I just got a copy of a whole WordPress site, including files and database, from a user to reproduce a critical issue. After setting up my local test environment from these files, I had to change the existing admin user’s password since I didn’t know it.
Unfortunately, the local installation was not able to send emails due to missing SMTP settings in my local environment. I couldn’t install a plugin either, since I had no access, yet. So how did I proceed?
Before I started, I wanted to make sure that the site is really not sending information to the existing user, so I replaced the email address in a few places in the database.
- in the
wp_users
table changeuser_email
of the admin user into your email address - in the
wp_options
table changeadmin_email
and maybenew_admin_email
into your email address
Change the password of the admin user
Now, I had to change the password of the existing admin user. While I could read the username in the database, the password is securely stored and not readable.
I decided to use the password reset function on the login page and log the email that the site tried to sent.
First, I had to enable debug logging in wp-config.php
by adding or changing the following lines:
define('WP_DEBUG', true);
define('WP_DEBUG_LOG', true);
Code language: PHP (php)
Next, I added the following line to my theme’s functions.php
file. It simply writes the email information into wp-content/debug.log
.
add_filter( 'wp_mail', function( $args ){ error_log( print_r( $args, true ) ); }, 99999);
Code language: PHP (php)
The output in the log file looks like this:
Array ( [to] => thomas@example.com [subject] => [Test Site] Password Reset [message] => Someone has requested a password reset for the following account: Site Name: Test Site Username: myname If this was a mistake, just ignore this email and nothing will happen. To reset your password, visit the following address: https://example.com/wp-login.php?action=rp&key=MXePTGFFbrlBgbTsS06u&login=myname [headers] => [attachments] => Array ( ) )
Now I just had to copy the link from the message into my browser to create a new password for the account and use it to log in to the site.
Alternative methods?
I could have asked the client to create a new user and password on his site and send me credentials before creating the backup of his site. This would have allowed me to log in directly.
This is a very useful guide for changing password, thanks for sharing.
This is a great way of changing the Password. Thank you for sharing wit h us.