Difference between revisions of "How do you recover or reset your admin password?"

From Joomla! Documentation

(→‎Add a New Super Administrator User: added params field and value to 1.6 code to get rid of warning message)
m
 
(56 intermediate revisions by 21 users not shown)
Line 1: Line 1:
Normally, you can add, edit and delete users and passwords from the back-end User Manager. To do this, you must be logged in as a member of the Super Administrator group.  
+
<noinclude><languages /></noinclude>
 +
{{version|2.5,3.x,4.x,5.0}}
 +
{{tip|text=<translate><!--T:1-->
 +
This page is only for Joomla! 2.5 and higher versions. If you are still using Joomla! 1.5</translate> [[S:MyLanguage/J1.5:How_do_you_recover_or_reset_your_admin_password%3F|<translate><!--T:2-->
 +
instructions can be found here</translate>]].|title=<translate><!--T:3-->
 +
Joomla! 2.5 and higher Password Recovery</translate>}}
  
 +
<translate>
 +
<!--T:4-->
 +
Normally, you can add, edit and delete users and passwords from the Backend User Manager. To do this, you must be logged in as a member of the Super User group.
 +
 +
<!--T:5-->
 
In some situations, this may not be possible. For example, your site may have been "hacked" and had the passwords or users changed. Or perhaps the person who knew the passwords is no longer available. Or maybe you have forgotten the password that was used.
 
In some situations, this may not be possible. For example, your site may have been "hacked" and had the passwords or users changed. Or perhaps the person who knew the passwords is no longer available. Or maybe you have forgotten the password that was used.
  
In these cases, it is still possible to fix up the Joomla! database so you can log back in as a Super Administrator. There are three possible methods discussed below.
+
<!--T:6-->
 +
In these cases, it is still possible to alter the Joomla! database so you can log back in as a Super User. These are the possible methods available to Joomla! Administrators.
 +
</translate>
 +
 
 +
<translate>
 +
== Method 1: ''configuration.php'' file == <!--T:7-->
 +
</translate>
 +
<translate>
 +
<!--T:8-->
 +
If you have access to your ''configuration.php'' file for the Joomla installation on your server, then you can recover the password using the following method:
 +
 
 +
<!--T:9-->
 +
1. Using an FTP program connect to your site. Find the ''configuration.php'' file and look at the file permissions. If the permissions are 444 or some other value, then change the permissions of the ''configuration.php'' file to 644. This will help prevent issues when uploading the changed ''configuration.php'' file later in this process.
 +
 
 +
<!--T:10-->
 +
2. Download the ''configuration.php'' file.
 +
 
 +
<!--T:11-->
 +
3. Open the ''configuration.php'' file that was downloaded in a text editor such as Notepad++ and add this line:
 +
</translate>
 +
 
 +
public $root_user='myname';
 +
 
 +
<translate>
 +
<!--T:12-->
 +
to the bottom of the list where ''myname'' is a username with Administrator access that you know the password for. A username that is in the Author User Group view access level or higher can also be used in place of a username with Administrator access.
  
===Use the Lost Password Feature===
+
<!--T:13-->
If you have access to the email address that was used for the admin user, and you have made the "lost password" feature available on the front end, the simplest thing is to do is to use the "lost password" Front-end function. The site will send an e-mail to the user's e-mail address and allow you to change the password.
+
4. Save the ''configuration.php'' file and upload it back to the site. You may leave the permissions on the ''configuration.php'' file at 644.
  
If this method will not work, you have two other options, both of which require working with the MySQL database directly.
+
<!--T:14-->
 +
This user will now be a temporary Super User.
  
===Change the Password in the Database===
+
<!--T:15-->
If the admin user is still defined, the simplest option is to change the password in the database to a known value. This requires that you have access to the MySQL database using phpMyAdmin.
+
5. Login to the Backend and change the password of the user you don't have the password for or create a new Super User.
 +
If you create the new user you may want to block or delete the old user depending on your circumstances.
 +
</translate>
  
# Navigate to phpMyAdmin and select the database for the Joomla! site in the left-hand drop-down list box. This will show the database tables on the left side of the screen.
+
<translate>
# Click on the table "jos_users" in the list of tables.
+
<!--T:16-->
# Click on the "Browse" button in the top toolbar. This will show all of the users that are set up for this site.
+
6. When finished, make sure to use the ''Click here to try to do it automatically'' link that appears in the alert box to remove the line that was added to the ''configuration.php'' file. If using the link was not successful, go back and delete the added line from your ''configuration.php'' file using a text editor. Upload the ''configuration.php'' file back to the site.
# Find the user whose password you want to change and press the Edit icon for this row.
+
</translate>
# A form will display that allows you to edit the password field. Copy the value <source lang="sql">d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199</source> into the password field and press the ''Go'' button. phpMyAdmin should display the message "Affected rows: 1". At this point, the password should be changed to "secret".
+
 
# Log in with this user and password and change the password of this user to a secure value. Check all of the users using the User Manager to make sure they are legitimate. If you have been hacked, you may want to change all of the passwords on the site.
+
<translate>
 +
<!--T:17-->
 +
7. Using your FTP program, verify the file permissions of the ''configuration.php'' file. They should be ''444''. If you manually removed the added line, then change the file permissions on the ''configuration.php'' file to ''444''.
  
===Add a New Super Administrator User===
+
<!--T:18-->
If changing the password won't work, or you aren't sure which user is a member of the Super Administrator group, you can use this method to create a new user.
+
If you have no users who know their passwords and you can't utilize front end registration you may need to make a change in your database as outlined below.
 +
</translate>
  
# Navigate to phpMyAdmin and select the database for the Joomla! site in the left-hand drop-down list box. This will show the database tables on the left side of the screen.  
+
<translate>
# Press the "SQL" button in the toolbar to run an SQL query on the selected database. This will display a field called "Run SQL query/queries on database <your database>".
+
== Method 2: Direct Editing of Database == <!--T:19-->
# Delete any text in this field and copy and paste one of the following queries and press the ''Go'' button to execute the query and add the new Administrator user to the table.
+
If the methods above did not work, you have two other options, both of which require working with the MySQL database directly.
# Use the 1.6 query version for a site based upon Joomla 1.6.xx and use the 1.5 query version for a site based upon Joomla 1.5.xx.
+
</translate>
  
 +
<translate>
 +
===Change the Password in the Database=== <!--T:20-->
 +
If the Super User is still defined, the simplest option is to change the password in the database to a known value. This requires that you have access to the MySQL database using phpMyAdmin or another client.
 +
</translate>
 +
{{warning|<translate><!--T:21-->
 +
These instructions show how to manually change a password to the word</translate> - "secret"|title=<translate><!--T:22-->
 +
Make sure you change your password once you regain access.</translate>}}
 +
<translate><!--T:23-->
 +
# Navigate to phpMyAdmin and select the database for the Joomla! site in the left-hand drop-down list box. This will show the database tables on the left side of the screen.
 +
# Find and click on the table with ''_users'' appended in the list of tables. (Note: you may have a prefix that is not ''jos_''. Simply go to the ''_users'' table for your prefix).
 +
# Click on the ''Browse'' button in the top toolbar. This will show all of the users that are set up for this site.</translate>
 +
<translate><!--T:24-->
 +
# Find the user whose password you want to change and press the Edit icon for this row.
 +
# A form will display that allows you to edit the password field. Copy the value</translate>
  
'''NOTE:''' '''''The following code uses jos_ as the table name prefix which is the Joomla default table prefix If you elected to change this prefix when you first installed Joomla, you will need to change jos_ to the prefix you used.'''''
+
<syntaxhighlight lang="sql">d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199</syntaxhighlight>
  
 +
<translate><!--T:25-->
 +
into the password field and press the ''Go'' button. phpMyAdmin should display the message ''Affected rows: 1''. At this point, the password should be changed to ''secret''.
 +
# Log in with this user and password and change the password of this user to a secure value. Check all of the users using the User Manager to make sure they are legitimate. If you have been hacked, you may want to change all of the passwords on the site.</translate>
  
'''SQL code for use with Joomla 1.6.xx'''
+
<translate>
 +
=== Add a New Super User === <!--T:26-->
 +
If changing the password won't work, or you aren't sure which user is a member of the Super User group, you can use this method to create a new user.
 +
</translate>
  
<source lang="sql">INSERT INTO `jos_users`
+
<translate><!--T:27-->
  (`id`,`name`, `username`, `password`, `params`)
+
# Navigate to phpMyAdmin and select the database for the Joomla! site in the left-hand drop-down list box. This will show the database tables on the left side of the screen.
VALUES (LAST_INSERT_ID(),'Administrator2', 'admin2',
+
# Press the ''SQL'' button in the toolbar to run an SQL query on the selected database. This will display a field called ''Run SQL query/queries on database <your database>''.</translate>
    'd2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199', '');
+
<translate><!--T:28-->
INSERT INTO `jos_user_usergroup_map` (`user_id`,`group_id`)
+
# Delete any text in this field and copy and paste the following query below and press the ''Go'' button to execute the query and add the new Administrator to the table.
VALUES (LAST_INSERT_ID(),'8');
+
# Use the SQL query below to add another Administrator account.</translate>
</source>
 
  
 +
{{warning|<translate><!--T:29-->
 +
The following code uses ''jos31_'' as the table name prefix which is only an example table prefix. The prefix when you first installed Joomla is '''random''' or what you set it to specifically. You will need to change all occurrences of ''jos31_''(your install set prefix) found in the code below to the prefix your installation is using.</translate> |title=<translate><!--T:30-->
 +
Make sure you match your database table prefix!
 +
</translate>}}
 +
<translate><!--T:31-->
 +
SQL code for use with Joomla</translate> 2.5, 3.x, 4.x, 5.x
  
'''SQL code for use with Joomla 1.5.xx'''
+
<syntaxhighlight lang="sql">
 +
INSERT INTO `jos31_users`
 +
  (`name`, `username`, `password`, `params`, `registerDate`, `lastvisitDate`, `lastResetTime`)
 +
VALUES ('Administrator2', 'admin2',
 +
    'd2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199', '', NOW(), NOW(), NOW());
 +
INSERT INTO `jos31_user_usergroup_map` (`user_id`,`group_id`)
 +
VALUES (LAST_INSERT_ID(),'8');
 +
</syntaxhighlight>
  
<source lang="sql">INSERT INTO `jos_users`
+
<translate>
  (`id`, `name`, `username`, `email`, `password`, `usertype`, `block`, `sendEmail`,
+
<!--T:32-->
    `gid`, `registerDate`, `lastvisitDate`)
+
At this point, you should be able to log into the Backend of Joomla! with the username of ''admin2'' and password of ''secret''. After logging in, go to the User Manager and change the password to a new secure value and add a valid email address to the account. If there is a chance you have been "hacked", be sure to check that all users are legitimate, especially any members of the Super User group.
    VALUES (LAST_INSERT_ID(), 'Administrator2', 'admin2', 'your-email@yourdomain.com',
+
</translate>
    'd2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199',
 
    'Super Administrator', 0, 1, 25, '0000-00-00 00:00:00', '0000-00-00 00:00:00');
 
INSERT INTO `jos_core_acl_aro` VALUES (NULL, 'users', LAST_INSERT_ID(), 0, 'Administrator2', 0);
 
INSERT INTO `jos_core_acl_groups_aro_map` VALUES (25, '', LAST_INSERT_ID());
 
</source>
 
  
At this point, you should be able to log into the back end of Joomla! with the username of "admin2" and password of "secret". After logging in, go to the User Manager and change the password to a new secure value and add a valid e-mail address to the account. If there is a chance you have been "hacked", be sure to check that all users are legitimate, especially any members of the Super Administrator group.
+
{{warning|<translate><!--T:33-->
The examples above change the password to "secret". Two other possible values are shown below:
+
Warning: The password values shown on this page are public knowledge and are only for recovery. Your site may be hacked if you do not change the password to a secure value after logging in.
 +
</translate>}}
 +
<translate><!--T:34-->
 +
The examples above change the password to ''secret''. Two other possible values are shown below:</translate>
 
<pre>
 
<pre>
 
- password = "this is the MD5 and salted hashed password"
 
- password = "this is the MD5 and salted hashed password"
Line 65: Line 136:
 
</pre>
 
</pre>
  
<font color="#ff0000">Warning: The password values shown on this page are public knowledge and are only for recovery. Your site may be hacked if you do not change the password to a secure value after logging in. Be sure you change the password to a secure value after logging in. </font>
+
<noinclude><translate><!--T:35-->
[[Category:FAQ]][[Category:Administration FAQ]][[Category:Getting Started FAQ]][[Category:Version 1.5 FAQ]]
+
[[Category:FAQ]][[Category:Administration FAQ]][[Category:Getting Started FAQ]] [[Category:User Management]]</translate></noinclude>
[[Category:User Management]]
 

Latest revision as of 05:41, 18 January 2024

Other languages:
Bahasa Indonesia • ‎Deutsch • ‎English • ‎Nederlands • ‎Türkçe • ‎eesti • ‎español • ‎français • ‎italiano • ‎português • ‎português do Brasil • ‎Ελληνικά • ‎русский • ‎فارسی • ‎ไทย • ‎中文(中国大陆)‎ • ‎中文(台灣)‎ • ‎日本語
This article is for Joomla! CMS Version(s) Joomla 2.5 Joomla 3.x Joomla 4.x Joomla 5.0
Joomla! 2.5 and higher Password Recovery

This page is only for Joomla! 2.5 and higher versions. If you are still using Joomla! 1.5 instructions can be found here.

Normally, you can add, edit and delete users and passwords from the Backend User Manager. To do this, you must be logged in as a member of the Super User group.

In some situations, this may not be possible. For example, your site may have been "hacked" and had the passwords or users changed. Or perhaps the person who knew the passwords is no longer available. Or maybe you have forgotten the password that was used.

In these cases, it is still possible to alter the Joomla! database so you can log back in as a Super User. These are the possible methods available to Joomla! Administrators.

Method 1: configuration.php file[edit]

If you have access to your configuration.php file for the Joomla installation on your server, then you can recover the password using the following method:

1. Using an FTP program connect to your site. Find the configuration.php file and look at the file permissions. If the permissions are 444 or some other value, then change the permissions of the configuration.php file to 644. This will help prevent issues when uploading the changed configuration.php file later in this process.

2. Download the configuration.php file.

3. Open the configuration.php file that was downloaded in a text editor such as Notepad++ and add this line: 

public $root_user='myname';

to the bottom of the list where myname is a username with Administrator access that you know the password for. A username that is in the Author User Group view access level or higher can also be used in place of a username with Administrator access.

4. Save the configuration.php file and upload it back to the site. You may leave the permissions on the configuration.php file at 644.

This user will now be a temporary Super User.

5. Login to the Backend and change the password of the user you don't have the password for or create a new Super User. If you create the new user you may want to block or delete the old user depending on your circumstances.

6. When finished, make sure to use the Click here to try to do it automatically link that appears in the alert box to remove the line that was added to the configuration.php file. If using the link was not successful, go back and delete the added line from your configuration.php file using a text editor. Upload the configuration.php file back to the site.

7. Using your FTP program, verify the file permissions of the configuration.php file. They should be 444. If you manually removed the added line, then change the file permissions on the configuration.php file to 444.

If you have no users who know their passwords and you can't utilize front end registration you may need to make a change in your database as outlined below.

Method 2: Direct Editing of Database[edit]

If the methods above did not work, you have two other options, both of which require working with the MySQL database directly.

Change the Password in the Database[edit]

If the Super User is still defined, the simplest option is to change the password in the database to a known value. This requires that you have access to the MySQL database using phpMyAdmin or another client.

Stop hand nuvola.svg.png
Make sure you change your password once you regain access.

These instructions show how to manually change a password to the word - "secret"

  1. Navigate to phpMyAdmin and select the database for the Joomla! site in the left-hand drop-down list box. This will show the database tables on the left side of the screen.
  2. Find and click on the table with _users appended in the list of tables. (Note: you may have a prefix that is not jos_. Simply go to the _users table for your prefix).
  3. Click on the Browse button in the top toolbar. This will show all of the users that are set up for this site.
  4. Find the user whose password you want to change and press the Edit icon for this row.
  5. A form will display that allows you to edit the password field. Copy the value
d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199

into the password field and press the Go button. phpMyAdmin should display the message Affected rows: 1. At this point, the password should be changed to secret.

  1. Log in with this user and password and change the password of this user to a secure value. Check all of the users using the User Manager to make sure they are legitimate. If you have been hacked, you may want to change all of the passwords on the site.

Add a New Super User[edit]

If changing the password won't work, or you aren't sure which user is a member of the Super User group, you can use this method to create a new user.

  1. Navigate to phpMyAdmin and select the database for the Joomla! site in the left-hand drop-down list box. This will show the database tables on the left side of the screen.
  2. Press the SQL button in the toolbar to run an SQL query on the selected database. This will display a field called Run SQL query/queries on database <your database>.
  3. Delete any text in this field and copy and paste the following query below and press the Go button to execute the query and add the new Administrator to the table.
  4. Use the SQL query below to add another Administrator account.
Stop hand nuvola.svg.png
Make sure you match your database table prefix!

The following code uses jos31_ as the table name prefix which is only an example table prefix. The prefix when you first installed Joomla is random or what you set it to specifically. You will need to change all occurrences of jos31_(your install set prefix) found in the code below to the prefix your installation is using.

SQL code for use with Joomla 2.5, 3.x, 4.x, 5.x 

INSERT INTO `jos31_users`
   (`name`, `username`, `password`, `params`, `registerDate`, `lastvisitDate`, `lastResetTime`)
VALUES ('Administrator2', 'admin2',
    'd2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199', '', NOW(), NOW(), NOW());
INSERT INTO `jos31_user_usergroup_map` (`user_id`,`group_id`)
VALUES (LAST_INSERT_ID(),'8');

At this point, you should be able to log into the Backend of Joomla! with the username of admin2 and password of secret. After logging in, go to the User Manager and change the password to a new secure value and add a valid email address to the account. If there is a chance you have been "hacked", be sure to check that all users are legitimate, especially any members of the Super User group.

Stop hand nuvola.svg.png
Warning!

Warning: The password values shown on this page are public knowledge and are only for recovery. Your site may be hacked if you do not change the password to a secure value after logging in.

The examples above change the password to secret. Two other possible values are shown below: 

- password = "this is the MD5 and salted hashed password"
------------------------------------------------------
- admin  = 433903e0a9d6a712e00251e44d29bf87:UJ0b9J5fufL3FKfCc0TLsYJBh2PFULvT
- secret = d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199
- OU812  = 5e3128b27a2c1f8eb53689f511c4ca9e:J584KAEv9d8VKwRGhb8ve7GdKoG7isMm
Retrieved from "https://docs.joomla.org/index.php?title=How_do_you_recover_or_reset_your_admin_password%3F&oldid=1020509"