1.3k Views inWordpress

How to Regain Access to Your WordPress Site by Adding an Admin User Directly Through the Database

Has your WordPress site been hacked or your admin password lost, locking you out of the backend? While a frightening prospect, don‘t worry – you can take control back quickly by adding a new admin user directly through the MySQL database.

With over 15 years as a WordPress professional, I‘ve helped many a panicked site owner regain access after being locked out. While hacking attempts are often the culprit, a forgotten password is just as common.

According to surveys, nearly 30% of people forget the passwords to their online accounts each year. For busy site owners juggling multiple complex logins, a lost WordPress password is understandable.

Thankfully, there is a fast workaround. By manually adding an admin user through MySQL database queries, you can circumvent the standard WordPress process and log back in.

However, directly editing the database can be risky if you don‘t know what you‘re doing. So in this guide, I‘ll walk you through the steps clearly and safely. Follow along, and you‘ll have your site access restored in just a few minutes.

Prerequisites Before Editing the Database

Before adding a new user to the WordPress database, make sure you:

  • Have access to your database through phpMyAdmin or a similar tool. Your hosting provider can assist with this if unsure.
  • Have identified your WordPress database name. You can find this in your wp-config.php file.
  • Have backed up your database. Editing the database directly could lead to corruption, so backups are crucial.

I always advise creating a backup first as a precaution. Tools like UpdraftPlus can automate WordPress database backups on a schedule.

Step 1 – Add the New User to the wp_users Table

The wp_users table in your WordPress database stores user account information, like the username and password.

To add your new admin user:

  1. Log into phpMyAdmin and select your WordPress database from the left nav.

  2. Select the wp_users table. You‘ll see existing user accounts listed.

  3. Click the Insert tab to add a new row.

  4. Enter the following to create an admin user:

  • ID – Pick a number not used by existing users. This will be the new user ID.
  • user_login – The username to log in with.
  • user_pass – The password encrypted with MD5 hash.
  • user_nicename – Their display name.
  • user_email – The email address.
  • user_url – Your site‘s URL.
  • user_registered – Date registered in YYYY-MM-DD format.
  • user_activation_key – Leave blank.
  • user_status – Set to 0 for active.
  • display_name – Public display name.

Here‘s an example of adding a new user ‘YourAdminName‘ with password ‘securepassword‘:

wp_users table example

Once entered, click Go to insert the new user into the database.

Step 2 – Grant Admin Privileges in wp_usermeta

With the user added, next we need to grant them admin access. This is controlled in the wp_usermeta table.

  1. Select wp_usermeta then click Insert to add new rows.

  2. In the first row, enter:

  • umeta_id – Leave blank for automatic ID.
  • user_id – The ID of the user you just created.
  • meta_key – wp_capabilities
  • meta_value – a:1:{s:13:"administrator";s:1:"1";}

  1. Click Go to insert the new row.

  2. Insert one more row with:

  • umeta_id – Leave blank.
  • user_id – The new user ID again.
  • meta_key – wp_user_level
  • meta_value – 10
  1. Click Go to add the second row.

These rows grant admin privileges and set the user level to 10 for administrator.

wp_usermeta table example

The new user can now log into your WordPress dashboard!

Step 3 – Test Logging In and Secure Your Site

Visit your WordPress login page and sign in with the new admin username and password. Navigate to Users > All Users.

Edit your new user, scroll to the bottom, and click Save. This syncs the user through WordPress.

Success – you‘re back in the dashboard!

Now it‘s time to lock down your site:

  • Remove Any Unknown Accounts – Delete suspicious looking users.

  • Reset All Passwords – Change credentials on all accounts to new secure passwords.

  • Revoke All Sessions – Log out all active sessions as a precaution.

  • Install Security Plugins – Use tools like Wordfence to monitor login activity and threats.

  • Enable Two-Factor Authentication – Add an extra layer of login security.

Regaining access through the database is quick, but be sure to take steps to further protect your site afterwards. Implementing strong passwords, login monitoring, and two-factor authentication will help keep your WordPress site locked down.

In Summary

While being locked out of WordPress can be frightening, adding an admin user directly through the database offers a fast solution. A few simple SQL queries can enable you to log back in and take control.

Follow this guide‘s steps to safely create a new admin user in the wp_users and wp_usermeta tables. Then secure your site by removing suspicious accounts, resetting passwords, and installing security plugins.

With some caution, editing the database directly lets you circumvent WordPress and regain access quickly when locked out. Just be sure to backup first and harden security after.

Let me know if you have any other questions! I‘m always happy to help WordPress site owners restore access and better protect their sites.

Written by Jason Striegel

C/C++, Java, Python, Linux developer for 18 years, A-Tech enthusiast love to share some useful tech hacks.