Recovering Administrator Access on Your Magento Site
If you have lost your administrator password for your site, this article will help you recover access. The way most content management systems (CMS) stores authentication data, is within a MySQL database table usually named “user.” Passwords are usually encrypted using one way hashing algorithms such as SHA2 and sometimes made difficult to brute force with key derivation functions or salting. Some CMS has tools that you can use via SSH, and others require that you modify the database directly. This article will explain how you can reset the password for Magento.
Using phpMyAdmin to run a query
In this article, there are many steps that require running a MySQL query on the database for your web site. If you are unfamiliar with MySQL, we recommend that you pay close attention when entering the query or contact us for assistance as you are able to cause damage to the site if a query is entered incorrectly. This section will provide instructions on how to run the queries mentioned in this article with the use of phpMyAdmin built into cPanel.
Before you run any query, first make sure that you are running the query on the correct database and that you have updated or added correct prefixes to the tables mentioned in a query. You can find this information by viewing the configuration file for the site, which contains the database name and table prefix.
UPDATE `prefix_users` SET `user_pass` = MD5(‘password’) WHERE `user_login` = 'admin';
The query above will change the password for the user “admin” to the password “password” on a CMS. Before you run the query, you must first update the query to match your environment. The prefix, identified as “prefix_” in the example, needs to be either removed or replaced depending on if your site uses a prefix. The password needs to be replaced. The username needs to be updated to your account login-if you do not know the account login, you can usually click on the table in phpMyAdmin to see what accounts exist.
Note: If you are copying and pasting the query, double check the single quotes (‘) and prime (`) are not replaced with smart quotes. The prime key is to the top left of the keyboard under the escape key and the single quote key is next to the return key typically on a us keyboard.
Once you have all the information above updated to match your environment, you can then run the query on the database.
- Login to cPanel.
- Under the databases section, click on phpMyAdmin.
- On the left side bar, click on the database for your site.
- On the top, click on the tab named SQL.
- Confirm that the “Run SQL query/queries on database user_db” matches the database name of your site.
- Enter the query, updated to match your environment.
- Once you have confirmed everything is right (you can click simulate query to see how many items will be affected), click on the “Go” button on the bottom right to execute the command.
Magento 2 supports using a more secure algorithm. We still recommend that you use a temporary password at first and immediately update the password within the admin panel as Magento 2 uses better security when you set the password within the admin panel.
- Follow the instructions for phpMyAdmin to run the following query.
SET @user_name = 'admin'; SET @password = 'NewPassword1'; UPDATE prefix_admin_user SET password = CONCAT(SHA2(CONCAT('xxxxxxxx',@password), 256), ':xxxxxxxx:1') WHERE username = @user_name; UPDATE prefix_admin_passwords SET password_hash = CONCAT(SHA2(CONCAT('xxxxxxxx',@password), 256), ':xxxxxxxx:1') WHERE user_id = (SELECT user_id FROM prefix_admin_user WHERE username = @user_name);
- Login to the admin panel with the password you set above.
- On the top right, click on the drop down menu for the user.
- Go to account settings.
- Enter in the new password in “New Password” and “Password Confirmation” fields.
- In the field “Your Password,” enter the password you set in the query.
- On the top right, click “Save Account.”