I forgot my admin password on wordpress. I know, it is silly, but I reset it to something and then promptly forgot.What followed, was a sad comedy of errors and a small ode to open source. For long version, see below:
No matter, I thought, surely wordpress uses the database password() function and I could just get a new password hash, insert it into the DB, and be good again. To PhpMyAdmin we go… and Wrong! WordPress does not use the function, probably with good reason.
Ok… what now? How about I reverse-engineer the hash function, include a call to it in one of theme designs and get a new hash in whatever way the hash is computed. Then, I can insert it into the database… Yeah – in what other ways could I try to scratch my left ear with my right foot?
Finally I remember something painfully obvious – I do not need to hash anything, just return “true” from some function called checkPassword or VerifyPassword – there is always one somewhere. Indeed, CheckPassword() function does this:
function CheckPassword($password, $stored_hash)
{
$hash = $this->crypt_private($password, $stored_hash);
if ($hash[0] == '*')
$hash = crypt($password, $stored_hash);
return $hash == $stored_hash;
}
comment out the last line and replace it with return true;
Now, just save the file, reload the page, and login with a random password. Change the password to something I think I will remember, and change the code back…
And this is why I host my own instance of wordpress :)
Another option ….
install the 'WP-Mail-SMTP' plugin (http://www.callum-macdonald.com/code/wp-mail-smtp/) … it allows forgotten passwords to be sent via e-mail.
HTH
Ah, but I could not install and configure the plugin without knowing the password :)
Anyway, I knew the password would come back to me the second I got in, which is precisely what happened.
Another option ….
install the 'WP-Mail-SMTP' plugin (http://www.callum-macdonald.com/code/wp-mail-smtp/) … it allows forgotten passwords to be sent via e-mail.
HTH
Ah, but I could not install and configure the plugin without knowing the password :)
Anyway, I knew the password would come back to me the second I got in, which is precisely what happened.