WordPress access recovery: create admin and reset password safely

If you are locked out of WordPress, this guide covers both production-safe recovery paths:

1. create a new administrator account;
2. reset password for an existing account.

WordPress uses different user roles, each with specific permissions:

• User: can only read and edit their own profile.
• Manager: inherits user permissions and can read/edit posts.
• Collaborator: inherits user permissions and can submit posts.
• Administrator: has full system permissions.

Warning: Permissions may vary depending on your installation and plugins.

Creating an admin user

Via WP-CLI

If WP-CLI is available, creating an administrator is straightforward.

Installation guide:

<https://zd123.com.br/article/instalando-wpcli-na-hospedagem/>

Create a new administrator:

php wp user create USERNAME EMAIL --role=administrator --user_pass="PASSWORD"

Verify creation:

php wp user list

Via database

If WP-CLI is not available, create the admin user directly in the database.

Identify the database used by WordPress:

grep DB wp-config.php

Connect to MySQL/MariaDB:

mysql -u USER -p

If login succeeds, you should see:

MariaDB [(none)]:

Select the database:

use DATABASE_NAME;

List tables to identify the prefix:

show tables;

Sample output:

| wp_e_events |
| wp_e_submissions |
| wp_expm_maker_pages |
| wp_ezoic_endpoints |

In this case, prefix is wp_.

Create the new admin user:

INSERT INTO wp_users (user_login, user_pass, user_nicename, user_email, user_status, display_name)
VALUES ('USERNAME', MD5('USER_PASSWORD'), 'FULL NAME', 'USER_EMAIL', 0, 'FULL NAME');

• USERNAME: e.g. john
• USER_PASSWORD: use a strong password
• FULL NAME: first and last name
• USER_EMAIL: valid email address

Practical example:

INSERT INTO wp_users (user_login, user_pass, user_nicename, user_email, user_status, display_name)
VALUES ('usuario', MD5('mudar123'), 'Usuario Teste', 'usuario@teste.com.br', 0, 'Usuario Teste');
Query OK, 1 row affected (0.001 sec)

Check assigned ID:

SELECT ID FROM wp_users WHERE user_login = 'USERNAME';

Expected output:

SELECT ID FROM wp_users WHERE user_login = 'usuario';
+----+
| id |
+----+
| 90 |
+----+
1 row in set (0.001 sec)

Warning: ID changes for every new user. In the example above, ID is 90.

Grant administrator capabilities:

INSERT INTO wp_usermeta (user_id, meta_key, meta_value)
VALUES (USER_ID, 'wp_capabilities', 'a:1:{s:13:"administrator";b:1;}');

Example:

INSERT INTO wp_usermeta (user_id, meta_key, meta_value)
VALUES (90, 'wp_capabilities', 'a:1:{s:13:"administrator";b:1;}');
Query OK, 1 row affected (0.004 sec)

Also add user level:

INSERT INTO wp_usermeta (user_id, meta_key, meta_value)
VALUES (USER_ID, 'wp_user_level', '10');

Example:

INSERT INTO wp_usermeta (user_id, meta_key, meta_value)
VALUES (90, 'wp_user_level', '10');
Query OK, 1 row affected (0.001 sec)

Done. The user now has administrator permissions and can log in to wp-admin.

Secure password reset path

If the account already exists, password reset is usually faster than creating a new admin.

With WP-CLI

php wp user list
php wp user update USER_ID --user_pass="NEW_STRONG_PASSWORD"

Emergency database reset

UPDATE wp_users
SET user_pass = MD5('newPassword123')
WHERE user_login = 'username';

Important: after regaining access, change the password again in WordPress admin so the platform stores a modern password hash.

This post is licensed under CC BY-NC.