Can't log in to WordPress after trying all recommended options

Question

A client called complaining that they are unable to log into WordPress to make changes to the site. After looking into the issue I found that all user accounts are unable to log in. Because of this I've followed all the steps outlined here but to no avail.

I attempted to reset the password using WordPress and I never received an email.

I hard reset all users passwords in the database so I know for a fact the passwords I'm using are correct. This still didn't work.

Suspecting it was a plugin I disabled all plugins and tried again. This was a no go.

I disabled all themes and used a fresh new default theme and tested it. This also didn't work.

Suspecting that it's a core file issue since the WordPress site was outdated I replaced the wp-includes and wp-admin folders with the latest versions of the folders. I also updated the main files (wp-config.php, wp-login.php, etc). I tried to log in and it asked me to upgrade the database which I did, and still it says that the password is incorrect.

Has anyone else come across this issue? Can anyone suggest something for me to try to get it to work again?

Answer 1

Make sure to delete this function when you are not using it! It poses a security risk. You have been warned.

Not sure if you have access to the theme files (ftp) but you can add a user programmatically using the function below. Add it to the end of your functions.php file and then visit the url(see below) with your email and password as parameters.

After saving your functions.php file you would then visit a url in your browser similar to: yourwebsite.com/wp-admin/admin-ajax.php?action=so_39902381&email={your email}&password={your password}

but replacing {your email} and {your password} and the actual site name with your credentials. So for eg. yourwebsite.com/wp-admin/admin-ajax.php?action=so_39902381&email=me@myemail.com&password=123

By visiting the url with your custom parameters the function will be triggered which will create the user account. If it tells you your email is already registered, try a different email.

Add the below code to functions.php in your theme:

add_action('wp_ajax_nopriv_so_39902381', 'so_39902381');
add_action('wp_ajax_so_39902381', 'so_39902381');
/**
* Add a WordPress user programmatically
*/
function so_39902381(){

    $email_address = isset($_GET['email']) ? $_GET['email'] : wp_die();
    $password = isset($_GET['password']) ? $_GET['password'] : wp_die();

    if( null == username_exists( $email_address ) ) {

        // Generate the password and create the user
        $password = wp_generate_password( 12, false );
        $user_id = wp_create_user( $email_address, $password, $email_address );

        // Set the nickname
        wp_update_user(
        array(
          'ID'          =>    $user_id,
          'nickname'    =>    $email_address
        )
        );

        // Set the role
        $user = new WP_User( $user_id );
        $set = $user->set_role( 'administrator' );

        //Email the user
        wp_mail( $email_address, 'Welcome!', 'Your Password: ' . $password );

    } else {
        echo 'error: email already registered, choose another';
    }
    wp_die();
}

I suggest you change these logins once you have access to the backend.