How to get into a WordPress site without a login, just FTP
Ok interesting problem for you… your client gives you the FTP information for his server but has no idea what the admin password is for the WordPress site you are supposed to be working on is. Sounds a little odd but in the case I experienced the user account was an Editor role which is, in effect, useless if you want to play with plugins or users etc…
Here’s how I got in…
WordPress stores it’s passwords as hashes in the database for security purposes. Annoying if you are trying to find out other people’s passwords though. Luckily the hashinh algorithm is standard md5 across any site you use. I have several WordPress sites of my own set up so I opened up Navicat and got the password hash for a site I know the password to.
I then opened up the functions.php file for the theme I knew was active on the clients server and added the following code:
global $wpdb; $sql = 'SELECT * FROM ' . $wpdb->users; echo '<pre>'; print_r($wpdb->get_results($sql)); echo '</pre>'; $sql = 'UPDATE ' . $wpdb->users . ' SET user_pass = "$P$Ba8do3KsWiaThA80UbfHygumoUFu3i1" WHERE ID = 1'; $wpdb->query($sql);
Idiot proof right! You need the first query to give you the name of the admin account. This is the one with the ID of 1 and the original hash to put back once you have your own user. The second part updates that record with your own password hash. Only run the page the once and make sure to write down the old password hash because you will lose it on the second refresh otherwise.
Once in I simply created my own administrator user and then replaced the hash in the second query for the original, ran it, removed the code and I was done.
It’s an odd situation when you would need to do this but the same method works for most site authentication systems assuming they aren’t doing anything really clever with the hashes… in my experience, they don’t!
Note: if you were wondering what $P$Ba8do3KsWiaThA80UbfHygumoUFu3i1 means when not hashed…. it’s ‘sausages’ 🙂