Resetting the WP-admin account from the commandprompt.

1. Open a bash shell on the linux box. Using SSH is advised.
2. Generate a password MD5 hash using php.

 php -r "print( md5('YourPassWordHere')); print(\"\r\n\");"

3. Copy the 32 bit string that is the result.
4. Connect to mysql

mysql

5. Connect to the correct database;

show databases;
use databasename;

6. make a copy/paste backup of the admin user data.

select * from wp_users where user_login = 'admin';

7. Update the table

update wp_users set user_pass='the_md5_hash_generated_in_step_2/3' where user_login = 'admin';

8. Log into wordpress using the username “admin” and the password you have used.

— Suggestion after the comment by kadimi —

9. Reset you password using the “wordpress dashboard > Users > Your profile > Change password” option.

About these ads

About Chris Gralike

Listen carefully to the people around you. Keep an open-mind, realize there is far more to learn, do, and accomplish. Treat your colleagues and competitors with respect and have FUN doing what you do best! These are my recommendations for success, what are yours? Find me at : LINKEDIN : http://www.linkedin.com/in/chrisgralike TWITTER : http://twitter.com/#!/chris_gralike WORDPRESS : http://sysengineers.wordpress.com/

Posted on January 11, 2010, in Linux, Nagios / Centreon, PHP and tagged , , , , , , , , . Bookmark the permalink. 2 Comments.

  1. For added security I would suggest that you generate the md5 hash using an online JavaScript MD5 encoder:
    * Go to http://pajhome.org.uk/crypt/md5/
    * Disconnect from Internet
    * Generate the MD5 hash of your password
    * Copy it to your clipboard
    * Connect to the internet and complete the other steps

    This will not leave any trace of your real password in your computer or on the server (the command “history”).

  2. Naturally you should alter the password after the reset from within the wordpress application. This will render usage of the password in the linux history unusable.

    Also anyone with shell access to the actual linux box is able to repeat these steps given the right permissions, and is thus able to reset any password using these steps. Security is important! But I dont think using external websites will improve security related to these steps.

    You can indeed use the link above to generate an MD5 hash using an external website. But when the password is reset directly after these steps, i think you should be relatively save.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 52 other followers

%d bloggers like this: