How to Add a Joomla Super User from phpMyAdmin

Ever since the elevated permissions (or elevated privileges) exploit in Joomla versions less than 3.6.5 was made public, we are seeing weird things happening to the #__users table on hacked Joomla websites. These weird things can be any (or all) of the following:

  • The usernames of all the users are changed to admin.
  • All super users are deleted.

  • New super users are created.

In this post, we will address the second problem – when all super users are deleted. We will explain how to create a super user from scratch using phpMyAdmin:

  • Login to phpMyAdmin.
  • Select the database that is used for your Joomla website. You can know which database is used on your Joomla website by checking the $db value in the configuration.php file.

  • Click on the SQL tab, and then run the following queries (replace #__ with your database prefix, which is the value of the $dbprefix variable that can be found in your configuration.php file):

    INSERT INTO `#__users` (`id`, `name`, `username`, `email`, `password`, `block`, `sendEmail`, `registerDate`, `lastvisitDate`, `activation`, `params`, `lastResetTime`, `resetCount`, `otpKey`, `otep`, `requireReset`) VALUES (1000000, 'tempsuperuser', 'tempsuperuser', 'youremail@yourjoomlawebsite.com', MD5('temppassword'), '0', '0', '0000-00-00 00:00:00', '0000-00-00 00:00:00', '', '', '0000-00-00 00:00:00', '0', '', '', '0');

    INSERT INTO `#__user_usergroup_map` (`user_id`, `group_id`) VALUES ('1000000', '8');

  • That’s it! You should now be able to login to your Joomla website as super user using the username tempsuperuser and the password temppassword. Try it!

Does the above guide guarantees that the super user won’t be deleted in the future?

No – it just recreates a super user from scratch. If you see weird activity in your #__users table, then most likely your website is hacked/vulnerable and it is very possible that you will see the same issue in the future. You will need to update your Joomla website to the latest version, ensure that your extensions are all up-to-date, and follow our important Joomla tips here.

If the above guide is a bit over your head, or if you need help in securing your website, then please contact us. We are always here to help, we work 24/7/365, our fees are super affordable, and we are the friendliest Joomla developers on this planet (and many other uninhabited planets)!

No comments yet.

Leave a comment