Resetting the WP-admin account from the commandprompt.

1. Open a bash shell on the linux box. Using SSH is advised.
2. Generate a password MD5 hash using php.

 php -r "print( md5('YourPassWordHere')); print(\"\r\n\");"

3. Copy the 32 bit string that is the result.
4. Connect to mysql

mysql

5. Connect to the correct database;

show databases;
use databasename;

6. make a copy/paste backup of the admin user data.

select * from wp_users where user_login = 'admin';

7. Update the table

update wp_users set user_pass='the_md5_hash_generated_in_step_2/3' where user_login = 'admin';

8. Log into wordpress using the username “admin” and the password you have used.

— Suggestion after the comment by kadimi —

9. Reset you password using the “wordpress dashboard > Users > Your profile > Change password” option.

About Chris Gralike

Momenteel ben ik manager van de afdeling business continuity bij de zakelijke IT dienstverlener AMIS Services BV. Sinds 2003 ben ik actief in de ICT branche. Tussen 2003 en nu heb ik verschillende rollen vervuld. In de rollen: systeem- en netwerkbeheer, system engineer, servicemanager en nu practice manager ben ik in contact gekomen met uiteenlopende technologieën, methodologieën, ideeën, oplossingen en innovaties. Een rijke ervaring waarmee ik de klanten van Conclusion en AMIS elke dag probeer te ondersteunen. Mijn credo: 'Altijd opzoek een win-win tussen business en technologie.'

Posted on January 11, 2010, in Linux, Nagios / Centreon, PHP and tagged , , , , , , , , . Bookmark the permalink. 2 Comments.

  1. For added security I would suggest that you generate the md5 hash using an online JavaScript MD5 encoder:
    * Go to http://pajhome.org.uk/crypt/md5/
    * Disconnect from Internet
    * Generate the MD5 hash of your password
    * Copy it to your clipboard
    * Connect to the internet and complete the other steps

    This will not leave any trace of your real password in your computer or on the server (the command “history”).

  2. Naturally you should alter the password after the reset from within the wordpress application. This will render usage of the password in the linux history unusable.

    Also anyone with shell access to the actual linux box is able to repeat these steps given the right permissions, and is thus able to reset any password using these steps. Security is important! But I dont think using external websites will improve security related to these steps.

    You can indeed use the link above to generate an MD5 hash using an external website. But when the password is reset directly after these steps, i think you should be relatively save.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 57 other followers

%d bloggers like this: