In a recent WordPress hack attack which we worked on and recovered, the owner’s WordPress administrator account was demoted to a user role, therefore the owner did not have any control over the WordPress installation. To regain back access to WordPress, we manually created a new WordPress user with an Administrator role directly in the database.
In this tutorial I will show you how to manually create a WordPress administrator in the WordPress database by using any of the following methods; MySQL command line (SQL queries), or via phpMyAdmin.
If you have access to your MySQL database server via command line, you can use the below SQL queries to create a new WordPress administrator in the database.
Below is the code to create a new admin account named ‘iyngaran’ with the password pass123. You may change any of the content in red to fit your needs, but leave all other data as is.
Note : In this code, the table prefix is ‘wp_’. You need to change the query, if you are using different table prefix before execute this query.
INSERT INTO `wp_users` (`user_login`, `user_pass`, `user_nicename`, `user_email`, `user_status`)
VALUES ('iyngaran', MD5('pass123'), 'firstname lastname', 'iyngaran@gmail.com', '0');
INSERT INTO `wp_usermeta` (`umeta_id`, `user_id`, `meta_key`, `meta_value`)
VALUES (NULL, (Select max(id) FROM wp_users), 'wp_capabilities', 'a:1:{s:13:"administrator";s:1:"1";}');
INSERT INTO `wp_usermeta` (`umeta_id`, `user_id`, `meta_key`, `meta_value`)
VALUES (NULL, (Select max(id) FROM wp_users), 'wp_user_level', '10');
You should see the message ‘1 row affected’ after each of the three SQL statements. This means the insertion ran smoothly. From here, visit your wordpress admin login area as normal and use the new admin login information. You should get to the admin interface without issue.