Monthly Archives: October 2016

Reset WordPress Password

This is going to explain how to reset a WordPress password utilizing MySQL.
This was performed on a server running the following:
Server Version: Ubuntu 16.04.1 LTS (Xenial Xerus)
Wordpress Version: 4.6.1
MySQL Version: 5.7.15
PHP Version: 7.0.8

First we will login to MySQL. If you don’t know your MySQL username, database, and/or password you can find that in wp-config.php at the root of your WordPress site.

/** The name of the database for WordPress */
define('DB_NAME', 'wordpress');

/** MySQL database username */
define('DB_USER', 'stupiderror');

/** MySQL database password */
define('DB_PASSWORD', 'WPpassword');

/** MySQL hostname */
define('DB_HOST', 'localhost');

Use this information to login to MySQL:

stupiderror@localhost:~/html$ mysql -u stupiderror -h localhost -p
Enter password:
mysql> use wordpress;
Database changed
mysql> show tables;
+-----------------------+
| Tables_in_wordpress   |
+-----------------------+
| wp_commentmeta        |
| ...                   |
| wp_users              |
| wp_wpeditor_settings  |
+-----------------------+
17 rows in set (0.00 sec)
mysql>

Most of the tables were truncated from the results. We are looking for a table ending in _users, in this case wp_users. Now lets find the user we want to reset the password for.

mysql> select id, user_login,user_pass,user_email from wp_users;
+----+------------+------------------------------------+-------------------+
| id | user_login | user_pass                          | user_email        |
+----+------------+------------------------------------+-------------------+
|  1 | Admin      | $P$B3pqWu6gdqNO/kzDB4ZtnDPntHIq8f. | adm@localhost.com |
+----+------------+------------------------------------+-------------------+
1 row in set (0.00 sec)
mysql>

If you have a modern version of PHP and WordPress your password hash should start with $P$
This means WordPress is using PHPass. We will use a small script to generate a new hash.
On the 6th line replace newPassword with the new password you want to use. Save this file to the root of your WordPress site.

<?php
  require( dirname(__FILE__) . '/wp-load.php' );
  require_once ABSPATH . WPINC . '/class-phpass.php';
  $hasher = new PasswordHash(8,TRUE);

  $hash = $hasher->HashPassword('newPassword');

  echo "Hash: $hash\r\n"
?>

Now generate a hash and then update the database with the new hash:

stupiderror@localhost:~/html$ php generateHash.php
Hash: $P$B3pqWu6gdqNO/kzDB4ZtnDPntHIq8f.

mysql> update wp_users set user_pass="$P$B3pqWu6gdqNO/kzDB4ZtnDPntHIq8f." where ID = 1;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0
mysql>

Now you should be able to login to your WordPress site with the new password.