Add a WP Admin User From Your Server File Manager

Archives

|

June 16, 2025

Not having access to your WordPress admin area is one of those situations that can make your heart skip a beat.

Maybe you forgot your password, a security plugin went rogue, or worse, your site got compromised. Whatever the reason, I’ve been there, and it’s not fun.

The good news is that if you have access to your hosting control panel’s file manager (whether it’s cPanel, Plesk, or any other hosting dashboard), you can create a new admin user in just 2 minutes.

I’m going to show you the simplest method that doesn’t require messing with MySQL databases like this or complex workarounds.

The Code You’ll Need

Here’s the PHP code that will create your new admin user:

function themetester_add_admin_account() {
    $user = 'USERNAME';
    $pass = 'PASSWORD';
    $email = 'EMAIL';

    global $themetester_status_message;

    if ( username_exists( $user ) || email_exists( $email ) ) {
        $themetester_status_message = "user $user is already in the database";
    } else {
        $user_id = wp_create_user( $user, $pass, $email );
        if ( is_wp_error( $user_id ) ) {
            $themetester_status_message = "something went wrong";
        } else {
            $user_obj = new WP_User( $user_id );
            $user_obj->set_role( 'administrator' );
            $themetester_status_message = "ok, user $user created";
        }
    }
}
add_action( 'init', 'themetester_add_admin_account' );

function themetester_echo_result() {
    global $themetester_status_message;
    if ( isset( $themetester_status_message ) ) {
        echo "<div style='text-align:center; padding:20px; font-weight:bold;'>$themetester_status_message</div>";
    }
}
add_action( 'wp_footer', 'themetester_echo_result' );

Let me break down what’s happening here.

  1. The wp_create_user() function is WordPress’s built-in way to create new users programmatically.
  2. Before creating the user, the code checks if the username or email already exists using username_exists() and email_exists() functions.
  3. We create that user object with new WP_User().
  4. We use set_role() to give them administrator privileges.
  5. We return the status of the operation in the frontend footer, just to see whether it worked.

Step-by-Step Implementation

Follow these steps to run the code, it shouldn’t take more than a few minutes.

1. Access Your File Manager

Log into your hosting control panel and open the file manager. In cPanel, you’ll find it in the Files section.

2. Navigate to Your Theme’s Functions.php File

Go to public_html (or your domain folder), then wp-content/themes/your-active-theme-name/. Look for the functions.php file and click to edit it.

Cpanel Wp Functions File Location

You can also add this to your custom functions file in your mu-plugins directory if you have one.

3. Add the Code

Scroll to the bottom of the functions.php file and paste the code above.

Replace the placeholder values with your actual details:

  • Change USERNAME to your desired username
  • Change PASSWORD to a strong password
  • Change EMAIL to your email address

4. Save and Test

Save the file and visit your website’s homepage to trigger the code.

The code outputs the result of the code into the footer on any page of your site, providing it was coded according to best WP standards and allows the footer hook.

Then go to /wp-admin and try logging in with your new credentials.

NOTE ON CACHING: If you have caching enable and the forntend page you load is cached, the code won’t run, since you see a cached version of the page. In such an instance, you need to load an uncached page, or turn your caching plugin off by renaming the chache plugin folder in the plugins folder.

5. Important: Remove the Code Immediately

Once you’ve successfully logged in, go back to your file manager and delete the code from functions.php. This is crucial for security reasons, since leaving this code in place could allow anyone who accesses your site to potentially create admin accounts.

But if they’re already in your file manager, it won’t matter much 😉

Anyhow, the user account will remain even after you remove the code. You’re just preventing the function from running again (even though it won’t recreate the same user over and over) and creating potential security vulnerabilities.

That’s it!

You now have a new admin account and can regain control of your WordPress site. This method is much simpler than hacking into MySQL databases and works reliably across different hosting environments. It would work via console as well for the geekiest of webmasters our there.

Other Articles You'll Like

Leave a Reply

Your email address will not be published. Required fields are marked *