WordPress is one of the easiest blogging sites and its very easy to use and maintain, on top of that its an opensource free to use web application. It is easy to install, setup and got its own dashboard. Therefore, millions of websites are now powered by wordpress. Due to its high usage, hackers and malware keep attacking wordpress sites. Most of the attack will be due to unsecured web hosting, use of weak passwords, access to wp-admin, not updating wordpress and using nulled themes or plugins. The attackers may remove users or play with the database giving you no access to the dashboard.
In this blog, we’ll focus on creating a user and giving it a keymaster admin user role. This may be helpful if you have forgotten the password of the Keymaster / admin or you have lost the admin right due to the attackers. Note that you must have access to the admin right to the database of the wordpress site. The admin right should be provided by the web hosting company to the dashboard (Cpanel / Direct admin / custom hosting dashboard) from which you can update the MYSQL database of your wordpress website.
I’ll be using cpanel dashboard for this tutorial. so lets begin.
1. Go to your Webhosting panel [ Cpanel / Direct admin / custom hosting dashboard ]
I have been hosting my site in a Cpanel host therefore i’ll have a Webhost panel as https://yourblog/cpanel.
use the username and password providd by your hosting provider.
2. Navigate to phyMyadmin panel
Navigate to the Databases section in the dashboard and click on phpMyAdmin
3. Choose your WP database and navigate to wp-user table
Choose the right database of your wordpress site form the left panel.
4. Navigate to the user table
Expand the database of your wp website and expand the user table. [note: the default prefix of the tables would be “wp_” and the users table would appear as “wp_users” but if you have changed the prefix of the tables to custom prefix like “wppn_” it will appear like the one in the figure below]
5. Go to the Insert field and Start inserting the data for the new user
- ID – Value of this field must be kept empty
- user_login – Type the username
- user_pass – Add a password for the account. Select MD5 in the functions menu (Refer to the screenshot below).
- user_nicename – leave this field empty
- user_email – add the email address you want to use for this account.
- user_url – leave this field empty for now
- user_registered – select the date/time for when this user is registered.
- user_status – set this to 0.
- display_name – leave this field empty for now
- Click on the Go Button to submit (you should see a success message)
5. Go back to the users table and check the ID of the newly created field
Here, in our context the ID of the user we just created is 2. Keep the user ID in mind. The user is created but no role have been assigned to the user.
5. Navigate to table usermeta and insert a Magic Spell
Naviate to usermeta table with the prefix you have used for example “wp_usermeta” or like in my case “wppn_usermeta”. From the usermeta table go to the insert tab and use the following values in the wp_usermeta table and click Go.
- unmeta_id – Must be kept Blank
- user_id – This is the ID of the user we just created in the previous step. ii.e. ID = 2
- meta_key – type “wp_capabilities” in my case its “wppn_capabilities”
- meta_value – copy the following in the meta_value or the magis spell “a:1:s:13:”administrator”;s:1:”1″;} “
Now you can login to your dashboard as an administrator. Voila.!!!
WITh Great power comes Great responsibility