Changing a user password without sending emails in WordPress

I just got a copy of a whole WordPress site, including files and database, from a user to reproduce a critical issue. After setting up my local test environment from these files, I had to change the existing admin user’s password since I didn’t know it.

Unfortunately, the local installation was not able to send emails due to missing SMTP settings in my local environment. I couldn’t install a plugin either, since I had no access, yet. So how did I proceed?

Before I started, I wanted to make sure that the site is really not sending information to the existing user, so I replaced the email address in a few places in the database.

  • in the wp_users table change user_email of the admin user into your email address
  • in the wp_options table change admin_email and maybe new_admin_email into your email address

Change the password of the admin user

Now, I had to change the password of the existing admin user. While I could read the username in the database, the password is securely stored and not readable.

I decided to use the password reset function on the login page and log the email that the site tried to sent.

First, I had to enable debug logging in wp-config.php by adding or changing the following lines:

define('WP_DEBUG', true);
define('WP_DEBUG_LOG', true);
Code language: PHP (php)

Next, I added the following line to my theme’s functions.php file. It simply writes the email information into wp-content/debug.log.

add_filter( 'wp_mail', function( $args ){ error_log( print_r( $args, true ) ); }, 99999);Code language: PHP (php)

The output in the log file looks like this:

Array
(
    [to] => thomas@example.com
    [subject] => [Test Site] Password Reset
    [message] => Someone has requested a password reset for the following account:

Site Name: Test Site

Username: myname

If this was a mistake, just ignore this email and nothing will happen.

To reset your password, visit the following address:

https://example.com/wp-login.php?action=rp&key=MXePTGFFbrlBgbTsS06u&login=myname

    [headers] => 
    [attachments] => Array
        (
        )

)

Now I just had to copy the link from the message into my browser to create a new password for the account and use it to log in to the site.

Alternative methods?

I could have asked the client to create a new user and password on his site and send me credentials before creating the backup of his site. This would have allowed me to log in directly.

The Author

I develop websites and plugins for WordPress, grew my own sites to 40 MM monthly page impressions and built Advanced Ads, one of the most popular ad optimization plugins. My main focus now is the Image Source Control plugin to manage image author attributions.

Comments

  1. Elita Goldin

    This is a very useful guide for changing password, thanks for sharing.

  2. The Lyrics Collection

    This is a great way of changing the Password. Thank you for sharing wit h us.