Recovering the Administrator Password
Bug Squad Blog
Written by Elin Waring   

If you were unfortunate enough to be impacted by the exploit discovered yesterday, you may need to recover your admin password. Of course, you can do this in the user manager if you had another super admin account and nothing was changed in the user table. But assuming that's not the case, here are instructions for how to do it.

Here is a link to a wiki explanation of how to recover your administrator password.

Here is a video of the process made by James Ramsay as a GHOP project. Thanks James!

< Prev   Next >
 

Show other articles of this author

373 Votes

36 Comments

Feed

  1. avatar mj makes this comment

    Thursday, 25 December 2008

    Thank you SO MUCH! The tutorial is fantastic! I'm so glad I found it. Thank you so much for taking the time to make it!:-D

  2. avatar Zia makes this comment

    Thursday, 04 December 2008

    Simple, to the point, easy to follow..PERFECT!

  3. avatar kapi makes this comment

    Friday, 28 November 2008

    10x a lot. saved me a lot of worries. Great tutorial. happy that i've found it

  4. avatar Terrence makes this comment

    Saturday, 08 November 2008

    Thanks a million, worked like a charm. I am glad I bumped into your little tutorial. it saved me hours of searching for a solution, I am sure of that!

  5. avatar eleARTs makes this comment

    Tuesday, 21 October 2008

    Thank you so much! I followed your instructions and now I have access to my domain system again!

  6. avatar Rafabenz makes this comment

    Tuesday, 07 October 2008

    Thanks, This is helpful

  7. avatar kent makes this comment

    Monday, 06 October 2008

    Hey - awsome guide, very greatfull! one of my sites was hacked!

    Thanks again:-)

  8. avatar tack makes this comment

    Sunday, 05 October 2008

    I was hacked by a Turkish programmer and I was used joomla v.1.5 I did not knew about this matter that you show by video tutorial. I think next time i will try for my site.

    Thank you for your great support. Thanks

  9. avatar Fernando Valente makes this comment

    Saturday, 04 October 2008

    I doesnt work with 1.5.7. How i can do it on 1.5.7???
    Please send the reply to my email:
    fernando.cam.valente@gmail.com

  10. avatar oavs makes this comment

    Saturday, 04 October 2008

    This does not work with joomla 1.5.7 version. I need help please. And why did it happened? I have just installed the complete version.

  11. avatar ovy makes this comment

    Monday, 22 September 2008

    dont work with joomla 1.5.7 this version and 5.6 are many security bugs i try an old version 1.0.13 maybe are much good to secuity or not

  12. avatar sözlük makes this comment

    Saturday, 20 September 2008

    i did not try what i say but

    1 - register as a new user
    2 - open jos_users table and change "User Type" value to Super Administrator

    i believe it's more easy. :)

  13. avatar PT makes this comment

    Thursday, 11 September 2008

    Even though I don't need this workaround, it's good to know. thanks

  14. avatar unacosta makes this comment

    Tuesday, 09 September 2008

    Great help! Thank you soooo much!

  15. avatar tg makes this comment

    Sunday, 07 September 2008

    I am new and I cannot access my account. Several times I requested password from "forgot password?" link - I never received an email. I have tried resetting the password as demonstrated in the above video and it did not work. I set up another admin account and that does not work either.

    I'm new, but really? It can't be this difficult just getting in, can it? If so, there's no hope for me ever being able to use Joomla after I've made the effort to install - not that easy!

    I am using Joomla_1.5.6-Stable-Full_Package and xampp-win32-1.6.8-installer-beta1. Any assistance is appreciated.

    *frustrated*

  16. avatar Olympia Logger makes this comment

    Tuesday, 02 September 2008

    Saved my bacon this morning !!!!!!!!!!!!!!!

  17. avatar Piranha makes this comment

    Tuesday, 02 September 2008

    Great help for everybody, thanks! This article should have been for a while on the front page of Joomla.org website.

  18. avatar Joe makes this comment

    Monday, 01 September 2008

    Thank you so much. I followed the steps and regained access to the adminstration of my Joomla site. I'm not sure what to do to stop this from happening again, but I'll continue to read up.

  19. avatar chris makes this comment

    Sunday, 31 August 2008

    Pfioewwww..
    Thanks mate!

  20. avatar Thank you so much! makes this comment

    Sunday, 31 August 2008

    Thank G-D! You really saved me! thank you!

  21. avatar JeffGreen makes this comment

    Thursday, 28 August 2008

    I've had this attack in my site. I've recovered the database from a backup (thereby restoring the changed admin password), and upgraded to 1.5.6. However, for a normal user, the site just returns the 'Hacked by ...' text. Is there something else I need to do to the site to restore normal operation?

  22. avatar wordpros makes this comment

    Tuesday, 26 August 2008

    Thanks, James! Quick & easy solution for a hacker victim like me; now I've GOT to learn how to secure my site; thanks again for taking the time to record such a clear explanation for us all!

  23. avatar Juanparati makes this comment

    Saturday, 23 August 2008

    If you are using a prior version of 1.5.6 (only 1.5 branch) you can use also the new hack for the Password Remind Functionality.

    Please joomla developers update to 1.5.6 now!

  24. avatar Mrmegahurtz makes this comment

    Wednesday, 20 August 2008

    Did not work for me either. Is there another way to log in now?

  25. avatar Jason makes this comment

    Wednesday, 20 August 2008

    Doesn't work for me either. Any other ideas?

  26. avatar ALex makes this comment

    Wednesday, 20 August 2008

    Perfect. This was very helpfull. Now checking how to prevent this in the future.

  27. avatar jequalo makes this comment

    Sunday, 17 August 2008

    Doesn't work for me...

  28. avatar Håkon Hafell makes this comment

    Sunday, 17 August 2008

    Thank you !!!

  29. avatar falimbany makes this comment

    Sunday, 17 August 2008

    not work for me.
    i've used joomla 1.5.5
    should i upgrade first ?

  30. avatar Ahmed makes this comment

    Saturday, 16 August 2008

    Thanks very much, I have been hacked and i folowed these steps and it worked perfect for me a big thanks

  31. avatar Florian Georgescu makes this comment

    Saturday, 16 August 2008

    Thanks, I was quite surprised when I couldn't log in.
    After three attempts I could change the data in the database.
    Now is OK.
    Again, thank you.

  32. avatar wewex makes this comment

    Friday, 15 August 2008

    It's very useful for all...

    Thanks Mr.Elin Waring

  33. avatar Henry Catherwood makes this comment

    Friday, 15 August 2008

    They had changed every user password and taken the site offline. Publishing known passwords has saved me.

    I can login again

    A BIG thank you

  34. avatar mcbirdie makes this comment

    Friday, 15 August 2008

    This is helpful, but what do we do if our entire site is locked down? I can't access the front end of my site and if I can be honest, I'm getting a little tired of seeing the "grey_hat was here and you got owned. McBirdie sucks."

    I cannot even believe this is a pastime for people.

  35. avatar Amy Stephen makes this comment

    Thursday, 14 August 2008

    Smart thinking, Elin. Thanks (again) James!

  36. avatar avi makes this comment

    Wednesday, 13 August 2008

    you are doing great job, many thanks,

Add Comment


    • >:o
    • :-[
    • :'(
    • :-(
    • :-D
    • :-*
    • :-)
    • :P
    • :\
    • 8-)
    • ;-)



    Click to get a new image.