cc licensed ( BY NC SA ) flickr photo shared by amanda tipton

Understanding some of the database structure of wordpress can help you out of some jams. Ot maybe make some new ones.

I had a recent situation that may never happen for someone else, but knowing something about the way WordPress stories user account information shortcutted a problem.

The situation is a client who hired me to move their web site, and help create a new design. The first part has taken much longer than expected because the person who managed the site was rather… tightfisted with control. The ftp information provided never worked. The client who the site belonged to did not even have admin access to their own site, so they could not even make me an admin account. But I was provided the login to phpMyAdmin.

And that is all I needed.

The basic thing I was able to do was (a) change the client’s account so it would be full admin; (b) temporarily change the client’s password to one I knew so I could log into the site (I strongly encourage clients not to send my their password); (c) made myself an admin account; and (d) revert the client’s password.

What I did first was log into phpMyAdmin for one of my own web sites; in the wp_users table, I found the encrypted string for my password, and made note of my userid, say 3 (the key that identifies each user, an integer). I then looked in the wp_usermeta table, and found the rows associated with my userid, looking for the values of wp_user_level and wp_capabilities. So I made some notes:

This lets me know what I need to change in the other blog to make the client’s login to be admin. Let’s say the client’s username is “batman”– in their site’s phpMyAdmin, I go to wp_users to find this account. Let’s say the user_d is 4. Make a note of that. I then copy batman’s current password (so I can restore it later), and paste in the string for the password I know (from my own blog).

Boom. I will be able to log in to batman’s account. Let me say that there is another way to generate the encrypted password. I can select “MD5” from the function menu, and enter the password I want to use- when it says, phpMyAdmin will convert that password to the encrypted string.

passwording mysql

I then go to the wp_usermeta table in Batman’s blog, and find the data for user_id=4. I note that it has these values

confirming that Batman only has editing privileges to their own blog. I change those values to the ones I copied from my own admin account.

Boom. I can now log in to Batman’s site, and confirm that they are now a full admin. I create a wordpress admin account for myself.

I can then go back to the database, and revert Batman’s password to what it was before.

All’s’ fair in love and databases.

This is just the beginning. For advanced level, see if you can understand the way wp_terms, wp_term_taxonomy, and wp_term_relationships work to manage tags and categories. Then tell me (just kidding, I know) (I think).

If this kind of stuff has value, please support me by tossing a one time PayPal kibble or monthly on Patreon
Profile Picture for Alan Levine aka CogDog
An early 90s builder of the web and blogging Alan Levine barks at on web storytelling (#ds106 #4life), photography, bending WordPress, and serendipity in the infinite internet river. He thinks it's weird to write about himself in the third person.

Leave a Reply

Your email address will not be published. Required fields are marked *