Gaining Login Access via the Database

I have been given a job to amend a Wordpress site. I have only been given access to Cpanel. My questions are can i log in to the back end of Wordpress via Cpanel? If you can't login via Cpanel can i change the details like username and password so i can log in?

I have tried going into mySQL database to the phpmyadmin and making it have no password but that made things worse. I tried going into all the things in my eXtend cpanel but i cant find anything that works.

Topic phpmyadmin mysql login Wordpress

Category Web

1
answered at

Unless this website is using some hashing-altering plugin like Bcrypt or similar, you can easily change the password for users using phpMyAdmin.

  1. Login to cpanel and open phpMyAdmin.
  2. Find table wp_users (prefix could differ)
  3. On the row with the user you want to change the password, click on Edit

  1. On new screen, find column user_pass, select the Function MD5, and type your new password like on screen, and click Go

  1. Now login to /wp-admin using new password, and change it to a more secure one through the Dashboard. This last step is very important, because changing password through the Dashboard applies a more secure hashing algorithm to the stored password. Please don't skip it.

More on official WordPress Documentation: Link

1
answered at

There are 5 options

1) Ask The Client

You haven't been given what you need to do your work, so you should request it rather than hacking in to the clients site. This would be the Professional and ethical thing to do

2) Reset Password link

Using the standard password reset link should do the job

3) WP CLI

You can use WP CLI to set the password, or add a new administrator user.

e.g. to update the user with ID 22:

wp user update 22 --password="newpass"

4) Via The Database

Passwords are salted, but you can replace them with an MD5 hash. The caveat being that as soon as that hash is checked, if it matches the password, then it gets replaced with a salted version at:

https://core.trac.wordpress.org/browser/tags/4.9.8/src/wp-includes/pluggable.php#L2236

5) emergency.php

If all other options fail, there is emergency.php. The file is dangerous, and should be removed once used, but it will allow you to reset the password of an admin user

  1. Save the script below as a file called emergency.php to the root of your WordPress installation (the same directory that contains wp-config.php).
  2. In your browser, open http://example.com/emergency.php.
  3. As instructed, enter the administrator username (usually admin) and the new password, then click Update Options. A message is displayed noting the changed password. An email is sent to the blog administrator with the changed password information.
  4. Delete emergency.php from your server when you are done. Do not leave it on your server as someone else could use it to change your password.

But the best avenue would be to ask the client or your employer for access, it's not an unreasonable request, and it's unreasonable to ask you to break into the site in order to do work.

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.