Help! I can’t log in as admin!
I’ve been hacked! What do I do?
If you find yourself unable to log in to Joomla! as the super administrator, either because you’ve forgotten your login or because your system was compromised, don’t panic. If you have access to your database with phpMyAdmin (or any other interface) you can reset the password.
Browse to your phpMyAdmin screens and find the jos_users table. Look for the row that holds your Super Administrator. The default user id for a Joomla! Super Administrator is 62.
Now, that you’ve located the Super Administrator user, click the little pencil icon (marked with the blue arrow in the image above) to open that row for editing. The password in the password field is actually a combination of three things: your md5 hashed password, a colon (:), and your md5 hashed salt. As a technical aside, the password is stored as a 32 character hexadecimal number corresponding to the password you entered when you (or in some cases your hacker) set the password. The password is encoded with the php md5() function. Follwoing the password and the colon is the salt, another hexadecimal number generated when you set the password initially, which is used to protect the system. A hacker my break the encdoing on a single password, but it would likely be impossible for him or her to do so on a salted password. The salt is a small string, not created by the user but rather by the system, so no one will know what it is.
Fortunately, the salt is not required to be part of the password for logins to work, but it is generated by the system when you create or change a password through joomla. What we will do is reset the administrator password to be the word “admin”. The md5 has for admin is “21232f297a57a5a743894a0e4a801fc3”. Once we change the admin password, we will want to log in and immediately change the password through Joomla! to anything else.
So, click that pencil icon and edit the row for the Super Administrator. Paste 21232f297a57a5a743894a0e4a801fc3 in the password field. Also, check the block field and make sure it is set to 0. You might double check the gid (group id) is still set to 25, while you’re there.
Now, click the Go button and browse to your /administrator location. You should be able to login using the username admin and the password admin.
IMMEDIATELY- that means RIGHT NOW – change your password!!
Go to Site->User Manager and select your administrator login from the list and open it to edit.
Put in a new password and click the big Save button at the top right.
Now, if you were hacked, rather than if you just forgot the password, go back to your phpMyAdmin and look for any OTHER Super Administrator users that may have been inserted in the database and delete them.
Finally, if you’ve been to the jos_users table, and you don’t find ANY row that contains a Super Administrator account, then perhaps it got deleted. Don’t worry, you can create a new one.
Inside phpMyAdmin, click the SQL button where you can type in actual SQL commands.
Some phpMyAdmin’s will let you run commands in a sequence, separated by ; and some require this to be done in three steps. Paste these commands in that window to create a new Super Administrator user with password set to admin.
INSERT INTO `jos_users` VALUES (62, ‘Administrator’, ‘admin’, ‘firstname.lastname@example.org’, ‘21232f297a57a5a743894a0e4a801fc3’, ‘Super Administrator’, 0, 1, 25, ‘2005-09-28 00:00:00’, ‘2005-09-28 00:00:00’, ”, ”);
INSERT INTO `jos_core_acl_aro` VALUES (10,’users’,’62’,0,’Administrator’,0);
INSERT INTO `jos_core_acl_groups_aro_map` VALUES (25,”,10);