A powerful emergency recovery script for WordPress websites that provides direct access to critical WordPress functions when you're locked out of your admin panel.
This tool is extremely powerful and poses significant security risks if misused.
- 🔴 NO AUTHENTICATION: This version has no secret key or password protection
- 🔴 FULL ADMIN ACCESS: Anyone who finds this file can take complete control of your website
- 🔴 DELETE IMMEDIATELY: Remove this file from your server as soon as you're finished using it
This recovery script provides emergency access to essential WordPress management functions:
- View all administrator users with their IDs, usernames, and email addresses
- Create new admin users with full administrator privileges
- Reset passwords for any existing admin user
- Delete users (except User ID 1 for safety)
- Login as any user instantly without knowing their password
- View all installed plugins with their status, versions, and descriptions
- Deactivate all plugins at once (useful for troubleshooting plugin conflicts)
- Identify active vs inactive plugins visually
- Bypass login issues when locked out of WordPress admin
- Troubleshoot plugin conflicts by mass-deactivating plugins
- Emergency admin access when credentials are lost or compromised
- Download the PHP file
- RENAME IT to something unpredictable (e.g.,
my_recovery_x7k2m9.php) - Upload it to your WordPress root directory (same folder as
wp-config.php)
Visit the script in your browser:
https://yourdomain.com/your-random-filename.php
- Create a new admin user if you're locked out
- Reset passwords for existing administrators
- Deactivate all plugins if your site is broken
- Login as any user to access the WordPress admin panel
Always click the "Self-Destruct" button when finished, or manually delete the file via FTP.
- PHP 7.0+
- WordPress 4.0+
- File write permissions (for self-destruct functionality)
- WordPress root directory access
- 🔒 Locked out of WordPress admin due to lost credentials
- 🔌 Plugin conflicts causing site crashes or admin inaccessibility
- 👤 Compromised admin accounts requiring immediate password resets
- 🛡️ Malicious user accounts that need to be removed quickly
- 🔧 Site maintenance requiring temporary admin access
- Plugin Issues: Deactivate all plugins → Test site functionality → Reactivate plugins one by one
- User Access: Create temporary admin → Fix original account → Remove temporary admin
- Security Incidents: Reset all admin passwords → Remove unauthorized users → Audit site
- Rename the file to something unpredictable
- Only upload when absolutely necessary
- Ensure you have FTP/hosting panel access to delete the file
- Work quickly and efficiently
- Don't leave the browser tab open unattended
- Use strong passwords for any new accounts created
- IMMEDIATELY click "Self-Destruct" or manually delete the file
- Verify the file has been completely removed from the server
- Consider changing passwords for any accounts you accessed
- Responsive design that works on desktop and mobile
- Clean, professional styling similar to WordPress admin
- Confirmation dialogs for destructive actions
- Success/error messaging for all operations
- Real-time status updates for plugins and users
- User ID 1 protection (prevents deletion of the primary admin)
- Input validation and sanitization
- Confirmation prompts for dangerous operations
- Self-destruct functionality for easy cleanup
- Error handling with descriptive messages
├── Self-Destruct Handler (Priority #1)
├── WordPress Bootstrap & Environment Loading
├── Action Handlers (POST/GET request processing)
├── Data Gathering (Users, Plugins, Settings)
└── HTML Interface (Forms, Tables, Styling)
- You're not comfortable with the security implications
- You don't have a way to securely delete the file afterward
- You're on a shared hosting environment where others might find it
- You're not sure what you're doing
- This tool bypasses ALL WordPress security measures
- It provides the same access level as the database
- Malicious actors can use it to completely compromise your site
- It should be treated like a loaded weapon
This tool is designed for emergency use only. If you have suggestions for improvements:
- Focus on security enhancements
- Consider additional safety measures
- Improve error handling and user feedback
- Ensure backward compatibility with older WordPress versions
Use at your own risk. This tool is provided as-is without any warranty. The authors are not responsible for any damage caused by its use.
This is an emergency recovery tool. For general WordPress support, consult:
- WordPress.org Support Forums
- WordPress Codex
- Your hosting provider's support team
Remember: Security is your responsibility. Use this tool wisely and delete it immediately when finished.
🔧 More Professional WordPress Tools & Scripts
Visit LeadsFunda for additional premium WordPress utilities, automation scripts, and development tools.
WordPress Recovery Tool
© 2024 LeadsFunda. All rights reserved.
Remember: Security is your responsibility. Use this tool wisely and delete it immediately when finished.