When attacking WordPress websites, guessing usernames and passwords is still a commonly used method to gain access to a WordPress back-end. It goes without saying, that using easy to guess passwords like ‘12345’ or ‘Welcome2022’ will make it really easy for attackers to login to your administrator account.
The same goes for usernames; using easy to guess usernames like ‘Admin’ will make it too easy for attackers. This is why Really Simple SSL allows you to prevent usage of the ‘Admin’ username. If there is already a user registered with the username ‘Admin’, you can automatically change this username into a more secure username.
Unfortunately, we have seen Really Simple SSL users activating this functionality without knowing which email address they used to register their ‘Admin’ user to the site. As currently the new username will be randomized, this can cause you to be logged out without knowing a username or email address to login again. This is why we created the solution below.
Creating a temporary Administrator user to regain access to your backend
If we can create a new Administrator user, we will be able to look for the email address for your ‘Admin’ account. In order to do this, you will need access to your site via FTP or a File Manager tool. You should be able to find FTP credentials or a File Manager via your hosting Dashboard or cPanel/DirectAdmin environment. After you have collected these credentials, please follow the steps below.
- Download our users.php file via GitHub.
- Open the users.php file using any Text Editor or tool such as PHPStorm/Atom, and enter the desired username, email address and password for your new (temporary) administrator user.
- After saving the users.php file, login to your FTP client or File Manager tool and place the file in the root folder of your WordPress website (the folder which contains /wp-content, /wp-admin, etc.). Keep your FTP Client or file manager window open.
- User your Browser, visit your website /users.php (eg. https://example.com/users.php). This will run the script and create the user with the provided credentials.
- Important: After using the users.php solution, immediately delete this file from the root folder, to prevent anyone else from creating an Administrator user for your site :-).
- You can now login with your new Administrator user to search for the username or email address used for your renamed ‘Admin’ user.
We will be updating the rename Admin user functionality with more failsafes to prevent our users from locking themselves out. If you need any assistance in regaining access to your WordPress website, please feel free to open a support ticket.