I recently was helping a friend with their friend’s WordPress installation that they were having problems logging into. No problem, I thought, this should be easy. Unfortunately, all I had been given was the FTP login for the account. I lacked was a login to the actual WordPress system.
The challenge: un-hack their WordPress then login and make sure everything is cool. The FTP part was easy – I just re-installed WordPress’ core files. I could go on here about why its important to keep your WordPress up to date, but I’ve done that before.
Since the person whose blog this is was out of the country, I couldn’t contact them to get a login, and since they were having login troubles anyway due to the hack, we were kind of stuck.
One of the things I like about WordPress is that it’s user-friendly for end-users, but underneath the hood is a pretty serious framework. I’m constantly finding new features, functions and calls to do things I want WordPress to do that it might not ordinarily by default.
In my case, I needed to get a user into WordPress. After some poking around and reading documentation, I found a WordPress function, wp_insert_user
, which will put a user into the system. I found you couldn’t just call this from a post or a page, but I found wrapping it in a function, putting it in the functions.php file of the theme and calling it on page_init worked pretty well. Here’s the code:
function ft_insert_user(){ $newUserData = array ( 'ID' => '', 'user_pass' => wp_generate_password(), 'user_login' => 'mike', 'user_nicename' => 'mike', 'user_url' => '', 'user_email' => 'mike@highedwebtech.com', 'display_name' => 'Mike', 'nickname' => 'Mike', 'first_name' => 'Mike', 'user_registered' => '2011-10-16 08:54:47', 'role' => 'Administrator' ); $newUserId = wp_insert_user( $newUserData ); } add_action( 'wp_head', 'ft_insert_user' );
The trick with this is I let WordPress generate me a password. I didn’t get a password in my email, but it was easily reset and I was able to login. However, I wasn’t an admin (I’m sure my code about could be better.) After some Googling, I found this PHP script which can be run outside of WordPress (but in your web root) that will assign a specific role to a specific user. This script assumes you know your user ID.
<?php /* * Updates user role using WordPress function wp_update_user. * * Simple script to be run at webroot. Update user_id and new_role to taste * and run as regular PHP file on command line. * * @package WordPress */ require( './wp-load.php' ); // id of user to update $user_id = 2; /* * Basic list of user roles * * administrator * editor * author * contributor * subscriber * */ // user role to update to $new_role = 'administrator'; // update user role using wordpress function wp_update_user( array ('ID' => $user_id, 'role' => $new_role ) ) ; ?>
Now, I was an admin user and could check the theme and all other settings that are available to administrators, including installing plugins, starting with Better WP Security, developed by higher ed’s own Chris Wiegman.
The thing to remember is that with method, you need to have FTP or shell access to the area that contains the theme or web root. You can’t just use these functions on any WordPress site.