Gain WordPress Administrator access using FTP details

Imagine a scenario, you are providing technical support to a user, and you need administrator access to the website. But the user gave you FTP details only. Now, what can you do to gain Administrator access? Well, you can always request the user to provide you the WordPress admin details, but it will require you to send him another reply and therefore you may have to wait until he replies which may cost you some time. Sounds irritating right?

Or you can gain Administrator access just using the FTP details and save some time if you’re smart. And here I’m going to show you how to do that step by step.

Step 1:
Go to the root directory of the website using FTP. The root directory is the directory where the wp-config.php file exists, most of the time it’s the public_html directory.

Step 2:
Upload the following autologin.php script in the root directory.

Step 3:
Visit http://example.com/autologin.php (replace example.com with your target site URL) from your browser, it will run the above script, and then, if everything works well you will be redirected to the Admin panel of that website as an Administrator.

That’s it! Now you’ve successfully logged in to the website as Administrator!

Please note that you must delete that script from the root directory immediately after you’ve been logged in otherwise anybody who visits http://example.com/autologin.php will be logged in as Administrator as well and thus poses a huge security risk. Another thing is, instead of using the file name as autologin.php you should use a random name eg. 3245.php to reduce security risk.

Will this script work always?

Well, in 95% of cases it will work. This script was written based on the assumption that the Administrator’s user id is 1(which is true for almost all websites). However, if it doesn’t work for you then you can try your luck by changing the user id to 2,3 or 4 etc in line 5 from the script, and see if that works for you.

Leave a Reply

Your email address will not be published. Required fields are marked *