Locked Out of WordPress? How to Add an Admin User via SQL

If you're locked out of WordPress and the lost password link isn't working, don't panic. You can add a brand new administrator account directly to your database using SQL, no access to the front-end or email required. It's a bit technical, but it's a well-established method and perfectly doable if you follow the steps carefully.

Key takeaways

• You can create a new WordPress admin account by running three SQL INSERT statements in your database.
• Always take a full database backup before running any SQL commands.
• The password you set via SQL will be stored as plain text, so change it immediately after logging in.
• You'll run the commands through phpMyAdmin, which is available in most hosting control panels.
• Once you're back in, update the new account with a strong password and fill in the email address.

---

Before You Touch Anything, Back Up Your Database

Running SQL commands directly on your WordPress database is powerful, and that cuts both ways. One wrong query and you could corrupt user data or break your site entirely. So before you do anything else, take a complete backup of your WordPress database. Most hosting control panels let you export the whole database from phpMyAdmin in a couple of clicks. Do it. It takes two minutes and could save you hours of grief.

---

The SQL You Need to Run

You'll need to run three separate INSERT statements. Together, they create a new user in the wp_users table and give that user full administrator permissions via the wp_usermeta table.

Here they are:

INSERT INTO wp_users (ID, user_login, user_pass, user_nicename, user_email, user_url, user_registered, user_activation_key, user_status, display_name)
VALUES (340, 'YOURUSERNAME', 'ANYPASS', 'webdev', '', '', NOW(), '', 0, 'YOURUSERNAME');

INSERT INTO wp_usermeta (user_id, meta_key, meta_value)
VALUES (340, 'wp_capabilities', 'a:1:{s:13:"administrator";b:1;}');

INSERT INTO wp_usermeta (user_id, meta_key, meta_value)
VALUES (340, 'wp_user_level', '10');

Before you run these, replace the placeholder values with your own (more on what each bit means below).

---

What Each Part of the SQL Actually Does

The first INSERT, creating the user

This adds a new row to the wp_users table, which holds the core details of every user on your site. Here's what the values mean:

Value	What it sets
340	The user ID. Must be a whole number not already used by another user. Check your existing IDs first and pick one that's free.
'YOURUSERNAME'	The login name for your new account. Replace with whatever username you want.
'ANYPASS'	A temporary password. Important: this is stored as plain text, so treat it as a throwaway and change it the moment you're logged in.
'webdev'	The user's "nicename", a URL-friendly version of the login. You can change this if you like.
'', ''	Email address and website URL, left blank for now.
NOW()	Automatically sets the registration timestamp to right now.
''	The activation key, used for new sign-up flows. Leave it blank here.
0	Sets the user status to active and not spam.
'YOURUSERNAME'	The display name shown on the front end. Replace this with the same username, or anything you prefer.

The second INSERT, setting admin capabilities

This adds a row to the wp_usermeta table with the meta key wp_capabilities and the value a:1:{s:13:"administrator";b:1;}. That serialised string is how WordPress knows this user is an administrator with full site access.

The third INSERT, setting the user level

This adds another row to wp_usermeta with the meta key wp_user_level and the value 10. WordPress uses this to confirm administrator-level access.

Both the second and third statements use the same user ID (340) as the first, so WordPress knows all three rows belong to the same account.

---

How to Run the SQL in phpMyAdmin

phpMyAdmin is the database management tool bundled with most hosting control panels. Here's how to use it:

1. Log into your hosting control panel and find the link to phpMyAdmin.
2. Open phpMyAdmin and select your WordPress database from the list on the left. It's usually named after your site or your hosting account.
3. Click the SQL tab at the top of the screen.
4. Copy all three INSERT statements and paste them into the query box.
5. Replace YOURUSERNAME (in both places), ANYPASS, and the ID 340 with your chosen values. Make sure the ID isn't already taken by checking the existing rows in the wp_users table.
6. Click Go or Run.

If the queries run without errors, you'll see a confirmation message. If you get an error about a duplicate ID, it means the number 340 is already in use, just pick a different number and try again.

---

Logging In and Securing the Account

Head to yourwebsite.com/wp-admin and log in with the username and temporary password you just created. If everything worked, you'll land straight in the WordPress dashboard with full admin access.

Now do this immediately:

1. Go to Users in the WordPress admin menu.
2. Find the new user you just created and click Edit.
3. Scroll down to the password section and set a strong, unique password. WordPress will hash and encrypt it properly when you save.
4. Fill in the email address for the account.
5. Save the changes.

The reason this step is urgent is that the password you typed into the SQL command is sitting in your database as plain text until WordPress overwrites it. Get it changed before anything else.

---

A Note on Table Prefixes

The SQL above uses the default WordPress table prefix wp_. If your WordPress installation was set up with a custom prefix (for example, site_ instead of wp_), the table names will be different, site_users and site_usermeta instead of wp_users and wp_usermeta. You can check your actual prefix by looking at the table names listed in phpMyAdmin, or by checking the $table_prefix value in your wp-config.php file. Make sure the table names in your SQL match what's actually in your database.

---

When This Is the Right Approach

This method is specifically for situations where the standard lost password flow has broken down, perhaps the site isn't sending emails, the admin email address has changed, or there's a plugin conflict blocking the login page. If your site is working normally, the built-in lost password feature is always the simpler route.

For ongoing access issues, email delivery problems, or login security concerns, our website maintenance service covers exactly this kind of thing. And if you'd rather have a developer handle the database access safely, our WordPress development team can sort it without you needing to touch a single SQL query.

---

Get Back In Without the Stress

Being locked out of your own site is frustrating, but it's fixable. The SQL method above is reliable when you follow the steps carefully, back up first, and change that temporary password the moment you're in. If you'd rather not risk it yourself, get in touch with us and we'll have you back in your dashboard without the worry.