Manually generating salted & hashed WordPress passwords

Jan 23rd, 2013   4:08 pm

Sometimes you might need to dip in to the WordPress SQL database to manually manipulate passwords. Whether resetting a long-lost password, or adding a new user from the MySQL command line, better security in recent versions of WordPress have made this a bit of a chore.

In older versions (that used MD5 hashing), you could simply:

UPDATE wp_users SET user_pass=MD5('my_password') WHERE ID=1;

Now, however, that’s not longer possible. That is a good thing™, because passwords are a whole lot more secure now (even if database access is compromised). Now you’ll need WordPress to generate the hashed password for you (at least, that’s by far the easiest approach because password hashing now uses salting as well). I’ve written a simple PHP file that uses WordPress’ own password utility methods to return a hashed password equivalent of the plain text password you typed. You can then use that hash in your direct MySQL manipulation. E.g.:

UPDATE wp_users SET user_pass='$P$BFuCvolvRyjUHu099Nc3PmupPqU6es.') WHERE ID=1;

Usage:

  1. Download this Gist of the pwd.php file from GitHub
  2. Save/move it to your base WordPress install directory (the directory that contains wp-admin/, index.php, wp-config.php, etc.)
  3. Visit the page, type your desired password, and submit.
  4. Use the returned hashed/salted password in your SQL.

 

css.php