Case Study: How To Recover Access To WordPress When You Are Locked Out
One of my maintenance clients came to me with a problem. He works for a company that has recently let their IT person go. In this post I’ll teach you how to recover access to WordPress when yo are locked out.
The login details for WordPress and Bluehost were handed over, but when my client’s team tried to login they could not.
They did not have access to the password recovery email, they did not know the passwords they were completely locked out.
Recovering Bluehost Access
I logged into my own bluehost account and stated a live chat with the support team. They were very understanding, I guess they see this problem a lot.
Their answer was to send a copy of the business license and a copy of the bank statement where the last bluehost payment came out to a special email address firstname.lastname@example.org.
You may think this is a step too far, but it’s not, you are getting access to an entire hosting account and asking for this level of verification seems fair to me.
My client sent them in with full details of the issue and a new user name and password was issued to them.
I’ve checked with some other hosting companies (Godaddy and WPEngine ) and they have similar processes in place, so the first stop is to contact yoru hsoting company and get their policy.
Here’s a link to WPEngine’s policy https://wpengine.com/support/recovering-access-user-portal-account/
Recovering WordPress Access
I love white hat hacking sh1t!
I’ve got quiet a few tools in my arsenal but my favourite is the adduser script. This script allows you to add a new admin level user to WordPress when you don’t have access.
The first thing to do is edit the script file and add your desired user name email and password. At the top you can see this section, replace your details
// CONFIG VARIABLES
// Make sure that you set these before running the file.
$newusername = ‘YOURUSERNAME’;
$newpassword = ‘YOURPASSWORD’;
$newemail = ‘YOUREMAIL@TEST.com’;
Upload it to the root of your site. Use ftp to access your site and copy the file there. If you are not sure what FTP is take my free course CPR for WordPress one of the modules is understanding FTP
Run the script by going to the URL https://yorudomain.com/adduser.php
Bingo a new user is created with admin privileges.
With great power comes great responsibility- Harry Potter, Lord of The Rings
This is a back door tool that grants you full access to a site, don’t mess around with this script, once you have created your new user delete the script. Wordfence has a check for users created outside of the admin console so you may get warnings about this user.
The client has full access to all their sites and everyone is happy. When I say happy, conent is probably the real feeling they had to pay my cnsulting fees to get things back 🙂
Wrap Up – How To Recover Access To WordPress When You Are Locked Out
There are always back doors to get back into your WordPress site.
Let’s hope it a white hat hacker like me getting in 🙂