Resetting Joomla admin password
It is a testiment to my own foul forgetfulness that I am endlessly hunting the Joomla forums for the post that explains how to reset the admin password for Joomla.
Rather, it’s not that I can’t remember how to do it - doing it is quite simple - it’s I can’t remember the values to insert.
The only way to “reset” your Joomla password is by editing the database directly. Simply:
- Access your database, either via phpMyAdmin or whatever program your hosting uses.
- Navigate to the jos_users table, browse the admin user and edit the password field.
Now here’s where it gets a tad tricky - the password, for security reasons, isn’t stored as straight-up text. Instead, it is stored using a one-way MD5 hash. All this really means is that instead of inserting some string of text as your password (ie. “imagod”) you insert the text string converted to a MD5 hash string (ie. “556266312a4980d0203b590a56751961″).
So, once you’ve popped open the password field, just insert the new MD5 hash, save and you’re done.
Assuming you’re not the next Rainman, you’ll probably need a tool to come up with the MD5 hash - this online Javascript MD5 hash generator works well. Just insert the password you want to use in the input field and push the MD5 button.
If you just want a quick reset, and then want to edit the password the standard way via Joomla’s User Manager, here are a couple MD5 hashes:
- secret: 5ebe2294ecd0e0f08eab7690d2a6ee69
- password: 5f4dcc3b5aa765d61d8327deb882cf99
- admin: 21232f297a57a5a743894a0e4a801fc3
How hard can it be to look at the address for the website you are logging into? To stop the virus...
@Rob: Solid tip Rob - cheers for sharing. Didn’t even occur to me to use MySQL’s built in MD5...
This is pretty easy using PHPMyAdmin if you have it. If you don’t, get it - it’s free,...
Is there anyway to remove it once you have it?
Someone
Or… you could do it in reverse. Find the hash and stick it in milw0rm.
June 19, 2008 @ 4:24 pm
Ryan
I’m certain they’re using brute force attacks to crack the hash - so anyone using a reasonably good password (8+ characters, numbers, letters, mixed case and punctuation) isn’t likely to find it on there anytime soon.
But yeah - good to be aware of.
June 19, 2008 @ 8:07 pm
Someone
It’s interesting. My passwords tend to be as random as possible and long. But consider someone with a ’strong’ password that was made of a word or two with common letter-to-number switches (e > 3, for example) and random caps, plus maybe a couple of random letters/numbers. An intelligent brute force with permutations on dictionary words becomes a beautiful thing, search space is smaller.
Throw in some statistical analysis of what sorts of words (nouns, more common words) a database of perhaps a couple hundred thousand hashes has and the search space gets really interesting. And that’s not on the public web, but someone surely has it.
Nothing beats social networking though.
I find this stuff fascinating.
June 19, 2008 @ 8:55 pm
Al
Thank you so much! This worked out GREAT!
July 2, 2008 @ 10:35 am
Rob Mitchell
This is pretty easy using PHPMyAdmin if you have it. If you don’t, get it - it’s free, auto installs on most hosting providers who have Fantastico! or a similar tool.
Bring up PHPMyAdmin, select the database for your Joomla installation, choose the SQL tab, and enter this line of code:
UPDATE `jos_users` SET `password` = MD5( ‘your_new_pw’ ) WHERE `jos_users`.`username` = “admin” ;
If you’re using a different admin user than “admin” use that, and put the password you wish to use where the code says your_new_pw. Leave the quote marks, single or double, where they’re shown.
By now you’ve long since probably already fixed the problem, but this is the easiest way I know to fix it. PHPMyAdmin has a built in MD5 hash generator -or is that in the MySQL back end? It doesn’t really matter - it gets done for you.
Good luck!
August 16, 2008 @ 12:52 pm
Ryan
@Rob: Solid tip Rob - cheers for sharing. Didn’t even occur to me to use MySQL’s built in MD5 hash generator.
August 16, 2008 @ 1:52 pm