WordPress makes it very easy to recover an account when the user has lost their password, but how to proceed if the user doesn\u2019t have admin access to their WordPress website?<\/span><\/p>\n\n\n\n Let\u2019s find out what options we have.<\/span><\/p>\n\n\n\n Obviously, the very first thing you should do is make sure the request is legit. How to do that is beyond the scope of this article but my point is that you should not blindly accept to do such work and that you should always make sure you\u2019re working with the website owner and not with a nefarious third party. Be smart!<\/p>\n\n\n\n Now that we have set this aside, let\u2019s discuss how we can approach this mess.<\/p>\n\n\n\n In order to help a customer in a situation as the one described above, you will probably end up needing access to their hosting control panel, or FTP access to their website. But even if such access is readily available, it is worth spending 5 minutes to try a couple of low-effort things first.<\/p>\n\n\n\n After all, why try to squeeze through the chimney or the basement window if the front door is left unlocked?<\/p>\n\n\n\n The thing I would do first in a situation like that is try to figure out if the customer does have admin access, but they have forgotten about it.<\/p>\n\n\n\n During installation, WordPress creates an admin account and \u2014 unless changed by hand \u2014 assigns it the username \u2018admin\u2019. I will attempt password recovery by going to the following URL:<\/p>\n\n\n\n Note<\/strong>: in this and subsequent code examples, I will be using the example.com domain; you should of course change that to your actual domain name.<\/p>\n\n\n\n If this account exists, WordPress will send an email with recovery instructions to the email address associated with it. If your customer is lucky, this email address belongs to them. Ask them to check their inbox. If they get a message with a recovery link in it, your job is done, but you will still bill them for the whole hour. Right?<\/p>\n\n\n\n However, it is very likely this attempt will fail with an \u201cError: There is no account with that username or email address\u201d message. It is a good security practice to assign a different username to the initial admin account, and these days all but the most incompetent sysadmins will have renamed it.<\/p>\n\n\n\n So let\u2019s try something else instead.<\/p>\n\n\n\n A default WordPress installation comes with a pre-published blog post called \u2018Hello World!\u2019. The authorship to this post is assigned to the admin user. Many WordPress themes that ship with some sample data do the same.<\/p>\n\n\n\n You could try opening the \u2018Hello World!\u2019 blog post which has the post ID of 1 by typing:<\/p>\n\n\n\n This URL links to the author page associated with the WordPress User ID of 1:<\/p>\n\n\n\n If the person responsible for the initial setup of this website has been careless or lazy, we have a chance to learn the username of the admin user from the authorship metadata.<\/p>\n\n\n\n The specific behavior of the blog post page and the author page is different depending on the theme and the customization settings. If you are lucky, it will show the author, and the author’s name might contain a link to their WordPress author page, like this:<\/p>\n\n\n\n You can try that username (someuser) to attempt password recovery and tell your customer to once again check their mailbox. If they get a recovery link, you will have been successful.<\/p>\n\n\n\n The stuff I described above will work only if whoever set up WordPress is an amateur or has been extremely careless. It is a universal security practice to never call the admin user \u2018admin\u2019, and most good WordPress developers will have put measures in place to block resource enumeration (that thing with ?author=1 we used).<\/p>\n\n\n\n Realistically speaking, the chances of recovering admin access using the tips above are very low. But since it only requires a trivial amount of time and effort to try, I feel obliged to try this first before attempting more effective but invasive measures.<\/p>\n\n\n\n For brevity, I will assume that the customer has already provided you with access to the web host control panel, or at the very least with FTP\/shell access. There are several ways to restore admin access to the WordPress dashboard:<\/p>\n\n\n\n 1. Create a new admin account I prefer creating a new account, but there are different real life possibilities that might make another option preferable. This is why I will show you how to perform all operations, and I will leave it up to you and your customer to decide which one to perform.<\/p>\n\n\n\n There are two ways to achieve our task, and they both involve modifying the WordPress database.<\/p>\n\n\n\n One method is to write several database queries and execute them via php file. It is quick and effective, but not really fun to write about. Also, it is highly specific to the task at hand \u2014 any knowledge you will obtain through using it will be limited to solving the same exact problem and nothing else.<\/p>\n\n\n\n My preferred method involves using a small GUI tool called Adminer (https:\/\/www.adminer.org). While I will use it to show you how to fix that particular issue (restore user access to the WordPress admin panel), I hope you will recognize the overall usefulness of that tool and add it to your bag of tricks.<\/p>\n\n\n\n Despite the horrible name (and a UI to match\u2026), Adminer is a very competent tool to work with MySQL\/MariaDB databases. Compared with phpMyAdmin, it has a simpler interface and requires no installation: all features are contained within a single PHP file that you can deploy and delete as needed.<\/p>\n\n\n\n Go to adminer.org and scroll down to the Downloads section. For this tutorial, I will grab the \u2018<\/strong>Adminer for MySQL, English only<\/strong><\/a>\u2018 version. The \u2018full\u2019 version supports other database engines and other interface languages which are of no use for the purpose of this tutorial.<\/p>\n\n\n\n Go ahead and grab that file, then save it to the root folder of the WordPress site you need to access. I prefer to rename the file to adm.php while I am at it, because it saves time typing the URL in the browser, and does not require remembering.<\/p>\n\n\n\n Note:<\/strong> By itself, Adminer is harmless. It can\u2019t do anything if you don\u2019t have the database name, db user name, and db user password. However, it does expose the database to the world, and somebody could<\/em> find a way to exploit that. That is why I take some additional precautions to restrict access to Adminer.<\/p>\n\n\n\n 1. I place Adminer into a random, 8-character directory under root where 123.123.123.123 is of course my actual IP address.<\/p>\n\n\n\n 3. I set a reminder to myself to delete the Adminer folder 24 hours after I am done using it.<\/p>\n\n\n\n After doing all of this, I try accessing Adminer from the browser:<\/p>\n\n\n\n Upon successful loading, Adminer greets me with the following underwhelming login screen:<\/p>\n\n\n\n To get past this screen, you need to provide the database name, db user and db password. You can get them from within the\u00a0 While viewing While a large number of WordPress sites use the default prefix \u2018wp_\u2019 to name their tables, there are many exceptions to this rule where the prefix is different or there is no prefix at all.<\/p>\n\n\n\n There are also cases where within the same database there are multiple tables with the same name but different prefixes (a plugin called WP Reset that makes database snapshots is notorious for that).<\/p>\n\n\n\n Throughout this tutorial, I assume that the tables use the standard prefix of wp_, but I recommend that you check out and take note just in case.<\/p>\n\n\n\n Going back to Adminer, I suggest that you tick the \u2018Permanent login\u2019 checkbox. It will store a cookie in your browser and add an automated login link to the left:<\/p>\n\n\n\n This will allow you to close and\/or restart your browser and resume work at leisure, without having to go back to \u201cI like the cover,\u201d he said. \u201cDon\u2019t Panic. It\u2019s the first helpful or intelligible thing anybody\u2019s said to me all day.\u201d When you see the main screen of Adminer for the first time, you might feel the urge to close the browser window and start running until you hit the ocean; then start swimming.<\/p>\n\n\n\n However, I am here to help you suppress that primal panic and do the thing you came to do. Adminer looks scary only the first time, and for a short amount of time; after you have seen how easy it is to use, you will warm up to it \u2014 I promise!<\/p>\n\n\n\n This one is non-negotiable. No matter how good you are with databases, and how much experience with WordPress you have, you should only proceed if you have a fresh backup.<\/p>\n\n\n\n However, you have a choice here: either export the whole<\/em> WordPress database, or only the tables on which we will be working (wp_users and wp_usermeta). This one I leave up to you to decide.<\/p>\n\n\n\n If you want to export the whole table, you need to click on Export in the top left corner and select output type, format, etc. Do not forget to tick the checkboxes next to Tables and Data below the export button!<\/p>\n\n\n\n This one makes more sense to me. As you will be working on a single table at a time (wp_users followed by wp_usermeta), you only need to make sure you don\u2019t break any of these two tables.<\/p>\n\n\n\n Scroll down the list to the left until you find the wp_users table and click on the select link to the left. You should see something like that (without the emojis that I have used to hide sensitive data, of course):<\/p>\n\n\n\n Before you proceed, let\u2019s do the backup first. Click on the checkbox next to the Modify column to select all rows, then select \u2018save\u2019 and \u2018sql\u2019 in the Export tab and click on the Export button to create an SQL file and save that in a safe location.<\/p>\n\n\n\n To add a new entry to that table, click on the \u2018New item\u2019 link at the top right.<\/p>\n\n\n\n Leave ID blank. It will auto-increment to the next lowest available number. Fill user_login<\/strong> (this is the username), user_nicename<\/strong>, user_email<\/strong> and display_name<\/strong>. Leave the rest blank for the time being.<\/p>\n\n\n\n You next need to create a password for the new user, and store the hash of that password in user_pass<\/strong>. For this, I use the very convenient WordPress Password Hash Generator<\/a> made available by CodeBeautify.org<\/a><\/p>\n\n\n\n When you click on the \u2018Random\u2019 button, the tool will issue a brand new random password for your new user, and will generate the hash record for it. Copy the hash (the long string that begins with $P$B) and paste it into user_pass<\/strong> within Adminer, then press \u2018Save\u2019 to create the new user record.<\/p>\n\n\n\n Important: <\/strong>Note the ID number assigned to that user \u2014 you will need it in a minute. Store the password as well.<\/p>\n\n\n\n We are almost there!<\/p>\n\n\n\n Your new user is created, but it has no role within WordPress just yet. To fix that, you must add two more records for that user: User Level<\/strong> and Capabilities<\/strong>. These details are kept in the table called wp_usermeta. You already know the drill: <\/p>\n\n\n\n 1. Locate wp_usermeta in the list on the left To assign User Level<\/strong>, you will create a new record (click on \u2018New item\u2019):<\/p>\n\n\n\n Leave umeta_id blank. For user_id<\/strong>, supply the ID number of the new user. For meta_key<\/strong>, supply the value To assign Capabilities<\/strong>, you will create another record.<\/p>\n\n\n\n For user_id<\/strong>, supply the ID number of the new user. For meta_key<\/strong>, supply the value <\/span>Disclaimer<\/span><\/h2>\n\n\n\n
<\/span>Restore Admin Access: Non-Invasive Attempts<\/span><\/h2>\n\n\n\n
https://example.com\/wp-login.php?action=lostpassword<\/code><\/pre>\n\n\n\n![\"Try](\"https:\/\/wpx.net\/blog\/wp-content\/uploads\/2022\/03\/lost-password-recovery-attempt.png\")
https://example.com\/?p=1<\/code><\/pre>\n\n\n\n https://example.com\/?author=1<\/code><\/pre>\n\n\n\nhttps://example.com\/author\/someuser<\/code><\/pre>\n\n\n\n<\/span>Success Rate<\/span><\/h3>\n\n\n\n
<\/span>Restoring Admin Access via FTP or the Hosting Control Panel<\/span><\/h2>\n\n\n\n
2. Reset the password of an existing admin account
3. Change the email address of an existing admin account (i.e. take over an account)
4. Promote an existing lower-level account to admin status<\/p>\n\n\n\n<\/span>Possible Solutions<\/span><\/h2>\n\n\n\n
<\/span>Where to Get Adminer<\/span><\/h2>\n\n\n\n
![\"\"](\"https:\/\/wpx.net\/blog\/wp-content\/uploads\/2022\/03\/adminer-mysql-english-only.png\")
<\/figure>\n\n\n\n
2. I limit access to that directory by creating a .htaccess file in it with the following contents:<\/p>\n\n\n\nOrder Deny,Allow\nDeny from all\nAllow from 123.123.123.123<\/code><\/pre>\n\n\n\nhttps://example.com\/{random-string}\/adm.php<\/code><\/pre>\n\n\n\n<\/span>Navigating Adminer<\/span><\/h3>\n\n\n\n
![\"\"](\"https:\/\/wpx.net\/blog\/wp-content\/uploads\/2022\/03\/adminer-login.png\")
<\/figure>\n\n\n\nwp-config.php<\/code>\u00a0<\/a>file that is located under the website root folder:<\/p>\n\n\n\n\/\/ ** MySQL settings - You can get this info from your web host ** \/\/\n\/** The name of the database for WordPress *\/\ndefine( 'DB_NAME', 'Database' );\n\/** MySQL database username *\/\ndefine( 'DB_USER', 'Username' );\n\/** MySQL database password *\/\ndefine( 'DB_PASSWORD', 'Password' );\n\/** MySQL hostname *\/\ndefine( 'DB_HOST', 'localhost' );<\/code><\/pre>\n\n\n\n<\/span>About WordPress Table Names<\/span><\/h2>\n\n\n\n
wp-config.php<\/code> to get the DB credentials, I also suggest that you scroll down and take note of the $table_prefix<\/code> setting.<\/p>\n\n\n\n\/**\n* WordPress Database Table prefix.\n*\n* You can have multiple installations in one database if you give each\n* a unique prefix. Only numbers, letters, and underscores please!\n*\/\n$table_prefix = 'wp_';<\/code><\/pre>\n\n\n\n<\/span>And now, back to our regularly scheduled programming<\/span><\/h3>\n\n\n\n
![\"\"](\"https:\/\/wpx.net\/blog\/wp-content\/uploads\/2022\/03\/adminer-login-saved.png\")
<\/figure>\n\n\n\nwp-config.php<\/code> to fetch the database settings.<\/p>\n\n\n\n<\/span>Don\u2019t Panic<\/span><\/h3>\n\n\n\n
\u2015 Douglas Adams, The Hitchhiker\u2019s Guide to the Galaxy<\/p>\n\n\n\n<\/span>First Things First: Backup the Database<\/span><\/h3>\n\n\n\n
<\/span>A. Full Export<\/span><\/h3>\n\n\n\n
![\"\"](\"https:\/\/wpx.net\/blog\/wp-content\/uploads\/2022\/03\/adminer-export-all.png\")
<\/figure>\n\n\n\n<\/span>B. Single Table Export<\/span><\/h3>\n\n\n\n
![\"\"](\"https:\/\/wpx.net\/blog\/wp-content\/uploads\/2022\/03\/wp-users-table-export-1024x352.png\")
<\/figure>\n\n\n\n<\/span>Solution 1: Create New User<\/span><\/h2>\n\n\n\n
![\"Restore](\"https:\/\/wpx.net\/blog\/wp-content\/uploads\/2022\/03\/wp-users-add-user.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/wpx.net\/blog\/wp-content\/uploads\/2022\/03\/codebeautify-wordpress-password-hash-generator-1024x268.png\")
<\/figure>\n\n\n\n
2. Click on \u2018select\u2019 to the left of the table name
3. Make a backup of that table
4. Add records (this time there will be two operations)<\/p>\n\n\n\n![\"\"](\"https:\/\/wpx.net\/blog\/wp-content\/uploads\/2022\/03\/wp-usermeta-userlevel.png\")
<\/figure>\n\n\n\nwp_user_level<\/code>. Set meta_value<\/strong> to 10. Press \u2018Save and insert next\u2019 to store the record and return to the same insert screen. Adminer will confirm insertion (\u2018Item xxx has been inserted\u2019).<\/p>\n\n\n\n![\"\"](\"https:\/\/wpx.net\/blog\/wp-content\/uploads\/2022\/03\/wp-usermeta-capabilities.png\")
<\/figure>\n\n\n\nwp_capabilities<\/code>. Set meta_value<\/strong> to a:1:{s:13:\"administrator\";b:1;}<\/code> and press \u2018Save\u2019 to store the record and gtfo.<\/p>\n\n\n\n
![\"\"](\"https:\/\/wpx.net\/blog\/wp-content\/uploads\/2022\/03\/wp_usermeta-existing-users-capabilities.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/wpx.net\/blog\/wp-content\/uploads\/2022\/03\/wp-users-filter-IDs.png\")
<\/figure>\n\n\n\n