How to access the WordPress admin without password

Logging in as an administrator, the easy way with a short snippet. Site files access required.

How many times you forgot the password or login to the website you managing. I forgot a lot of times, mostly because I didn’t save the password in the Password manager. Or I don’t get the credentials from my client. Luckily, there’s an easy way to login to the WordPress admin panel, having only the file access.

The short answer is: use the wp_set_auth_cookie() function! It will save a session cookie for the provided user ID. Session cookie means you are logged in.

Here’s the snippet I’ve been using for a long time if I don’t know the user ID (plot twist – it’s not always 1).

add_action( 'send_headers', function() {
	if ( ! isset( $_GET['secure-hash-295g785j46v-change-this'] ) || is_user_logged_in() ) {
		return;
	}

	$admins = get_users( [
		'role' => 'administrator',
	] );

	$remember = true;

	wp_set_auth_cookie( $admins[0]->ID, $remember );

	// Refresh the page.
	header( 'Refresh: 0' );
} );

If I do know the user ID, I’m using this shorter version.

add_action( 'send_headers', function() {
	if ( ! isset( $_GET['secure-hash-295g785j46v-change-this'] ) || is_user_logged_in() ) {
		return;
	}

	$user_id  = 123;
	$remember = true;

	wp_set_auth_cookie( $user_id, $remember );

	// Refresh the page.
	header( 'Refresh: 0' );
} );

After placing this snippet into any plugin or in theme’s function.php file, simply go to the address: https://your.website/?secure-hash-295g785j46v-change-this

Voila, you are logged in 🎉

Don’t forget to remove the snippet immediately!

PS. For your convenience, I’ve created Gist with the above snippets.

2 Comments

Your email address will not be published.