NEWS CATEGORIES:

NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>

Find us on Google+

Home > News > Webmaster > Tips and Tricks

May 26th, 2008, 15:17 GMT · By Catalin Bocanu

MD5 Passwords Encryption

Adjust text size:

Editing user_pass Field Using phpMyAdmin

The strength of passwords, as well as their encryption mechanism, is crucial for the security of database driven applications. If you own a website constructed on a ready-made content management system architecture, the back-end administration password will always be protected by using a certain type of encryption mechanism.

In the case of the WordPress platform, as well as in that of many

other content management systems, passwords are stored in the database encrypted with the MD5 encryption algorithm. This way, anyone who would crack the MySQL database login system, would not find out the plain text version of the password because MD5 is a one-way encryption algorithm. As a consequence, the login password necessary to access the WordPress administration panel cannot be recovered, just reset.

If you happen to forget the login password for a known username associated to a certain WordPress installation, there are a few methods to reset it. The simplest one would be to use the automatic script that requires you to know the username and a corresponding valid email address existing in the MySQL database.

In case the PHP installation does not have the email function enabled or the email address is not valid, the manual reset procedure must be performed. You will need an MD5 hash generator (there are many of them free and available online like Epleweb, for example) and administrative rights for the MySQL database containing WordPress data.

By using a MySQL database manager like phpMyAdmin or MySQL Query Browser, select the table called wp_users from the WordPress database, and then click the browse button and select the record that you need to edit. In the user_pass field, the MD5 hash value corresponding to the plain text version of your password must be pasted and the modifications must be saved. The password can be also reset with the help of a script.

In conclusion, it is recommended you choose an easy to remember password for your WordPress user account, one that you must change often. In case that none of the password reset mechanisms work, you will have to reinstall the WordPress application.

FILED UNDER:

WordPress

Content Management System

Password Encryption

Password Security

MD5

TELL US WHAT YOU THINK:

17,276 hits · 5 comments · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:

Installation of a PHP BitTorrent Tracker on Windows

Free Automatic Data Backup Using Unlimited Disk Space

A Single "Crack" For Any VistaPanel

An AJAX Free Remote File Management Tool

Random Numbers in PHP

READER COMMENTS:

Comment #1 by: voor on 26 May 2008, 21:03 UTC	reply to this comment
Uhhh... MD5 is NOT an encryption algorithm, it's a one-way hash function.

Comment #2 by: voodoo on 27 May 2008, 07:52 UTC	reply to this comment
Agreed with voor, and MD5 is considered to be obsolete, since it has been partially broken. SHA-2 class hash algorithms are the way to go.

Comment #3 by: Vooroo on 01 Oct 2008, 18:46 UTC	reply to this comment
I agree with the two kids that posted before me.

Comment #4 by: Adam on 29 Oct 2008, 20:13 UTC

reply to this comment

First, let me preface this by saying the previous posts are correct.

That being said, who cares? This article is clearly meant for people who don't know much about encryption. So for the intended audience, why does it matter if MD5 is an encryption algorithm or a one way hash?

Also, this article is written with the intent of conveying WordPress' password management. It does not go into the merits of different encryption schemes. While SHA-2 is certainly better than MD5, it's MD5 that WordPress uses.

Incidently, MySQL has built-in Encryption Functions. An easier way to update a password is to just run this query:

update wp_users set user_pass=MD5('somepassword') where user_login='someuser';

Comment #5 by: Bryan Eye on 01 Jan 2009, 12:06 UTC

reply to this comment

@Adam - "Who cares?" Not enough. If more people cared, we'd live in a better world. Why does it matter if "correct" information is propogated? A more informed public means a better world. With all due respect, you suggest that for a newbie audience, it's okay to represent terms loosely... that is the exact audience which correct definitions and representations would benefit most. I know I'm being picky here, but I just thought I would write a comment saying that "I care". =)

SUBMIT PROGRAM \| ADVERTISE \| GET HELP \| SEND US FEEDBACK \| RSS FEEDS \| UPDATE YOUR SOFTWARE \| ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved. Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.	Copyright Information \| Privacy Policy \| Terms of Use