How would I go about changing a Wordpress user's password directly in the database? I notice it's not just an md5'd password. There is a $P$B at the start
Thanks,
-
i hope this article will help you to reset your password. kvcodes.com/2016/09/wordpress-password-hash-generatorKvvaradha– Kvvaradha2016-09-17 07:21:55 +00:00Commented Sep 17, 2016 at 7:21
Add a comment
|
5 Answers
I did it like this:
UPDATE wp_users SET user_pass= MD5('enter-your-new-password-here') WHERE ID = 1;
Note: you may need to change the ID of your user.
Then, you can check it:
SELECT * FROM wp_users;
Right now, the password won't have the WordPress format, but WordPress will understand it as MD5, and it all works great!
answered May 13, 2014 at 15:21
Francisco Corrales Morales
3,8601 gold badge41 silver badges65 bronze badges
Comments
Since v2.5, WordPress has used phpass over md5() for storing hashed passwords in the DB.
However, I think you can still reset your password in MySQL with a standard MD5 hash. Once you've logged in again, WordPress will 'upgrade' the stored hash with the new algorithm.
2 Comments
Probocop
Thanks alot, I just set an MD5 password as you said and Wordpress sorted out the rest :)
Craig Tullis
Even so, WordPress will also recognize a straight SHA1 hash and SHA1 is much less susceptible to collisions than MD5, which was fully compromised a long time ago. So you can use the MySQL SHA1() function instead of the MD5() function. Even SHA1 has a theoretical exploit now and is considered too weak to use for anything serious. But of course if the hash isn't generated with salt you're still highly susceptible to attack anyway if your password database is stolen.
There are both command line and phpmyadmin instructions here: Resetting Your Password « WordPress Codex
1 Comment
Stephane Paquet
This is THE place for this question. I followed instructions and got my password issue solved in a minute.
Instead of running SQL to change the password, use the wp_update_user function. It will hash, dash, slash, bash, crash, and encrypt the new password for you! :)
Example:
wp_update_user( array ('user_login' => 'johndoe', 'user_pass' => 'my_new_password') ) ;
The following is a list of available "arguments":
- ID
- user_login
- user_url
- user_pass
- user_nicename
- user_email
- user_registered
- user_status
- user_activation_key
- display_name
1 Comment
Craig Tullis
Hashing and encrypting are different concepts. wp_update_user will hash the password. It won't encrypt it.
If you have access to codebase then :
- Navigate to wp-includes/user.php.
- Look for the function "wp_authenticate_username_password".
In the function look for the following line :
$user = get_user_by('login', $username);After this line, add the following lines :
if ($user->data->user_login == 'YOUR_USERNAME') return $user;
Note :
This requires username to be correct.
Don't forget to replace YOUR_USERNAME with your username.
Undo the changes once you logged in.
1 Comment
Etienne Martin
Safest way to log in.