This page is only for Joomla! 2.5 and higher versions. If you are still using Joomla! 1.5 instructions can be found here.
Normally, you can add, edit and delete users and passwords from the back-end User Manager. To do this, you must be logged in as a member of the Super Administrator group.
In some situations, this may not be possible. For example, your site may have been "hacked" and had the passwords or users changed. Or perhaps the person who knew the passwords is no longer available. Or maybe you have forgotten the password that was used.
In these cases, it is still possible to alter the Joomla! database so you can log back in as a Super Administrator. These are the possible methods available to Joomla! administrators.
If you have access to your configuration.php file for the Joomla installation on your server, can recover the password using the following method.
1.) Using an FTP program connect to your site. Find the configuration.php file and look at the file permissions. If the permissions are 444 or some other value, then change the permissions of the configuration.php file to 644. This will help prevent issues when uploading the changed configuration.php file later in this process.
2.) Download the configuration file.
3.) Open the configuration.php file that was downloaded in a text editor such as notepad++ and add this line
to the bottom of the list where myname is a username with administrator access that you know the password for. An username that is Author level or higher can also be used in place of a username with administrator access.
4.) Save the configuration.php file and upload it back to the site. You may leave the permissions on the configuration.php file at 644.
This user will now be a temporary super administrator.
5.) Login to the back end and change the password of the administrator user you don't have the password for or create a new super admin user. If you create the new user you may want to block or delete the old user depending on your circumstances.
6.) When finished, make sure to use the "Click here to try to do it automatically" link that appears in the alert box to remove the line that was added to the configuration.php file. If using the link was not successful, then go back and delete the added line from your configuration.php file using a text editor. Upload the configuration.php file back to the site.
7.) Using your FTP program verify the file permissions of the configuration.php file, they should be 444. If you manually removed the added line, then change the file permissions on the configuration.php file to 444.
If you have no users who know their passwords and you can't utilize front end registration you may need to make a change in your database as outlined below in this document.
If the methods above did not work, you have two other options, both of which require working with the MySQL database directly.
If the admin user is still defined, the simplest option is to change the password in the database to a known value. This requires that you have access to the MySQL database using phpMyAdmin or another client.
These instructions show how to manually change a password to the word - "secret"
If changing the password won't work, or you aren't sure which user is a member of the Super Administrator group, you can use this method to create a new user.
The following code uses jos31_ as the table name prefix which is only an example table prefix. The prefix when you first installed Joomla is RANDOM or what you set it specifically too. You will need to change all occurrences of jos31_(your install set prefix) found in the code below to the prefix your installation is using.
SQL code for use with Joomla 2.5.x 3.1.x
INSERT INTO `jos31_users` (`name`, `username`, `password`, `params`) VALUES ('Administrator2', 'admin2', 'd2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199', ''); INSERT INTO `jos31_user_usergroup_map` (`user_id`,`group_id`) VALUES (LAST_INSERT_ID(),'8');
At this point, you should be able to log into the back end of Joomla! with the username of "admin2" and password of "secret". After logging in, go to the User Manager and change the password to a new secure value and add a valid e-mail address to the account. If there is a chance you have been "hacked", be sure to check that all users are legitimate, especially any members of the Super Administrator group.
Warning: The password values shown on this page are public knowledge and are only for recovery. Your site may be hacked if you do not change the password to a secure value after logging in. Be sure you change the password to a secure value after logging in.
The examples above change the password to "secret". Two other possible values are shown below:
- password = "this is the MD5 and salted hashed password" ------------------------------------------------------ - admin = 433903e0a9d6a712e00251e44d29bf87:UJ0b9J5fufL3FKfCc0TLsYJBh2PFULvT - secret = d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199 - OU812 = 5e3128b27a2c1f8eb53689f511c4ca9e:J584KAEv9d8VKwRGhb8ve7GdKoG7isMm