Negative-PID-FF-GRADIENT-BLACK-BG-01.png
Linkedin-in Facebook-f Youtube

Regain access to your website with WP-CLI

Negative PID

Digital Investigations
OSINT investigations SOCMINT investigations Dark web investigations Blockchain investigations Background checks Due diligence Evidence gathering Chain of custody
website

This post is about...

Top 10 articles

Social media focus

Core topics
Regain access to your website with WP-CLI
Summary

Have you ever lost access to your WordPress website? Instead of wasting hours with your hosting provider trying to explain why you need their help and getting, most of the time, redirected to expensive professional services, here’s how you can do it in a few minutes and at zero cost. 

How do you lose access to a WordPress website?

How can you lose access to your own website in the first place? If you install security plugins or a WAF on your website, you are likely to be locked out of it, even as an administrator. Your actions as an administrator might blacklist your IP, or, in some cases, plugin conflicts might remove your user role and you won’t be able to regain access to the WordPress admin page. MFA/TFA authentication plugins are another source of weird accidents in WordPress. If you don’t have a backup user with enough permissions to unlock your main account, regaining access to your WordPress website might be difficult. 

Use your FTP credentials to SSH into the server

Most hosting providers will give you FTP access to your website. You can use those credentials to SSH into your server from a Terminal window without having access to the C-Panel. From there, you can either use the backdoor that most security plugins have to disable the WAF, or you can create a new admin user that will allow you to regain access to the website. 

				
					<a href="https://negativepid.blog/web-hosting-and-data-residency-in-europe/">ssh</a> user@hostname

The server will then ask you to insert the password and log you in.

How to use the WP-CLI To create a new Admin user

To create a new admin user in WordPress via SSH, you can use the WP-CLI (WordPress Command Line Interface), which is designed precisely for these tasks

1 – Ensure the CLI is installed. 

				
					wp --info

If it’s installed, you’ll see the WP-CLI version info. 

2 – Navigate to your WordPress root directory (when you SSH into a WordPress server, you would typically already be in /var/www/html). 

				
					cd path/to/your/wordpress

3 – Create a new admin user. 

				
					wp user create newadmin newadmin@example.com --role=administrator --user_pass=StrongPasswordHere

Replace: 

  • newadmin with your desired username
  • newadmin@example.com with a valid email
  • StrongPasswordHere with a secure password. 
  • Avoid using weak passwords or default usernames such as 'admin'. Always choose strong, unique ones.

4 – Confirm user creation.

				
					wp user list

This will show all users and their roles, including the new admin. If everything worked correctly, you can go back to your website login page and access it with your credentials as an administrator. 

List your plugins with WP-CLI

If you need to disable a plugin remotely, you can do that with WP-CLI. You can find your installed WordPress plugins in the following directory: 

				
					/wp-content/plugins/

# full path: 
/var/www/html/wp-content/plugins/

Each plugin has its own sub-directory. 

To list all the installed plugins: 

				
					ls -1 wp-content/plugins/

# Or if you are in a different directory: 

ls -1 /path/to/wordpress/wp-content/plugins/

From here, you will be able to remove or add files to the plugin that caused the issue. 

  • Follow the specific instructions provided by the plugin vendor in their documentation or support pages. These episodes are more frequent than you think and they usually provide a way to remediate them.
Back to blog
Share this post :