WordPress password forgotten? Part 1 (using SSH)

According to Wikipedia, WordPress is the worlds most popular blogging software. Approximately 19% of all websites run WordPress. I cannot count the times I installed and configured WordPress. It is easy to customize using plugins, which make it do almost anything you can dream of. NB: This site runs WordPress as well.

Sometimes you come across a WordPress instance you installed a long time ago and you have forgotten the administrator username and/or password. This has actually happened to me a few times already. In this case, you can run the script below on the web servers SSH shell. It allows you to find the user and reset the password and reset the user to have the ‘Administrator’ role.

In Part 2 of this post we will show you a script that can be run if you have no SSH, but only FTP access to the web server.

Reset WordPress password over SSH

Running the script from the SSH shell gives the following output:

maurits@nuc:~$ php wp-reset-ssh.php
WordPress password reset script
1: /home/maurits/public_html/wp-config.php
Choose config file [1]:
1: Maurits
Choose WP user [1]:
Choose password [NWE0NjE2YW]:
Reset administrator role (y/N)? y
================================================================================
SET @user = 'Maurits';
SET @pass = 'NWE0NjE2YW';
SELECT ID into @user FROM `wp_users` WHERE `user_login`=@user;
UPDATE `wp_users` SET `user_pass`=MD5(@pass) WHERE `ID` = @user;
UPDATE `wp_usermeta` SET `meta_value`='a:1:{s:13:"administrator";s:1:"1";}' WHERE `user_id`=@user AND `meta_key`='wp_capabilities';
UPDATE `wp_usermeta` SET `meta_value`=10 WHERE `user_id`=@user AND `meta_key`='wp_user_level';
================================================================================
Execute this SQL (y/N)? y
Executed SQL successfully
maurits@nuc:~$

wp-reset-ssh.php

This is the source code of the above script:

<?php
echo "WordPress password reset script\n";
$files = array();
exec('locate wp-config.php',$files,$result);
if ($result!=0) {
  echo "Choose search path [.]: ";
  $path = trim(fgets(STDIN));
  if (!$path) $path = '.';
  exec("find '$path' | grep wp-config.php",$files, $result);
}
if ($result!=0 || count($files) == 0) {
  die("ERROR: could not find file 'wp-config.php'");
}
foreach ($files as $i=>$file) echo ($i+1).": $file\n";
echo "Choose config file [1]: ";
$number = trim(fgets(STDIN));
if (!$number) $number = '1';
$lines = file($files[$number-1]);
foreach ($lines as $line) {
  if (preg_match('/^\s*define\(/i',$line)) eval($line);
}
$mysqli = new mysqli(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);
$mysqli->set_charset(DB_CHARSET);
if ($mysqli->connect_errno) die($mysqli->connect_error);
$result = $mysqli->query("SELECT `user_login` FROM `wp_users`");
if ($result===false) die($mysqli->error);
$users = array();
while($row=$result->fetch_array()) $users[]=$row[0];
$result->close();
foreach ($users as $i=>$user) echo ($i+1).": $user\n";
echo "Choose WP user [1]: ";
$number = trim(fgets(STDIN));
if (!$number) $number = '1';
$user = $users[$number-1];
$default = substr(rtrim(base64_encode(sha1(microtime())),"="),0,10);
echo "Choose password [$default]: ";
$pass = trim(fgets(STDIN));
if (!$pass) $pass = $default;
$sql = <<<END_OF_SQL
SET @user = '$user';
SET @pass = '$pass';
SELECT ID into @user FROM `wp_users` WHERE `user_login`=@user;
UPDATE `wp_users` SET `user_pass`=MD5(@pass) WHERE `ID` = @user;
END_OF_SQL;
echo "Reset administrator role (y/N)? ";
$yes = trim(fgets(STDIN));
if ($yes=="y") $sql.= <<<END_OF_SQL

UPDATE `wp_usermeta` SET `meta_value`='a:1:{s:13:"administrator";s:1:"1";}' WHERE `user_id`=@user AND `meta_key`='wp_capabilities';
UPDATE `wp_usermeta` SET `meta_value`=10 WHERE `user_id`=@user AND `meta_key`='wp_user_level';
END_OF_SQL;
$bar = str_repeat("=",80);
echo "$bar\n$sql\n$bar\n";
echo "Execute this SQL (y/N)? ";
$yes = trim(fgets(STDIN));
if ($yes!="y") die("Stopped without executing SQL\n");
$mysqli->autocommit(false);
$lines = explode("\n",trim($sql));
foreach ($lines as $query) {
  if ($mysqli->query($query)===false) die($mysqli->error);
}
if ($mysqli->commit()) echo "Executed SQL successfully\n";
else die($mysqli->error);
$mysqli->close();
Share

One thought on “WordPress password forgotten? Part 1 (using SSH)”

Leave a Reply

Your email address will not be published. Required fields are marked *