Losing access to your WordPress site is stressful enough, but it’s even more frustrating when the password reset email never arrives. This is a common issue for WordPress site owners, especially on hosting environments that don’t correctly support outgoing email or when SMTP is misconfigured. Fortunately, WordPress is flexible enough to allow you to regain access using secure file access, such as FTP or SFTP.
This guide walks you through a reliable method to restore admin access to WordPress by manually creating a new administrator account using your site’s functions.php file.
Why WordPress Password Reset Emails Sometimes Fail
WordPress relies on the wp_mail() function to send password reset links. By default, this uses the server’s built-in PHP mail() function. If your hosting server blocks or limits outbound mail, if you haven’t configured SMTP settings, or if your domain is misconfigured with SPF/DKIM records, your reset email may never arrive. The message could also be filtered into spam.
This becomes a major problem if you’re the only administrator and can’t log in.
The FTP/SFTP Solution: Creating a New Admin User via functions.php
If you have FTP or SFTP access to your server, you can restore administrative access by adding a snippet of PHP code to your theme’s functions.php file. This approach temporarily creates a new administrator account the next time the site loads.
Step-by-Step Instructions
- Connect to Your Website via FTP or SFTP: Use an FTP client to log in with your FTP credentials (usually provided by your host). Navigate to your WordPress installation directory.
- Locate Your Active Theme: Go to
/wp-content/themes/your-active-theme/(Replaceyour-active-themewith the directory name of the theme currently activated on your site). - Edit
functions.php: Download and open thefunctions.phpfile in a code editor. Scroll to the bottom and add this code block:
function emergency_admin_account() {
$username = 'emergencyadmin';
$password = 'SecurePass#2025!';
$email = 'admin@example.com';
if (!username_exists($username) && !email_exists($email)) {
$user_id = wp_create_user($username, $password, $email);
if (!is_wp_error($user_id)) {
$user = new WP_User($user_id);
$user->set_role('administrator');
}
}
}
add_action('init', 'emergency_admin_account');- Save and Upload: Save the file and re-upload it to the same directory, replacing the existing one.
functions.phpfile. - Trigger the Code: Visit your WordPress homepage (or any page on the site) in a browser. This loads the theme and executes the code, creating the new admin user.
- Log In: Go to your WordPress login page and log in using:
- Username:
emergencyadmin - Password:
SecurePass#2025!
- Username:
Once logged in, you’ll have full admin access again and can change your user admin password to what you’d like.
- Remove the Code: Immediately remove the code from
functions.phpafter logging in to prevent others from exploiting it. Delete the function you added, save the file, and then re-upload it.
Important Security Considerations
- Don’t reuse this code. It should only be used temporarily in emergencies.
- Choose a strong password. Use a secure, unique password and change it immediately after regaining access.
- Consider installing SMTP support. Use a plugin to properly configure email delivery and prevent this issue in the future.
- Keep multiple admin accounts. Having a secondary admin user helps avoid total lockouts.
Email issues shouldn’t prevent you from accessing your WordPress site. By editing the functions.php file via FTP or SFTP, you can safely regain admin access without needing to rely on password reset emails. While this workaround is not meant for regular use, it’s an effective recovery method when your email system fails and time is of the essence. Once you’re back in, prioritize setting up reliable email delivery and consider having a backup admin account as part of your site’s contingency plan.
Related Martech Zone Content
