Friday, January 13, 2012

How to recover a lost WordPress admin password

Recently I lost one of my WordPress site's admin password which i don't have access to the email associated with the account. After scratching my head for few mins, I found a way to reset the admin password of WordPress 3.3.1

So I thought sharing it will save some of your valuable time. So let's start.

Note: you need to have access to the WordPress database in order to complete this successfully.

First thing "WordPress stopped using plan md5() hashing to store passwords! From WP 2.7 (correct me if I'm wrong :) ) they moved to Openwall's phpass to encrypt and validate passwords"

So replacing your hashed password with a new md5() hash string won't work with new WordPress installations.

The easy way...
If you forgot your admin password and don't have access to the email associated with the account.

Note: Your WordPress installation should be able to send emails out in order to reset your password in this way. In most cases local installations of WordPress won’t be able to send emails Eg: WordPress sites installed on WAMP
If your WordPress installation can’t send emails out try the next method to get your admin password reset.
  1. Login to your WordPress database using one of your favorite database management systems. (I use phpMyAdmin)
  2. Select the correct WordPress database (if you have multiple WordPress installations)



  3. Open "wp_users" table and look for your username (my one is "wpadmin"). If you are not using the default WordPress table prefix ("wp_") replace it with your table prefix.

  4. Once you found your admin user name, click the pencil icon in front it to edit the respective row. Replace the “user_email” with another email address which you have access to and click "Go".

  5. Now navigate to your WordPress's admin login page and use "Lost your password?" option to reset your password. WordPress will send a temp password to the new email address. Once you reset your password you can go in to the profile page to change the email address to the previous one.

     


The worst case…

If you forgot your admin password and your WordPress installation can’t send emails out to use the first method

As I mentioned earlier WordPress uses the "phpass" class to encrypt the passwords so we’ll create a new password hash using "phpass" and replace the hashed password with the new password hash.
I have extracted the phpass class from WordPress and made a small script to use the "phpass" to make the hashed passwords.
  1. Download it from here and upload it to your web server (no matter it's live on internet or a local server like WAMP)
  2. Access the "index.php" page inside the folder you placed the downloaded file through your web browser.

  3. Enter a plaintext password string in the text box and click "Generate!" You will get the hashed value with your plan password. Copy the hashed value and follow the steps described on the first section until you find your admin username.


  4. If you are in a hurry or don't know how to put files on the server, don't worry just grab the below hashed value and continue to the next step.

    Hashed Value: $P$BCYhNvazvPO/DpvGZM/86IfuV3RSlG. (Note the dot in the end of the string)
    Plaintext Password: mypassword
  5. Click the pencil icon in front it to edit the respective row. Replace the “user_pass” with the newly generated hashed value and click "Go".

  6. Now navigate to your WordPress's admin login page and use your new password with your admin username to login!
Note: Once you logged in don't forget to change your password!

3 comments: