Recovering a WordPress Admin Account

by | Jul 31, 2013 | Wordpress | 0 comments

Recently I had to resurrect a WordPress site that had been hacked.  It was set up as a content management system without blog functionality so the original webmaster had never told the site’s owner any user name or  password.  The domain host was able to provide the login credentials to access the domain and cPanel.  I could have exported the data using phpMyAdmin, installed a new version of WordPress with a new admin account then imported the data.  Instead, I wanted to poke around the compromised installation to see what was going on.  To do that I needed access to a WordPress admin account so that I could edit the database.  I’ll explain the process below.  Before you try that, some hosts have added WordPress management to your control panel.  

Using Control Panel WordPress Management

The host I use has implemented an application on the hosting control panel.  It is called “WordPress.”  It allows me to log into the control panel and manage my WordPress installations.  Here are the steps to change an administrator password in the system I have.  If you have such a system it should be similar.  If you need a better host,  you can sign up at:

  1. Open the WordPress application in the control panel
  2. Under “Manage WordPress Installations, click “Continue”
  3. Click the pencil icon (edit) to the right of the installation you need to change
  4. Scroll down the page to find the “WordPress Administrators section
  5. Click the “Password” button
  6. Provide your new password twice
  7. Click Set and you are done.

This process edits the database like I describe in the following section although you don’t need to be concerned with password encryption issues..

Editing the WordPress Database Directly

There are several ways to reset the password when you have no other access.  I used a simple edit of the database.  Here are the instructions:

  • Log into your cPanel or whatever interface your web host provides.
  • Open phpMyAdmin
  • Select your WordPress database from the list on the left
  • Open the “Users” database table

The table will have a row for each user.  Each user has an ID, user_login, user_pass, user_nicename and so on.  We are only interested in the user_login and the user_pass.  The user password (user_pass) is encrypted so it doesn’t look anything like the password you actually use.

After encryption:

  • This password: temp-password
  • Looks like this: $P$Bm4qdWsxKrZs.HPINBFHHLHWB2jx5h.

Identify the user you want to access based upon the user’s email address or user name then copy the above encrypted password and paste it into the user_pass field in the user table.  To do that:

  • First, copy the encrypted password above then get back to the user table in phpMyAdmin
  • Click “Inline Edit” to the left of the row that you want to edit and the row will open up for editing.
  • Select the encrypted password in the database table
  • Paste the new encrypted password over it
  • Click “Save” to the left of the row.
  • Note the user_login that goes with the new password.

You can now log into your WordPress using the user name (user_login) and the password ‘temp-password’. The very first thing you MUST do is log into WordPress, click “Users” and change your password.