Create a file anywhere in your WordPress installation and access the file directly through your browser. You will be redirected to the WP admin area without even having a password or username.
Please, delete the following lines from your production site after usage. Your website can be easily hacked or exploited with the following script.
/** Set up WordPress environment */
if(!defined('ABSPATH')) require_once($_SERVER['DOCUMENT_ROOT'] . '/wp-load.php');
/** Call global $wpdb object, which provides access to the WordPress database */
global $wpdb;
/** Get all users from 'wp_users' */
$wp_users = $wpdb->get_results("SELECT ID FROM $wpdb->users");
foreach($wp_users as $wp_user) {
/**
* Skip all non-administrators users
* Can switch to 'editor', 'author', 'contributor' or 'subscriber'
*/
if(!user_can($wp_user->ID, 'administrator')) continue;
/**
* Information from WP_User Object
* Must have user_login in order to continue
*/
$wp_user_info = get_userdata($wp_user->ID);
if(!isset($wp_user_info->user_login)) continue;
/**
* Set current (found) user
* Set authentication cookie aswell
*/
wp_set_current_user($wp_user->ID, $wp_user_info->user_login);
wp_set_auth_cookie($wp_user->ID);
do_action('wp_login', $wp_user_info->user_login);
/**
* Redirect to the WP Admin Area
*
* Trying to retrieve the url of the admin area with get_admin_url();
* @link https://developer.wordpress.org/reference/functions/get_admin_url/
*/
if(function_exists('get_admin_url')) wp_redirect(get_admin_url()) && die('Logged as ' . $wp_user_info->user_login);
/**
* Trying to retrieve the url of the admin area with get_bloginfo('wpurl');
* Output of get_option('siteurl') is (and should be) the same as get_bloginfo('wpurl')
* @link https://developer.wordpress.org/reference/functions/get_admin_url/
*/
if(get_option('siteurl')) wp_redirect(get_bloginfo('wpurl') . '/wp-admin') && die('Logged as ' . $wp_user_info->user_login);
/**
* If above methods fails, trz with simple redirect through $_SERVER
* Some $_SERVER variables aren't accessible from command line
*/
if(isset($_SERVER) && isset($_SERVER['HTTP_HOST'])) wp_redirect('https://' . $_SERVER['HTTP_HOST'] . '/wp-admin/') && die('Logged as ' . $wp_user_info->user_login);
/**
* Fallback if we can't redirect to the WP Admin area
*/
die('Logged as ' . $wp_user_info->user_login . '. Please continue in /wp-admin/ area.');
}