I can not log in to my admin area of my blog to write or manage links and other necessary work, but can log-in to c/panel. Can anyone help me recover my password using the c/panel? I already tried to get the password using the email recovery, but failed. Please help. I dont know if it is the right place for this question. Please move this if not in right place.
- Go to PHPMYADMIN. - Open the table where the member data is present. - Look for your username. - Browse that username. - In the password field, put the new password and save it. As you login next, it should build up a new hash for you.
The wordpress user password is stored as md5 hash. Here is the hash for password "hello" "5d41402abc4b2a76b9719d911017c592" (without quotes). As flamer said, go to PHPMYADMIN, open your wordpress database, go to "wp_users" table, find the "admin" user, and set the "user_pass" column for this user to "5d41402abc4b2a76b9719d911017c592" (without quotes). This will reset the admin password to hello. Then login back via wordpress and change it to something more secure!
Messing around with hash is not a good thing. It is generated automatically again as the person logs in the next time. Every script has their own password hashing done which makes them safe from hackers.
Good thing or bad but the person had no way of logging in. My instructions should get them in, and he then could change his pass. One thing that I have realized after many years of working in various IT industries is that right or wrong is relative. Where one thing is right, in some other place it's wrong, therefore I just now do what works without thinking much if it's right or wrong. And this approach has made me wealthy, therefore it must be the right thinking and doing of things.
There is a difference between "good" and "bad" thing. There is also a difference between "right" and "wrong" thing.
Which engine are you using? Some examples of hashing formulas: $hash = md5($string.$salt); $hash = md5($string); When you make a password, that password is most commonly stored in db in md5. When you want to log in and type a password, script makes md5 of typed password using its own formula, and checks if stored md5 is same as given. If that is so - you are authorized. So, md5 in db must remain same, otherwise you can not log in. You must know which formula is used and make a good hash for your db.
Since this is the security forum, I'd just like to point out that it's always good practice to salt your hashes. Also, MD5 is on the way out. Anyone programming their own apps, try to switch over to a more secure hash.
Yeah, it was a surprise (or wasn't) to me that wordpress didn't salt their hashes. (reference: http://codex.wordpress.org/Resetting_Your_Password). I wouldn't recommend using wordpress at all actually. They are totally crappy.
I a beginner, need to learn so much from the expert and from other people experience, this case alert me to keep my security password somewhere offline.. thank
Thanks for the great help. I could recover the password using your advice. Thanks to "flamer" for help.