Reset your WordPress admin password remotely

This script is not a WordPress plugin. It's purpose is only to allow a site owner to reset the administrator password.

The script will read the root wp-config.php to get the database access details, then connect to the DB and query tables users, usermeta and user_level

The data will be returned to a select form field to choose a single user for password change. Once the process completes successfully, the page will redirect to the wp-admin page. Be sure to delete the file after use, else demons will find and use it.

wordpress-password-reset.jpg

 

The Code

Copy the following code to your new .php document and place in the root of the WordPress installation, where the file wp-config.php exists.

<?php

if( file_exists(dirname(__FILE__).'/wp-config.php') ) 
{
	include 'wp-config.php';
	
	$dbconnect = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
	
	// quit if no db connection
	if( $dbconnect->connect_error ) {
		echo '<p style="color:red">DB connection failed: ('.$dbconnect->connect_errno.') '.$dbconnect->connect_error.'<br>Database connection was blocked</p>';
		exit();
	}

	$usertbl = $table_prefix.'users';
	$usermeta = $table_prefix.'usermeta';
	$userlvl = $table_prefix.'user_level';
	
	$queryusers = "
	SELECT ID, user_login, user_email 
	FROM $usertbl 
	LEFT JOIN $usermeta 
	ON $usertbl.ID = $usermeta.user_id 
	WHERE meta_key = '$userlvl'
	AND meta_value = 10
	";

	// db response
	$res = $dbconnect->query($queryusers);
	$usr= $optname='';
	if( $res->num_rows > 0 ) {
		while($row = $res->fetch_assoc()) {
			$usr .= '<ul><li>'.$row['user_login'].'</li><li>'.$row['user_email'].'</li></ul>';
			$optname .= '<option value="'.$row['user_login'].'">'.$row['user_login'].'</option>';
		}
	}
	
	// Run password update	
	$result='';
	if( isset($_POST['username']) && isset($_POST['pwset']) ) 
	{
		$password = '"'.MD5($_POST['pwset']).'"';
		$username = '"'.$_POST['username'].'"';
		$queryupdate = "UPDATE $usertbl SET user_pass = $password WHERE user_login = $username";
		$admin = str_replace($_SERVER['SCRIPT_NAME'],'',$_SERVER['SCRIPT_URI']).'/wp-admin';
		
		if( $dbconnect->query($queryupdate) === true ) 
		{
			$result = '<p class="notice success">The password update ran successfully.</p>';
			$result .= '<p class="notice success">Now redirecting to admin...</p>';
			$result .= '<p class="notice warn">This file should self destruct and be gone from the server, however be sure to check and confirm deletion.</p>';
			
			echo '<meta http-equiv="refresh" content="7; URL='.$admin.'">';
			
			unlink(__FILE__);
		}else{
			$result = '<p>The password update failed for an unknown reason. Maybe allow some time and try again later.</p>';
			$result .= '<p class="notice alert">Do NOT leave this file on your server anywhere!</p>';
		}
	}


} ?>

<!DOCTYPE html>
<html>
<head>
<title>Reset</title>

<style>
body {font-family: verdana; font-size: 13px; padding: 0 50px 50px;}
a {text-decoration: none; color: #b22525; font-weight: 900;}
input, select {display: block; border: 1px solid #bbbbbb; padding: 8px 4px; margin-bottom: 5px; width: 220px; border-radius: 3px;}
input[type="submit"] {cursor: pointer;}
input[type="text"] {font-family: courier;}
.notice {background: #ddf7ff; padding: 8px;}
.notice.alert {background: #ffdde1; font-size: 28px; text-align: center; color: #ce0100; font-weight: 900;}
.notice.success {background: #f1ffdb;}
.notice.warn {background: #f4e4dc; color: #e56e00; font-weight: 900;}
.footnote {text-align: center; background: #f2f2f2; padding: 5px;}
.list {margin: 20px 0;}
.list ul {list-style: none; padding: 0; margin: 0; overflow: hidden;}
.list li {float: left; padding: 5px; border: 1px solid #eeeeee; width: 50%; box-sizing: border-box;}
.list .th {background: #dedede; font-weight: 900;}
</style>

</head>

<body>

<?php if( !file_exists(dirname(__FILE__).'/wp-config.php') ) {
	echo '
	<p class="notice alert">
	This file must be in the WordPress root directory where the wp-config.php file is located.
	</p>
	';
}else{
	if( !empty($dbconnect->stat) ) 
		echo '<p class="notice">database connection OK</p>';
?>

<h3>Admin Password Reset</h3>
<p class="notice alert">Be sure to delete this file once done</p>

<?php echo $result; ?>

<form method="post" action="">
	Select the user name to update*
	<select name="username" required="required">
		<option value="">Select</option>
		<?php echo $optname; ?>
	</select>
	Set new password*
	<input type="text" name="pwset" value="" required="required" />
	<input type="submit" name="pwsend" value="Reset Password" />
</form>

<div class="list">
	<h4>List of Administrators Found In User Database</h4>
	<p>Do not attempt to change all or multiple passwords with this tool. 
	Simply change one, login to the WP administration and make other changes within the User manager.</p>
	<ul class="th"><li>Username</li><li>Email</li></ul>
	<?php echo $usr; ?>
</div>

<?php } ?>

</body>
</html>

 

 

Category: WordPress Theming Stuff
profitable blogging

Navigation

cmsenergizer.png

CMS Exploits Checklist

Copyright © 2021 CMSEnergizer.com. All Rights Reserved.
File download and article manager component by CMSE Custom Fields | Website hosting and development by WebsiteDons

CMSEnergizer.com is owned and operated by Emuzement Net Inc, Tampa, Florida USA