How to bypass wordpress login screen

Solution:1

Well, i could setup a script in the root of my site, that handles the automatic login of a user, when he clicks on the link in his email. The link has 2 parameters: his username and md5 string of his email.

For example, if the username is ‘sam‘ and his email is ‘samuel@example.com‘, the sample link in his email will be like:

http://www.example.com/user-login.php?username=sam&rand=ddb4b1cd8f56f9946b76399abb9d3106

Then finally the user-login.php script goes like this:

<?php
require_once ('wp-config.php');

if(isset($_GET['username']) && $_GET['username'] != '' && 
isset($_GET['rand']) && $_GET['rand'] != '')
{
    $username = trim($_GET['username']);
    $rand = trim($_GET['rand']);

    global $wpdb;
    $user_details = $wpdb->get_row("SELECT id, user_email FROM wp_users 
    WHERE user_login='".$username."'");

    if(! $user_details->id)
    {
        die("Error: Not a valid user");
    }
    else
    {
        $rand_email = md5($user_details->user_email);
        if($rand_email != $rand)
        {
            die("Error: Invalid URL");
        }
        else {
            $user = get_user_by('login', $username );

            if ( !is_wp_error( $user ) )
            {
                wp_clear_auth_cookie();
                wp_set_current_user ( $user->ID );
                wp_set_auth_cookie  ( $user->ID );
                $redirect_to = get_option('siteurl');
                wp_safe_redirect( $redirect_to );
                exit();
            }
        }
    }
}
else {
    die("Error: Missing params");
}
?>

This way, when the user clicks on the link in his email, he will be automatically logged in and navigates to the home page.

Thanks to Sjoerd Linders for providing me an insight in his answer.

Solution:2

For this, you need access to the FTP account of the website. You have to upload the scripts into the “/wp-contents/mu-plugins” folder. When the folder does not exist, create it.

Option 1: Disable password check

The first script here will disable the password check. You only need to enter a valid user name and press the Login button. As this is highly insecure on production sites, you should use this script with great care!

<?php
/**
*******************************************************************************
 * Log in with any password. You only need to know the username or email address.
 * 
 * How to use it:
 * 
 *  1. Save this code to wp-content/mu-plugins/auto-login.php
 *  2. Now go to wp-login.php and enter a valid username together with any 
 *     password. The password is not validated, only the username must exist.
 *  3. To disable this plugin again simply delete the file from mu-plugins.
*******************************************************************************
 */
add_filter( 'authenticate', 'nop_auto_login', 3, 10 );

function nop_auto_login( $user, $username, $password ) {
    if ( ! $user ) {
        $user = get_user_by( 'email', $username );
    }
    if ( ! $user ) {
        $user = get_user_by( 'login', $username );
    }

    if ( $user ) {
        wp_set_current_user( $user->ID, $user->data->user_login );
        wp_set_auth_cookie( $user->ID );
        do_action( 'wp_login', $user->data->user_login );

        wp_safe_redirect( admin_url() );
        exit;
    }
}

Option 2: Hardcoded master password

The second script here does a slightly different job: It requires a small change in wp-config.php where you define a custom login-name and password. The file also belongs into the “/wp-content/mu-plugins” folder. This enables you to use your hardcoded username and password to log in as the default sites administrator.

<?php
/**
 *******************************************************************************
 * MAL: Maintenance Auto-Login.
*******************************************************************************
 * Automatically logs you in as the first admin user found in the WordPress 
 * database.
 * 
 * How to use it:
 * 
 *  1. Add the following 2 lines to wp-config.php - adjust the values
 *     define( 'MAL_SECRET_USER', 'admin:auto' );
 *     define( 'MAL_SECRET_PASS', '****' );
 *  2. Save this code to wp-content/mu-plugins/auto-login.php
 *  3. Now you can login to WordPress by using the SECRET_USER / SECRET_PASS 
 *     combination. When using these credentials you will end up as admin user.
 *  4. To disable this plugin again comment out the 2 lines in wp-config.php
 *******************************************************************************
 */
if ( ! defined( 'ABSPATH' ) ) { die(); }

if ( defined( 'MAL_SECRET_USER' ) 
	&& defined( 'MAL_SECRET_PASS' ) 
	&& MAL_SECRET_USER 
	&& MAL_SECRET_PASS 
) {
	add_filter( 'authenticate', 'mal_auto_login', 3, 10 );
}
function mal_auto_login( $user, $username, $password ) {
	if ( MAL_SECRET_USER == $username && MAL_SECRET_PASS == $password ) {
		// Find an admin user ID.
		$user_id = mal_get_admin_user_id();
		if ( ! $user_id ) {
			wp_die( 'No admin user found' );
		}

		// Log in as admin user automatically.
		$user = get_user_by( 'id', $user_id );
		wp_set_current_user( $user_id, $user->data->user_login );
		wp_set_auth_cookie( $user_id );
		do_action( 'wp_login', $user->data->user_login );

		wp_safe_redirect( admin_url() );
		exit;
	}
}

function mal_get_admin_user_id() {
	global $wpdb;
	$sql = "
	SELECT u.ID
	FROM {$wpdb->users} u
	INNER JOIN {$wpdb->usermeta} m ON m.user_id = u.ID
	WHERE
		(m.meta_key = '{$wpdb->prefix}user_level' AND m.meta_value = 10)
		OR
		(m.meta_key = '{$wpdb->prefix}capabilities' AND m.meta_value LIKE '%\"administrator\"%')
	";
	$res = intval( $wpdb->get_var( $sql ) );
	return $res;
}