Automatically log into wordpress via curl

Bash/Cron: Automatically Log Into WordPress via cURL/wget!

Being able to automate menial tasks inside your WordPress admin area, for example, pressing a button once a day via a cron job, is extremely helpful to say the least.

For this example, I will use my example of a plugin made for Shipwire that wasn’t updating inventory and tracking as it was supposed to automatically.

1
curl --data "log=ADMIN&pwd=PASSWORD" https://DOMAIN.COM/wp-login.php -c wpcookie.txt

Line 1 cURLs the WordPress login page and gets a session cookie and saves it (-c) as wpcookie.txt

Line 2 cURLs the WordPress login page again but posting two PHP parameters (–data), the first one log (WordPress username) and pwd (WordPress password) and saves the cookie.

I made a separate user for this, specifically with shop manager role.

You now have a file called wpcookie.txt that is a logged in user and can do anything on the site.

This is such a powerful way to enhance your website – you can use it to do pretty much anything.

Here are some examples of real word usage I am currently using this for:

Shipwire by Skyverge was not updating shipping numbers automatically. I could manually log in and press the Update Tracking button every day… or I could run a cron job every 6 hours to automate this process.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
#!/bin/bash
#
# navigate to a private working directory.
cd /home/admin/web/DOMAIN.COM/private/

# get an admin session cookie
curl --data "log=USERNAME&pwd=PASSWORD" https://DOMAIN.COM/wp-login.php -c wpcookie.txt

# press the shipwire update
curl "https://DOMAIN.COM/wp-admin/admin.php?page=wc-settings&tab=shipwire&section=log&action=update_tracking" -b wpcookie.txt

# remove the cookie
rm -f wpcookie.txt

# exit the bash script
exit

UPDATE: Even better one liner of the above for the cron tab

1
curl --data "log=USERNAME&pwd=PASSWORD" https://DOMAIN.COM/wp-login.php -c wpcookie.txt && curl "https://DOMAIN.COM/wp-admin/admin.php?page=wc-settings&tab=shipwire&section=log&action=update_tracking" -b wpcookie.txt

To do things with it, copy the URL of whatever you need pressed, or if it’s a button without a URL, press F12, open the Network tab, press the target button and then copy the GET request as a cURL or just the URL.

Leave a Reply

Your email address will not be published. Required fields are marked *