Skip to main content
WordPress made easy with the drag & drop Total WordPress Theme.Learn More

Automatic WordPress Admin Login in PHP

January 4, 2018

Today’s post is only going to be a short one in which I am going to show you how to install a neat little feature on your WordPress site. This, if used safely, can be very convenient. This is designed to be used on WordPress sites which offer a generic account for users to login to. For example, on many backend WordPress demos the author will create a ‘demo’ account for prospective customers to login as and play with his/her product. More often than not, the author will simply display a notice saying;

USERNAME: demo
PASSWORD: demo

This is a bit pedestrian. Surely we can make the demo look slightly more streamlined and professional? I will give you a quick snippet to automatically login to the WordPress admin with these credentials. This can either be dropped into your theme’s functions file, or can be put in its own plugin file and activated.

This could be useful if;

  • Your site has a generic account for anonymous users to login to.
  • You want a ‘one click’ login link.
  • You want to maximize product demo conversion by providing a quick and efficient pathway to the demo, minimizing required steps.
  • You want to direct visitors directly to the relevant location (eg. Settings page).

IMPORTANT: Never use this to login to accounts with real power; eg. Administrator/Editor accounts etc.
Use this snippet carefully.

Ok, so as I have done in my other tutorials, I’ll give you the complete, annotated code first so that those of you who aren’t fans of reading can get straight to experimenting with it. The following snippet has been styled in the form of a standalone plugin (my personal preference).

Harri Bell-Thomas on Github

/*
Plugin Name: Auto Login
Plugin URI: http://hbt.io/
Version: 1.0.0
Author: Harri Bell-Thomas
Author URI: http://hbt.io/
*/

function autologin() {
	// PARAMETER TO CHECK FOR
	if ($_GET['autologin'] == 'demo') {
		
		// ACCOUNT USERNAME TO LOGIN TO
		$creds['user_login'] = 'demo';
		
		// ACCOUNT PASSWORD TO USE
		$creds['user_password'] = 'demo';
		
		$creds['remember'] = true;
		$autologin_user = wp_signon( $creds, false );
		
		if ( !is_wp_error($autologin_user) ) 
			header('Location: wp-admin'); // LOCATION TO REDIRECT TO
	}
}
// ADD CODE JUST BEFORE HEADERS AND COOKIES ARE SENT
add_action( 'after_setup_theme', 'autologin' );

USAGE

This is very simple to use. The account username and password are specified in the plugin file (code above), and to login you simply need to visit; http://example.com/wp-login.php?autologin=demo

You should immediately be redirected to wp-admin, logged into the account specified. If the credentials are wrong though, you should just see the login form as is normal.

CUSTOMIZE

This snippet is very easy to customise. There are essentially only 3 things you will need to edit, and all these changes are to made in the following code block (lines 11 to 17 of the complete code)

if ($_GET['login'] == 'dummy_account') {

        // ACCOUNT USERNAME TO LOGIN TO
        $creds['user_login'] = 'dummy';

        // ACCOUNT PASSWORD TO USE
        $creds['user_password'] = 'pa55word';

On the first line you will see the conditional checking for the URL parameter. The above code block will be checking for; wp-login.php?login=dummy_account

These values can be whatever you want, but be careful to avoid original WordPress parameters such as ‘loggedout’, ‘action’ and ‘redirect_to’. Line 4 is where you specify the username to login with; the customized code snippet will try to login to the ‘dummy’ account. As you can probably guess, line 7 is where you specify the password. The above password is ‘pa55word’. Fill these values out and you should be good to go!

EXTENSIONS

At the moment our snippet is only set up for auto-logging in to one account. What if we want different login links for different accounts? This is quite quick and easy to do and doesn’t require you to repeat the whole snippet again and again. Have a look below at my solution.

/*
Plugin Name: Auto Login
Plugin URI: http://hbt.io/
Description: Create convenient auto-login links to quickly login to generic accounts. Configure source code to make changes.
Version: 1.0.0
Author: Harri Bell-Thomas
Author URI: http://hbt.io/
*/

// Declare global var's
global $login_parameter, $accounts;

// THE PARAMETER TO CHECK FOR
// eg. http://exmaple.com/wp-login.php?param_name=account
$login_parameter = "autologin";

// ACCOUNT CODE BLOCK
$accounts[] = array(
				"user" => "demo",
				"pass" => "demo",
				"location" => "wp-admin",
			  );
// END ACCOUNT CODE BLOCK

// EDIT AND REPEAT CODE BLOCK FOR AS MANY ACCOUNTS AS NEEDED

// Another example iteration
$accounts[] = array(
				"user" => "tcwp",
				"pass" => "demo",
				"location" => "wp-admin/?tcwp-sent-me",
			  );


// SEE PREVIOUS EXAMPLE FOR DETAILS ABOUT THIS FUNCTION
function autologin() {
	global $login_parameter, $accounts;
	foreach ($accounts as $account) {
		if ($_GET[$login_parameter] == $account['user']) {
			$creds['user_login'] = $account['user'];
			$creds['user_password'] = $account['pass'];
			$creds['remember'] = true;
			$autologin_user = wp_signon( $creds, false );
			if ( !is_wp_error($autologin_user) ) 
				header('Location: ' . $account['location']); 
		}
	}
}
add_action( 'after_setup_theme', 'autologin' );

At its core this is essentially the same, but with a cheeky foreach loop plus accounts array thrown in as well. The anatomy of the autologin() function is identical, except for the fact its code is repeated (using the foreach loop) for each account. All relevant details are now stored in the global array. The above example is set up for 2 accounts, but our snippet can accommodate for as many as we need. To add additional accounts simply customise and add as many of the following code blocks as you need.

// ACCOUNT CODE BLOCK
$accounts[] = array(
				"user" => "anotheraccount",
				"pass" => "public_password",
				"location" => "http://YouCanPutURLsHereToo.com/",
			  );
// END ACCOUNT CODE BLOCK

You will also notice I have moved the parameter name to a global variable as well: this is not necessary, but I did so simply to remove all hard coded values from the autologin() function.

CONCLUSION

This snippet is only a simple function designed for lightweight usage, such as on a product demo site, but does have the potential to be used for much more complex login scenarios. The rest of the code should be pretty self-explanatory, but if you have any questions about what I’ve done, or why I have done it, just leave a comment below or tweet me. If you have any feedback/suggestions/ideas leave a comment in the comment section below!

Article by Harri Bell-Thomas WPExplorer Author
Published on: April 18, 2014
Last updated on: January 4, 2018
Subscribe to the Newsletter

Get our latest news, tutorials, guides, tips & deals delivered to your inbox.

20 Comments

  1. Dewie O'Connor says:

    Great post, Harri! Thanks for sharing!

  2. Nick DerAvedissian says:

    I love this code. I have a suggestion for the plugin version of the code. It would be great if there was an option screen in the backsite to set the usernames and passwords, as oppose to editing the code directly. I will be using this in my upcoming theme shop.

    Thanks.

  3. Mikki says:

    First of all thanks for sharing this stuff. This snippet seems to be exactly what I’m looking for, however, I’ve problems to include it in my settings.

    I have an own WP-site totally password-protected with a plugin. Now I want to embed this site via iframe in another own WP-site (for to hide the URL of the protected site and to avoid data grabbing from the protected site).
    Your snippet seems to be THE solution because I’d just embed the AutoLogin-URL to open the protected site in an iframe.

    I tried it by including the adapted php-file via FTP in the plugin folder and in all other folders available but didn’t succeed. The snippet URL just reaches the login window and doesn’t go ahead.

    I’d appreciate any idea what I’m doing wrong.

  4. Subin Psz says:

    Great Plugin!!

    Unfortunately it is not redirecting to “location” => “wp-admin”, after login
    could you help me to fix this?

    • Harri Bell-Thomas says:

      Hello there and thanks!

      I’ve just tried out the code and it’s working for me on WP 3.9.2. What version are you using? Is there anything else (like plugins) that may be affecting login functionality?

  5. Subin Psz says:

    Bell,

    It was a plugin conflict, Just deactivated “Theme My Login” plugin and everything is working well.

    Thank you

  6. john Dyer says:

    I entered code into functions.php file and it is working to redirect to wp-admin page. Problem is, it seems to not be remembering the login credentials as if I try to got to another page besides the admin page, I am no longer logged in. I added the line $creds[‘remember’] = true;
    What I’m looking for is to be able to redirect a user to a specific page that only logged in users can see and not take them to the admin section. When I tried this, it redirected to the page I wanted but I was no longer logged in. Is there a line missing somewhere to keep the user logged in

    Thanks

    • AJ Clarke says:

      This posts shows you how to auto-login a user. If all you want to do is redirect a user then just create a simple function to check if a user is logged in then use wp_redirect() to redirect that user. You can also add in a conditional to check if you are in the admin (is_admin()) and if so redirect the user.

  7. Andrew Balerdi says:

    Hi guys, trying to use the code above to login multiple users to wp from an external link. I have copied the code above, from the EXTENSIONS section, and it keeps crashing my site. is there a bracket missing or anything else we should know? Any help is much appreciated.

    • AJ Clarke says:

      Hi Andrew. You should enable WP_DEBUG on your server so you can see what the error is that would make it a lot easier to find and fix the problem.

  8. Andrew Balerdi says:

    Hi Harri, great post, I was wondering how you would get one login link to auto-login multiple accounts? Is this even possible? Would the URL string have to contain the login param?

  9. Orwell says:

    Nice Code snippet.

    Is it possible to use it in a way to “autologin” to protected pages via provided link (i.e. in email) , and not to login into the “whole” WP?

    Greetz,
    Orwell

    • Harri Bell-Thomas says:

      Hi Orwell,

      Yes, that kind of thing is possible, but I would strongly deter you from using the approach I’ve described above for that purpose; you’ll need much stronger validation.

      Harri

  10. Vitor says:

    Hello.
    It is possible to perform an integration of WHMCS with WordPress?

  11. Vitor says:

    Integrating what I say is this: The person accesses your account WHMCS, go products, and there will be a button to click it and log into your WordPress account.

    Thank you 🙂

  12. We Design LA says:

    Love the code and the single login works great. When using the multiple account extension you showed, I get an error and with debugger turned on it points to line 40 and says there is a “Notice: Undefined index:”

    Any thoughts? Would love to get that extension version working.

    Thanks and again great plugin!

    • AJ Clarke says:

      Undefined index is an issue with an array missing a value. Have you tried re-saving the plugin settings or leaving a comment for the plugin developers so they can fix the bug?

  13. Kevin says:

    Is this still working in WordPress 4.9.1?

    • AJ Clarke says:

      The code should, are you getting any particular error message or it’s just not working for you? The live demo link is no longer active so I just updated the post to remove it 😉

Leave a Reply

Your email address will not be published. Required fields are marked *