PHP script to add WordPress admin user

PHP script to add WordPress admin user

I recently needed to add a new administrator username to a WordPress install.

Doing this manually via SQL is not the most difficult task in the world, but it can be quite a challenge as it requires special access (either to mysqladmin or something like phpMyAdmin) and SQL knowledge.

Plus there’s a always room for error when messing around with SQL data.

To use the script, just upload it to your WordPress root folder and access it via the browser. And remember to remove it after using it as it is an extreme security risk if left live there for anyone else to use it and add an administrator username to your site.

Download the zipped script from here (older version here), or copy the code from below.

Code updated for PHP 7/8:

<?php

/******************************
*  WordPress UserAdd Script
*  version 0.2 / 20221216
*
*  (c) zedt.eu
*  https://zedt.eu/tech/php-script-to-add-wordpress-admin-user/
* ****************************/

// configurables
$wpconf = "wp-config.php";

$usrtbl = "users";
$usrmta = "usermeta";

// sql data
$sqltbl = "INSERT INTO `%prefix%$usrtbl` (`user_login`,`user_pass`,`user_nicename`,`user_email`,`user_url`,`user_registered`,`user_activation_key`,`user_status`,`display_name`) VALUES ('%usrname%',MD5('%usrpass%'),'%usrnice%','%usrmail%','',NOW(),'','0','%usrnice%')";
$sqlid = "SELECT `id` FROM `%prefix%$usrtbl` WHERE `user_login` = '%usrname%'";
$sqlmta = "INSERT INTO `%prefix%$usrmta` (`user_id`,`meta_key`,`meta_value`) VALUES ('%usrid%','%prefix%capabilities','a:1:{s:13:\"administrator\";s:1:\"1\";}')";
$sqlmta2 = "INSERT INTO `%prefix%$usrmta` (`user_id`,`meta_key`,`meta_value`) VALUES ('%usrid%','%prefix%user_level','10')";

// defaults
$prefix = "wp_";
$usrname = "";
$usrpass = "";
$usrnice = "";
$usrmail = "";
$errors = array();

ini_set("error_reporting", 0);
define('WP_DEBUG', false);

// helper functions
function msgbox($msg,$type=""){
	if (empty($msg)) return;
	if (is_array($msg)) $msg = implode( "<br>", $msg );
	printf( '<div class="alert %s">%s</div>' . PHP_EOL, $type, $msg );
}

function getusrid( $db, $query ){
	$result = $db->query( $query );
	$row = @mysqli_fetch_array( $result, MYSQLI_ASSOC );
return $row['id'];
}

function filterdata( $input, $keys=array(), $vals=array() ){
	$data = str_replace( $keys, $vals, $input );
	if ( ini_get('magic_quotes_gpc') ) $data = stripslashes( $data );
	return $data;
}

?><!DOCTYPE html>
<html>
  <head>
    <title>Wordpress UserAdd Script</title>
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.0.0-wip/css/bootstrap.min.css">
    <script src="//code.jquery.com/jquery.js"></script>
    <script src="//netdna.bootstrapcdn.com/bootstrap/3.0.0-wip/js/bootstrap.min.js"></script>
    <style type="text/css">
    body { background: #fcfcfc; }
    a { color: #bf4c26; }
    a:hover { color: #222; }
    .wrapper { background: white; border: 1px solid #eee; padding: 10px; width: 800px; margin: 30px auto 0; border-radius: 12px; }
    .ver { width: 800px; margin: 5px auto; color: #999; font-size: 11px; }
    .theform { display: block; border: 1px solid #efefef; padding: 10px; margin: 10px 0; border-radius: 6px;}
    </style>
  </head>
  <body>
    <div class="wrapper">
    <h3>Wordpress UserAdd Script</h3>
<?php
if ( file_exists( $wpconf ) ) {
	// wp config file found
	include_once( $wpconf );
	if ( defined( 'DB_NAME' ) && defined( 'DB_USER' ) && defined( 'DB_PASSWORD' ) && defined( 'DB_HOST' ) ) {
		// db data found
		printf( "Attempting to login to `<b>%s</b>` as `<b>%s</b>` to access `<b>%s</b>` ...", DB_HOST, DB_USER, DB_NAME );
		if ( $dbc = @mysqli_connect( DB_HOST, DB_USER, DB_PASSWORD, DB_NAME ) ) {
			// sql connect successful
			echo "<span style=\"color: green\"><b>SUCCESS</b></span>\n<br />";
			if ( !empty( $_POST['sub'] ) ) {
				// form submitted, process and show results
				if ( !empty( $_POST['prefix'] ) ) $prefix = trim( $_POST['prefix'] ); else $errors[] = "You did not fill in the table prefix";
				if ( !empty( $_POST['usrname'] ) ) $usrname = trim( $_POST['usrname'] ); else $errors[] = "You did not fill in the username";
				if ( !empty( $_POST['usrpass'] ) ) $usrpass = trim( $_POST['usrpass'] ); else $errors[] = "You did not fill in the password";
				if ( !empty( $_POST['usrnice'] ) ) $usrnice = trim( $_POST['usrnice'] ); else $errors[] = "You did not fill in the display username";
				if ( !empty( $_POST['usrmail'] ) ) $usrmail = trim( $_POST['usrmail'] ); else $errors[] = "You did not fill in the email address";

				if ( empty( $errors ) ) {
					// form submitted successfully
					$sqltbl = filterdata($sqltbl, array( "%prefix%", "%usrname%", "%usrpass%", "%usrnice%", "%usrmail%" ), array( $prefix, $usrname, $usrpass, $usrnice, $usrmail ) );
					if ( $result = $dbc->query( $sqltbl ) ){ 
						$sqlid = filterdata( $sqlid, array( "%prefix%", "%usrname%" ), array( $prefix, $usrname) );
						$id = getusrid( $dbc, $sqlid );
						$sqlmta = filterdata( $sqlmta, array( "%prefix%", "%usrid%" ), array( $prefix, $id ) );
						$sqlmta2 = filterdata( $sqlmta2, array( "%prefix%", "%usrid%" ), array( $prefix, $id ) );
						if ( !@$dbc->query ($sqlmta) ) $errors[] = sprintf( "<b>Failed to add user metadata!</b> %s", mysqli_error( $dbc ) );
						if ( !@$dbc->query ($sqlmta2) ) $errors[] = sprintf( "<b>Failed to add user metadata #2!</b> %s", mysqli_error( $dbc ) );
					} else {
						$errors[] = sprintf( "<b>Failed to add user!</b> %s", mysqli_error( $dbc ) );
					}
					//echo "$sqltbl<br />$sqlid<br />$sqlmta<br />$sqlmta2"; var_dump($result,mysqli_error( $dbc ));
					if ( empty( $errors ) ) {
						msgbox( sprintf( "<b>User <b>%s</b> added successfully.</b><br />Login to the <a href=\"wp-admin/\">dashboard</a>.", $usrname ), "alert-success" );
					}
				} else { }
			} else { }
			// display form
			msgbox( $errors, "alert-danger" );
			?>
			<form role="form" action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="POST" class="theform form-horizontal">
				<div class="row">
					<div class="col-md-12">
					<fieldset>
						<legend>Database</legend>
						<div class="form-group">
							<label for="prefix" class="col-lg-2 control-label">Table prefix</label>
							<div class="col-lg-3"><input type="text" class="form-control" name="prefix" id="prefix" placeholder="username" value="wp_" value="<?php echo $usrprefix; ?>"></div>
						</div>
					</fieldset>
					</div>
				</div>
				<div class="row">
					<div class="col-md-12">
					<fieldset>
						<legend>User data</legend>
						<div class="form-group">
							<label for="usrname" class="col-lg-2 control-label">Username</label>
							<div class="col-lg-6"><input type="text" class="form-control" name="usrname" id="usrname" placeholder="username" value="<?php echo $usrname; ?>"></div>
						</div>
						<div class="form-group">
							<label for="usrpass" class="col-lg-2 control-label">Password</label>
							<div class="col-lg-6"><input type="password" class="form-control" id="usrpass" name="usrpass" placeholder="password" value="<?php echo $usrpass; ?>"></div>
						</div>
						<div class="form-group">
							<label for="usrnice" class="col-lg-2 control-label">Display name</label>
							<div class="col-lg-6"><input type="text" class="form-control" name="usrnice" id="usrnice" placeholder="display name" value="<?php echo $usrnice; ?>"></div>
						</div>
						<div class="form-group">
							<label for="usrmail" class="col-lg-2 control-label">E-mail</label>
							<div class="col-lg-6"><input type="email" class="form-control" name="usrmail" id="usrmail" placeholder="e-mail" value="<?php echo $usrmail; ?>"></div>
						</div>
						<div class="form-group">
							<div class="col-lg-offset-2 col-lg-6">
								<button type="submit" class="btn btn-primary">Add user</button>
							</div>
						</div>
					</fieldset>
					</div>
				</div>
				<input type="hidden" name="sub" value="1">
			</form>
			<?php
			$dbc->close();
		} else {
			// unable to connect to sql
			msgbox( sprintf( "Unable to connect to the database with the supplied authentication data: %s", mysqli_connect_error() ), "alert-danger" );
		}
	} else {
		// missing db data
		msgbox( "Could not locate authentication data in the configuration file. Check to see if the file is indeed a wp-config.php file and is not corrupt." );
	}
} else {
	// missing wp config file
	msgbox( "Unable to locate <b>wp-config.php</b>. Make sure you have uploaded this script to the root of your WordPress installation.", "alert-danger" );
}
?>
    </div><!--wrapper-->
    <div class="ver text-right">
    version 0.2 / 20221216 &bull; (c) <a href="http://zedt.eu/" target="_blank">zedt.eu</a>
    </div> <!--ver-->
  </body>
</html>
<!-- EOF -->

The original PHP 5 compatible script:

<?php

/******************************
* WordPress UserAdd Script
* version 0.1 / 20130818
*
* (c) zedt.eu
* http://zedt.eu/tech/wordpress-script-to-add-admin-user
* ****************************/

// configurables
$wpconf = "wp-config.php";

$usrtbl = "users";
$usrmta = "usermeta";

// sql data
$sqltbl = "INSERT INTO `%prefix%$usrtbl` (`user_login`,`user_pass`,`user_nicename`,`user_email`,`user_url`,`user_registered`,`user_activation_key`,`user_status`,`display_name`) VALUES ('%usrname%',MD5('%usrpass%'),'%usrnice%','%usrmail%','',NOW(),'','0','%usrnice%')";
$sqlid = "SELECT `id` FROM `%prefix%$usrtbl` WHERE `user_login` = '%usrname%'";
$sqlmta = "INSERT INTO `%prefix%$usrmta` (`user_id`,`meta_key`,`meta_value`) VALUES ('%usrid%','%prefix%capabilities','a:1:{s:13:\"administrator\";s:1:\"1\";}')";
$sqlmta2 = "INSERT INTO `%prefix%$usrmta` (`user_id`,`meta_key`,`meta_value`) VALUES ('%usrid%','%prefix%user_level','10')";

// defaults
$prefix = "wp_";
$usrname = "";
$usrpass = "";
$usrnice = "";
$usrmail = "";
$errors = array();

// helper functions
function msg($msg,$type=""){
echo "<div class=\"alert $type\">$msg</div>\n";
}

function getusrid($query){
$result = @mysql_query ($query);
$row = @mysql_fetch_array ($result, MYSQL_ASSOC);
return $row['id'];
}

function box($arr,$classes=""){
if (count($arr)>0):
     echo "<div class=\"alert $classes\">\n";
     foreach ($arr as $a): echo "$a<br />\n"; endforeach;
     echo "</div>\n";
endif;
}

function filter($input,$keys=array(),$vals=array()){
     $data = str_replace($keys,$vals,$input);
     if (ini_get('magic_quotes_gpc')) { $data = stripslashes($data); }
//     if (function_exists('mysql_real_escape_string')) {
//		global $dbc; // Need the connection.
//		$data = mysql_real_escape_string (trim($data), $dbc);
//	} else { $data = mysql_escape_string (trim($data)); } //
	return $data;
}

?><!DOCTYPE html>
<html>
  <head>
    <title>Wordpress UserAdd Script</title>
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.0.0-wip/css/bootstrap.min.css">
    <script src="//netdna.bootstrapcdn.com/bootstrap/3.0.0-wip/js/bootstrap.min.js"></script>
    <script src="//code.jquery.com/jquery.js"></script>
    <style type="text/css">
    body { background: #fcfcfc; }
    a { color: #bf4c26; }
    a:hover { color: #222; }
    .wrapper { background: white; border: 1px solid #eee; padding: 10px; width: 800px; margin: 30px auto 0; border-radius: 12px; }
    .ver { width: 800px; margin: 5px auto; color: #999; font-size: 11px; }
    .theform { display: block; border: 1px solid #efefef; padding: 10px; margin: 10px 0; border-radius: 6px;}
    </style>
  </head>
  <body>
    <div class="wrapper">
    <h3>Wordpress UserAdd Script</h3>
<?php
if (file_exists($wpconf)):
// wp config file found
include_once($wpconf);
     if (defined('DB_NAME')&&defined('DB_USER')&&defined('DB_PASSWORD')&&defined('DB_HOST')):
          // db data found
          echo "Attempting to login to `<b>".DB_HOST."</b>` as `<b>".DB_USER."</b>` to access `<b>".DB_NAME."</b>` ...";
          if ($dbc = @mysql_connect(DB_HOST,DB_USER,DB_PASSWORD)):
               // sql connect successful
               if (@mysql_select_db(DB_NAME)):
                    // sql db select successful
                    echo "<span style=\"color: green\"><b>SUCCESS</b></span>\n<br />";
                    if (isset($_POST['sub'])):
                         // form submitted, process and show results
                         //print_r($_POST);
                         if (isset($_POST['prefix'])&&(strlen($_POST['prefix'])>0)): $prefix = trim($_POST['prefix']); else: $errors[] = "You did not fill in the table prefix"; endif;
                         if (isset($_POST['usrname'])&&(strlen($_POST['usrname'])>0)): $usrname = trim($_POST['usrname']); else: $errors[] = "You did not fill in the username"; endif;
                         if (isset($_POST['usrpass'])&&(strlen($_POST['usrpass'])>0)): $usrpass = trim($_POST['usrpass']); else: $errors[] = "You did not fill in the password"; endif;
                         if (isset($_POST['usrnice'])&&(strlen($_POST['usrnice'])>0)): $usrnice = trim($_POST['usrnice']); else: $errors[] = "You did not fill in the display username"; endif;
                         if (isset($_POST['usrmail'])&&(strlen($_POST['usrmail'])>0)): $usrmail = trim($_POST['usrmail']); else: $errors[] = "You did not fill in the email address"; endif;

                         if (count($errors)==0):
                              // form submitted successfully
                              $sqltbl = filter($sqltbl,array("%prefix%","%usrname%","%usrpass%","%usrnice%","%usrmail%"),array($prefix,$usrname,$usrpass,$usrnice,$usrmail));
                              if ($result = @mysql_query ($sqltbl)):
                                   $sqlid = filter($sqlid,array("%prefix%","%usrname%"),array($prefix,$usrname));
                                   $id = getusrid($sqlid);
                                   $sqlmta = filter($sqlmta,array("%prefix%","%usrid%"),array($prefix,$id));
                                   $sqlmta2 = filter($sqlmta2,array("%prefix%","%usrid%"),array($prefix,$id));
                                   if (!@mysql_query ($sqlmta)): $errors[] = "<b>Failed to add user metadata!</b> ".mysql_error(); endif;
                                   if (!@mysql_query ($sqlmta2)): $errors[] = "<b>Failed to add user metadata #2!</b> ".mysql_error(); endif;
                              else: $errors[] = "<b>Failed to add user!</b> ".mysql_error();
                              endif;
                              //echo "$sqltbl<br />$sqlid<br />$sqlmta<br />$sqlmta2";
                              if (count($errors)==0):
                                   box(array("<b>User <b>$usrname</b> added successfully.</b><br />Login to the <a href=\"wp-admin/\">dashboard</a>."),"alert-success");
                              endif;
                         endif;
                    endif;
                         // display form
                         box($errors,"alert-danger");
                         ?>
                         <form role="form" action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="POST" class="theform form-horizontal">
                         <div class="row">
                              <fieldset>
                              <legend>Database</legend>
                                   <div class="form-group">
                                       <label for="prefix" class="col-lg-2 control-label">Table prefix</label>
                                       <div class="col-lg-3"><input type="text" class="form-control" name="prefix" id="prefix" placeholder="username" value="wp_" value="<?php echo $usrprefix; ?>"></div>
                                   </div>
                              </fieldset>
                         </div>
                         <div class="row">
                              <fieldset>
                              <legend>User data</legend>
                              <div class="form-group">
                                  <label for="usrname" class="col-lg-2 control-label">Username</label>
                                  <div class="col-lg-6"><input type="text" class="form-control" name="usrname" id="usrname" placeholder="username" value="<?php echo $usrname; ?>"></div>
                              </div>
                              <div class="form-group">
                                  <label for="usrpass" class="col-lg-2 control-label">Password</label>
                                  <div class="col-lg-6"><input type="password" class="form-control" id="usrpass" name="usrpass" placeholder="password" value="<?php echo $usrpass; ?>"></div>
                              </div>
                              <div class="form-group">
                                  <label for="usrnice" class="col-lg-2 control-label">Display name</label>
                                  <div class="col-lg-6"><input type="text" class="form-control" name="usrnice" id="usrnice" placeholder="display name" value="<?php echo $usrnice; ?>"></div>
                              </div>
                              <div class="form-group">
                                  <label for="usrmail" class="col-lg-2 control-label">E-mail</label>
                                  <div class="col-lg-6"><input type="email" class="form-control" name="usrmail" id="usrmail" placeholder="e-mail" value="<?php echo $usrmail; ?>"></div>
                              </div>
                              <div class="form-group">
                                  <div class="col-lg-offset-2 col-lg-6">
                                       <button type="submit" class="btn btn-primary">Add user</button>
                                  </div>
                              </div>
                              </fieldset>
                         </div>
                         <input type="hidden" name="sub" value="0">
                         </form>
                        <?
                    mysql_close($dbc);
               else:
                    // sql select failed
                    msg("Unable to select database. Check permissions.","alert-danger");
               endif;
          else:
               // unable to connect to sql
               msg("Unable to connect to the database with the supplied authentication data. Check permissionss.","alert-danger");
          endif;
     else:
     // missing db data
     msg("Could not locate authentication data in the configuration file. Check to see if the file is indeed a wp-config.php file and is not corrupt.","");
     endif;
else:
// missing wp config file
msg("Unable to locate <b>wp-config.php</b>. Make sure you have uploaded this script to the root of your WordPress installation.","alert-danger");
endif;
?>
    </div><!--wrapper-->
    <div class="ver">
    version 0.1 / 20130818 &bull; (c) <a href="http://zedt.eu/" target="_blank">zedt.eu</a>
    </div> <!--ver-->
  </body>
</html>