Resetting Joomla admin password

It is a testiment to my own foul forgetfulness that I am endlessly hunting the Joomla forums for the post that explains how to reset the admin password for Joomla.

Rather, it’s not that I can’t remember how to do it – doing it is quite simple – it’s I can’t remember the values to insert.

The only way to “reset” your Joomla password is by editing the database directly. Simply:

  1. Access your database, either via phpMyAdmin or whatever program your hosting uses.
  2. Navigate to the jos_users table, browse the admin user and edit the password field.

Now here’s where it gets a tad tricky – the password, for security reasons, isn’t stored as straight-up text. Instead, it is stored using a one-way MD5 hash. All this really means is that instead of inserting some string of text as your password (ie. “imagod”) you insert the text string converted to a MD5 hash string (ie. “556266312a4980d0203b590a56751961”).

So, once you’ve popped open the password field, just insert the new MD5 hash, save and you’re done.

Assuming you’re not the next Rainman, you’ll probably need a tool to come up with the MD5 hash – this online Javascript MD5 hash generator works well. Just insert the password you want to use in the input field and push the MD5 button.

If you just want a quick reset, and then want to edit the password the standard way via Joomla’s User Manager, here are a couple MD5 hashes:

  • secret: 5ebe2294ecd0e0f08eab7690d2a6ee69
  • password: 5f4dcc3b5aa765d61d8327deb882cf99
  • admin: 21232f297a57a5a743894a0e4a801fc3

11 thoughts on Resetting Joomla admin password

  1. I’m certain they’re using brute force attacks to crack the hash – so anyone using a reasonably good password (8+ characters, numbers, letters, mixed case and punctuation) isn’t likely to find it on there anytime soon.

    But yeah – good to be aware of.

  2. It’s interesting. My passwords tend to be as random as possible and long. But consider someone with a ‘strong’ password that was made of a word or two with common letter-to-number switches (e > 3, for example) and random caps, plus maybe a couple of random letters/numbers. An intelligent brute force with permutations on dictionary words becomes a beautiful thing, search space is smaller.

    Throw in some statistical analysis of what sorts of words (nouns, more common words) a database of perhaps a couple hundred thousand hashes has and the search space gets really interesting. And that’s not on the public web, but someone surely has it.

    Nothing beats social networking though.

    I find this stuff fascinating.

  3. This is pretty easy using PHPMyAdmin if you have it. If you don’t, get it – it’s free, auto installs on most hosting providers who have Fantastico! or a similar tool.
    Bring up PHPMyAdmin, select the database for your Joomla installation, choose the SQL tab, and enter this line of code:

    UPDATE `jos_users` SET `password` = MD5( ‘your_new_pw’ ) WHERE `jos_users`.`username` = “admin” ;

    If you’re using a different admin user than “admin” use that, and put the password you wish to use where the code says your_new_pw. Leave the quote marks, single or double, where they’re shown.
    By now you’ve long since probably already fixed the problem, but this is the easiest way I know to fix it. PHPMyAdmin has a built in MD5 hash generator -or is that in the MySQL back end? It doesn’t really matter – it gets done for you.
    Good luck!

  4. @Rob: Solid tip Rob – cheers for sharing. Didn’t even occur to me to use MySQL’s built in MD5 hash generator.

  5. Pingback: CrashTest Blog » Blog Archive » Zerando a senha de administrador do Joomla!
  6. I have the correct username and password but still can’t login as administrator – I’m not getting any error message – basically when I click on login it just seems to be resetting

  7. It’s old feature. In the newest version hash in not simple md5. It contains md5 hash and salt, which may be different.

Say something...

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Return to Top ▲Return to Top ▲