Automatic WordPress Admin Login in PHP
Today’s post is only going to be a short one in which I am going to show you how to install a neat little feature on your WordPress site. This, if used safely, can be very convenient. This is designed to be used on WordPress sites which offer a generic account for users to login to. For example, on many backend WordPress demos the author will create a ‘demo’ account for prospective customers to login as and play with his/her product. More often than not, the author will simply display a notice saying;
USERNAME: demo
PASSWORD: demo
This is a bit pedestrian. Surely we can make the demo look slightly more streamlined and professional? I will give you a quick snippet to automatically login to the WordPress admin with these credentials. This can either be dropped into your theme’s functions file, or can be put in its own plugin file and activated.
This could be useful if;
- Your site has a generic account for anonymous users to login to.
- You want a ‘one click’ login link.
- You want to maximize product demo conversion by providing a quick and efficient pathway to the demo, minimizing required steps.
- You want to direct visitors directly to the relevant location (eg. Settings page).
IMPORTANT: Never use this to login to accounts with real power; eg. Administrator/Editor accounts etc.
Use this snippet carefully.
Ok, so as I have done in my other tutorials, I’ll give you the complete, annotated code first so that those of you who aren’t fans of reading can get straight to experimenting with it. The following snippet has been styled in the form of a standalone plugin (my personal preference).
/*
Plugin Name: Auto Login
Plugin URI: http://hbt.io/
Version: 1.0.0
Author: Harri Bell-Thomas
Author URI: http://hbt.io/
*/
function autologin() {
// PARAMETER TO CHECK FOR
if ($_GET['autologin'] == 'demo') {
// ACCOUNT USERNAME TO LOGIN TO
$creds['user_login'] = 'demo';
// ACCOUNT PASSWORD TO USE
$creds['user_password'] = 'demo';
$creds['remember'] = true;
$autologin_user = wp_signon( $creds, false );
if ( !is_wp_error($autologin_user) )
header('Location: wp-admin'); // LOCATION TO REDIRECT TO
}
}
// ADD CODE JUST BEFORE HEADERS AND COOKIES ARE SENT
add_action( 'after_setup_theme', 'autologin' );
USAGE
This is very simple to use. The account username and password are specified in the plugin file (code above), and to login you simply need to visit; https://example.com/wp-login.php?autologin=demo
You should immediately be redirected to wp-admin, logged into the account specified. If the credentials are wrong though, you should just see the login form as is normal.
CUSTOMIZE
This snippet is very easy to customise. There are essentially only 3 things you will need to edit, and all these changes are to made in the following code block (lines 11 to 17 of the complete code)
if ($_GET['login'] == 'dummy_account') {
// ACCOUNT USERNAME TO LOGIN TO
$creds['user_login'] = 'dummy';
// ACCOUNT PASSWORD TO USE
$creds['user_password'] = 'pa55word';
On the first line you will see the conditional checking for the URL parameter. The above code block will be checking for; wp-login.php?login=dummy_account
These values can be whatever you want, but be careful to avoid original WordPress parameters such as ‘loggedout’, ‘action’ and ‘redirect_to’. Line 4 is where you specify the username to login with; the customized code snippet will try to login to the ‘dummy’ account. As you can probably guess, line 7 is where you specify the password. The above password is ‘pa55word’. Fill these values out and you should be good to go!
EXTENSIONS
At the moment our snippet is only set up for auto-logging in to one account. What if we want different login links for different accounts? This is quite quick and easy to do and doesn’t require you to repeat the whole snippet again and again. Have a look below at my solution.
/*
Plugin Name: Auto Login
Plugin URI: http://hbt.io/
Description: Create convenient auto-login links to quickly login to generic accounts. Configure source code to make changes.
Version: 1.0.0
Author: Harri Bell-Thomas
Author URI: http://hbt.io/
*/
// Declare global var's
global $login_parameter, $accounts;
// THE PARAMETER TO CHECK FOR
// eg. http://exmaple.com/wp-login.php?param_name=account
$login_parameter = "autologin";
// ACCOUNT CODE BLOCK
$accounts[] = array(
"user" => "demo",
"pass" => "demo",
"location" => "wp-admin",
);
// END ACCOUNT CODE BLOCK
// EDIT AND REPEAT CODE BLOCK FOR AS MANY ACCOUNTS AS NEEDED
// Another example iteration
$accounts[] = array(
"user" => "tcwp",
"pass" => "demo",
"location" => "wp-admin/?tcwp-sent-me",
);
// SEE PREVIOUS EXAMPLE FOR DETAILS ABOUT THIS FUNCTION
function autologin() {
global $login_parameter, $accounts;
foreach ($accounts as $account) {
if ($_GET[$login_parameter] == $account['user']) {
$creds['user_login'] = $account['user'];
$creds['user_password'] = $account['pass'];
$creds['remember'] = true;
$autologin_user = wp_signon( $creds, false );
if ( !is_wp_error($autologin_user) )
header('Location: ' . $account['location']);
}
}
}
add_action( 'after_setup_theme', 'autologin' );
At its core this is essentially the same, but with a cheeky foreach loop plus accounts array thrown in as well. The anatomy of the autologin() function is identical, except for the fact its code is repeated (using the foreach loop) for each account. All relevant details are now stored in the global array. The above example is set up for 2 accounts, but our snippet can accommodate for as many as we need. To add additional accounts simply customise and add as many of the following code blocks as you need.
// ACCOUNT CODE BLOCK
$accounts[] = array(
"user" => "anotheraccount",
"pass" => "public_password",
"location" => "http://YouCanPutURLsHereToo.com/",
);
// END ACCOUNT CODE BLOCK
You will also notice I have moved the parameter name to a global variable as well: this is not necessary, but I did so simply to remove all hard coded values from the autologin() function.
CONCLUSION
This snippet is only a simple function designed for lightweight usage, such as on a product demo site, but does have the potential to be used for much more complex login scenarios. The rest of the code should be pretty self-explanatory, but if you have any questions about what I’ve done, or why I have done it, just leave a comment below or tweet me. If you have any feedback/suggestions/ideas leave a comment in the comment section below!
Great post, Harri! Thanks for sharing!
I love this code. I have a suggestion for the plugin version of the code. It would be great if there was an option screen in the backsite to set the usernames and passwords, as oppose to editing the code directly. I will be using this in my upcoming theme shop.
Thanks.
First of all thanks for sharing this stuff. This snippet seems to be exactly what I’m looking for, however, I’ve problems to include it in my settings.
I have an own WP-site totally password-protected with a plugin. Now I want to embed this site via iframe in another own WP-site (for to hide the URL of the protected site and to avoid data grabbing from the protected site).
Your snippet seems to be THE solution because I’d just embed the AutoLogin-URL to open the protected site in an iframe.
I tried it by including the adapted php-file via FTP in the plugin folder and in all other folders available but didn’t succeed. The snippet URL just reaches the login window and doesn’t go ahead.
I’d appreciate any idea what I’m doing wrong.
Great Plugin!!
Unfortunately it is not redirecting to “location” => “wp-admin”, after login
could you help me to fix this?
Hello there and thanks!
I’ve just tried out the code and it’s working for me on WP 3.9.2. What version are you using? Is there anything else (like plugins) that may be affecting login functionality?
Bell,
It was a plugin conflict, Just deactivated “Theme My Login” plugin and everything is working well.
Thank you
I entered code into functions.php file and it is working to redirect to wp-admin page. Problem is, it seems to not be remembering the login credentials as if I try to got to another page besides the admin page, I am no longer logged in. I added the line $creds[‘remember’] = true;
What I’m looking for is to be able to redirect a user to a specific page that only logged in users can see and not take them to the admin section. When I tried this, it redirected to the page I wanted but I was no longer logged in. Is there a line missing somewhere to keep the user logged in
Thanks
This posts shows you how to auto-login a user. If all you want to do is redirect a user then just create a simple function to check if a user is logged in then use wp_redirect() to redirect that user. You can also add in a conditional to check if you are in the admin (is_admin()) and if so redirect the user.
Hi guys, trying to use the code above to login multiple users to wp from an external link. I have copied the code above, from the EXTENSIONS section, and it keeps crashing my site. is there a bracket missing or anything else we should know? Any help is much appreciated.
Hi Andrew. You should enable WP_DEBUG on your server so you can see what the error is that would make it a lot easier to find and fix the problem.
Hi Harri, great post, I was wondering how you would get one login link to auto-login multiple accounts? Is this even possible? Would the URL string have to contain the login param?
Nice Code snippet.
Is it possible to use it in a way to “autologin” to protected pages via provided link (i.e. in email) , and not to login into the “whole” WP?
Greetz,
Orwell
Hi Orwell,
Yes, that kind of thing is possible, but I would strongly deter you from using the approach I’ve described above for that purpose; you’ll need much stronger validation.
Harri
Hello.
It is possible to perform an integration of WHMCS with WordPress?
Yes! You just need to add a plugin ๐ The free WHMCS Bridge plugin has good ratings, or if you’re looking for a plugin with good support & lots of features the WHMpress plugin also seems pretty good ๐
Integrating what I say is this: The person accesses your account WHMCS, go products, and there will be a button to click it and log into your WordPress account.
Thank you ๐
Love the code and the single login works great. When using the multiple account extension you showed, I get an error and with debugger turned on it points to line 40 and says there is a “Notice: Undefined index:”
Any thoughts? Would love to get that extension version working.
Thanks and again great plugin!
Undefined index is an issue with an array missing a value. Have you tried re-saving the plugin settings or leaving a comment for the plugin developers so they can fix the bug?
Is this still working in WordPress 4.9.1?
The code should, are you getting any particular error message or it’s just not working for you? The live demo link is no longer active so I just updated the post to remove it ๐
Good code and worked well on a site for months until we installed a certificate and now the site is https .
Any idea for a way around this?
Keith
Hi Keith,
It should be working fine with https, did you edit your code already to use https for your location if using absolute URL’s?
I was given a site where the login link gives a 503 error. It could be hidden or blocked. Would this plugin work? If not what can I do?
I would checkout our article on WordPress 500 errors. A 503 is typically the result of your server being unable to get a PHP response – this could be from a server glitch, a plugin or theme issue, custom code error, or even a DDoS attack. To troubleshoot this I would suggest disabling each plugin you have installed one at a time and log out then try to log back in to see if one of them is causing the error. If that’s not the cause, try switching to a different theme. But you may need to reach out to your hosting company for help (especially if you can’t login). Best of luck!