CASE STUDY: Password Reset Not Working

photo by tomasrotger

photo by tomasrotger

I was approached by a client who was having problem with the wordpress password reset.

The Poblem

My cient was attempting to change his password from the normal password change screen under wp-admin.  When he attempted to reset his admin user password, a new password was sent, but the new password did not work.

As a side note, his ISP had reported that certain scripts on his blog were open for vulnerabilities.

My Solution

I suspected that the blog had been hacked and the password reset was sending to some nefarious web troll.

What I did was to white-hat hack the database, and using techniques I don’t want to document here, I was able to get a new MD5 encrypted password.  I then updated the database with that password so I was able to login with an admin level password.

The next stage of the fix was to restore the wordpress code base, I took a copy of wp-config.php, backed up all of the existing files before deletingthe blog root, wp-admin and wp-includes, next I refreshed the blogs code base with a mint copy 0f wordpress 2.7 and re-installed wp-config.php.

The Outcome

The blog was back online and in full working order.  My client was happy and I am now on his blogroll.

Are You Looking For Ongoing Maintenance
For your WordPress Site?

Let us do the following for you:
  • Backups
  • Update - WordPress Plugins and Theme
  • Security
  • Uptime Monitoring
  • Small tweaks such as plugin installs and theme changes
  • Weekly reporting

Get Full Details And Take A 30 Day Free Trial

One Response to “CASE STUDY: Password Reset Not Working”

  1. Mathias July 26, 2011 at 10:37 am #

    If you want to recover your original password without resetting it read this article: http://www.cedricve.me/blog/2011/07/25/how-to-recover-a-wordpress-password-without-resetting/