We’ve all been there: You have a website that is running well for a while. Then you want to install some updates or change some text on the home page. But when you arrive at the WordPress „wp-login.php“ page you cannot even remember the username of your WordPress admin account… So, here is the solution to quickly log into your WordPress dashboard without knowing the username or the password.
For now, we’ll have a look at two ways to login into your WordPress site: First one is to reset the users‘ password via the Database; for this, you need access to your sites MySQL database (e.g. via phpMyAdmin).
For the second alternative, we add a small script via FTP to bypass the WordPress login mechanism.
1. Reset Password via DB
Even when you have access to your WordPress database, you can discover valid user names (and email addresses), but there’s no way to find out the users passwords. However, you can use the Database to insert a new password for a specific user. Note, that this approach will permanently reset the users password.
First, you need to create a Password-Hash that you can insert into the Database. You can use this online tool to create an MD5 password hash.
For example, the password „secure“ has an MD5 hash of „1c0b76fce779f78f51be339c49445c49“.
You simply insert this value into the column „user_password“ in your wp_users table for the user you want to log in with. A sample SQL query might look like this:
Note: This will reset the password of the user. You can now log in with the new password. However, all login cookies of this user will become invalid.
When you want to revert the password to the old value, simply reset the user_password field to the previous value (for example, when you need to make a quick change for a client without knowing his password)
2. Bypass the WordPress login logic
This is a more elegant solution when you only need temporary access to the website, since it does not alter any details in the database. Clients can still log in with their password, while you can log in with a different password. Cool, right?
For this, you need access to the FTP account of the website. You have to upload the scripts into the „/
The first script here will disable the password check. You only need to enter a valid user name and press the Login button. As this is highly insecure on production sites, you should use this script with great care!
The second script here does a slightly different job: It requires a small change in wp-config.php where you define a custom login-name and password. The file also belongs into the „/wp-content/mu-plugins“ folder. This enables you to use your hardcoded username and password to log in as the default sites administrator.