commented out section of CONFIG these variables need to be changed to create the new user, but what is the second set of variables for under Make sure you set CONFIG variables?

    Thanks šŸ™‚

    • Josh says:

      It is referring to the CONFIG above. This is just a security precaution so that no one accidentally runs the file before setting a username, password, and email. It’s beginner and accident proof. I’m editing the post to clarify.

  13. Aaron says:

    Thank you for this, worked perfectly.

  14. Ciro says:

    Thanks, it worked perfectly straight out of the box, no changes needed.

  15. Lena says:

    This is very, very, clever! I might be much more excited about this than I probably should be. I have already used it three times in two day. AWESOME SAUCE! Thank you!

    • Josh says:

      I’m glad it was helpful!

  16. Rad says:

    Always have contractors forgetting to set up an admin account for me to use. This script is way easier than tapping in to the database and adding the user and usermeta directly.

    You might be able to make it more fool-proof if you let it only run once using get_option or something similar, and check the file creation date in case someone forgets to delete the file. But this sort of thing doesn’t NEED to be complicated! People just need to be smarter šŸ™‚

  17. RichardF says:

    Thnx.. nice script.

  18. Shauny says:

    YES! Worked a treat.

    Thanks.

  19. Jan says:

    You saved my life. Thank you.

  20. C says:

    You are a hero, my man – thank you for sharing!

  21. Joe says:

    Thanks mate, this is great!

  22. Sad Face says:

    Seems like WP 5.0 now blocks this script.

  23. Carlos says:

    Thanks to you very much. You are good people, Saved our time, solved and fix a great issue. Great.

    Works fine and much better than create in ddbb, works fine with wordpress 5.2.3

Leave a Reply

You can use the <pre> tag to post a block of code, or <code> to highlight code within text.