Joomla - How to Reset Super Admin Password

As the author correctly points out, one of the most frustrating things that can happen to a website owner is either being locked out of their own site or database system, or not knowing how to reset a password. This article is a very thorough guide to doing just that- resetting your super admin password within your Joomla content management system.

The super admin password is the main daddy. This is what gives you access to everything in the account. If this were to become lost then most people would have a heck of a time trying to get back into their account. Actually, though, the author gives a lot of different tips and tricks for finding it listed right in your database.

I must confess that I am not a Joomla user. But I still found it interesting to see how one would go about locating and then changing this password. I am familiar with how to do this in a number of other content management systems, and this is a little different. There are actually several different ways or approaches one could take to reset a lost password.

The first way is likely the easiest and the most direct method. Generally speaking, if it is easy and direct, this is probably where you should start! The only thing is that this assumes you have access into your database. That may be a problem, given the fact that you are looking to reset a lost password. However, I assume that any good web owner will certainly give themselves a back door way into the site. So, OK, you can get into your account. The author gives a very clear method of actually locating the password (it should be the first entry under the edit users database).

Once again, resetting the actual password is a very simple process. The author even gives you the exact command and line of code needed to use in order to accomplish this task. These actual step by step directions are incredibly helpful. They are the best pieces of information which the author provides.

Honestly, the coding is quite interesting to me. I am not sure if many other readers will share my opinion or not, but I love trying to figure out how something works. This is especially true if it is internet or technology related. The code shows me in detail how the Joomla system is similar and different to other systems that I am used to working with.

In addition to all of this, the author also provides readers with several other suggestions and “optional” ideas which may work, although caution is advised. The main thing to remember about Joomla is that there is always something being added to the program, which means that tomorrow there may be an even easier way to solve a common problem. This makes Joomla such a cool platform to use for web development.

There are several additional easy ways to change or reset a password in Joomla. This platform is actually pretty easy to get into and work with. This was one of the biggest surprises for me personally. I began to design and build web pages and sites in the era where coding was regarding as the standard requirement. Everyone who was worth anything (in terms of web design skills) needed to know how to code. Also, this was during the days when it was hard coding. We literally spent days pouring over books learning the commands to do even the most basic tasks. Believe it or not, I miss those good ole days!

Of course, today all this has changed. There is now no need to learn actual HTML or any other programming language. You just simply need to master some software programs. Learn Dream Weaver and you can create as snazzy a web page as any master coder of years past. Not only that, but you spend one heck of a lot less effort in doing so.

The author also points out that you do not even have to log into your account directly. Instead, try clicking the MySql button. This will get you access very quickly. From here, you can easily find the lines for your password and reset this.

On the other hand, if you are not comfortable with using SQL commands, you can try an alternative method. Actually, there a couple of neat little tricks you can try here. The first is to copy and paste the password hash (I am not familiar with what exactly the password hash is, but I gather most Joomla users are) from another user over to your admin account. I gather that this is basically logging in to the account as another user. So, this means that another user would be able to reset the admin password.

Honestly, this seems a little strange to me. Actually it seems a bit unsecure. I would not want to have any user be able to see or (if they cannot see) and reset the master password. Perhaps it would a good idea to make this option available for one or two key users, but definitely not everyone.

Another trick that I actually like is to change your admin user email address. Change it to one that you are familiar with and can access, obviously. Then, you can use the forgot password function to have it sent to your new email address, which should now be registered. I like this trick. Of course it is a way to game the system, and probably speaks to the fact that is a bit less secure than many would like, but it still works.

You may also want to try reloading or reinstalling the Joomla user plug in. Get into to the back end of your account and then find this plug in and set the published status to 1. This status means that it is enabled.

I must confess that I am not a Joomla user, so this article may not have really been targeted to me specifically. However, I am a website owner and developer. Therefore, I am a little familiar with what Joomla is and understand a bit about what the author is trying to accomplish here. Essentially, there are a number of different ways and things that can be done if you need to reset your administrator password.

For the uninitiated, this super admin password is the big daddy of them all. This is the one that grants access to everything on your Joomla site. If you were to lose this or forget it, you would have a pretty interesting time trying to get back into your database. By interesting, I really mean not much fun and a whole lot of frustration. Yeah. THAT kind of interesting. Interesting meaning like you have a client screaming at you at 2 am because their site is down (one of the ones that you are hosting on a site where you have lost your Joomla password). Trust me, I do not care how good their technical support staff is, being wakened from a dead sleep and then having to call some rep in India for help (when you are already frustrated no less), will drive almost anyone to start drinking!

Actually, I think the best tip was given right up front. Back up your database. We all know that this only makes sense. Yet, very few of us ever do. Maybe we are all just lazy? Or we all think that there will never be a disaster or a problem? Personally, I have experienced a number of really difficult times with data. Those times when I had back-ups made everything so much easier. Trust me, you will a lot more relaxed knowing that you just need to push a few buttons and everything will be fine again.

The next tip for resetting the password is also quite basic, but accomplishes the job. You simply need to get into your database, either yourself or someone else. This assumes that you still have access to the password. Apparently, finding the password from this point is pretty easy. You click to edit the user database and then the next entry should be where you will see the super administrator password.

From here resetting your password is quite simple. The article actually provides a single line of code that should be used to accomplish this. To be honest, the whole process was much easier than I thought it would be.

I had always thought that Joomla was a powerful platform for managing your content. This may be why it is even called a CMS, or content management system. Yet, still I had envisioned this to be a highly technical process. I thought that getting involved in this would mean having to learn code and maybe even become a programmer. I was quite happy to discover that this was not the case.

I have a new job and my job is to work on my organization's website. However, no one in the office knows the super admin password because the person who set the account up is no longer around. The only information they do have is how to login to the front door not the back door. I have absolutely no idea how to retrieve the super admin password. I have the username and password but no other information. I think he worked on the website in a different office so my office computer didn't have joomla installed on it or xampp or anything. I downloaded xampp and joomla but i can't access the admin panel to make changes.

What do i need to do?? Please help. 

Hello friends,

I have this problem of can't login and no error message. I have reset my admin password, created new admin and still can't login.

I also to use the adjusting the permissions of sessions directory, but not find any sessions directory in my account.

I run Joomla 2.5.

Hope to hear from you again.

Thank you.

Roy!

I have lost my super administrator password in Joomla.

Awesome - I was able to retrieve my Joomla administrator password and an now back in my website! Thank you thank you thank you. The only thing I can think of that would make this article more useful would be to organize it by Joomla versions, and have a quick overview of the most effective method to retrieve or reset the administrator pw.

Login as Administrator means you have all the rights to do any thing in the windows without any restrictions.Let us suppose you are logged in as a guest user that means having low privilages and in your guest user these privileges are defined/set by the administrator and you may not be able to delete, install or download any thing without your administrator permission. If you install or delete some thing it may ask you for the administrator password to do so.

some times while working on Excel or Word due to some problem your file or backup files get crashed and there is an option to send this problem to the Microsoft team so that they can resolve it or they can update their error database if this is a new type of error which has never occurred before.

Techyv.com

If you have access to the Linux server you can directly change the pw using Grub or the Linux boot CD.

Symptom: Entered correct username/password - Login page just kept re-displaying - no error messages, nothing.

Cause: I had put a rewrite statement in my .htaccess file to redirect mydomain.co.uk/index.php to mydomain.co.uk - this statement was causing my mydomain.co.uk/administrator/index.php to get redirected to mydomain.co.uk/administrator so it never ran administrator/index.php to do the logon

Solution: First removed to prove this was the problem, then recoded the rewrite statement in my .htaccess

I successfully changed my super administrator password in Joomla two days ago, but now when I edit my text in Joomla such text does not reflect on my site. Please help!

Wow! It worked! A huge huge thank you!!!!

I cannot reset the admin password by following these steps. Maybe I am doing something wrong? Can you help please?

I had forgotten how to reset my Joomla password. Thanks for the reminder!

Great article, it helped me a lot. After temporarily removing PHP authentication I managed to login to the backend successfully and I changed the password correctly. But, after I had restored the original code and then logged in again I received the message "Username and password do not match."

I tried all the options mentioned above but I just can't find a solution ;(

Any help is appreciated and many thanks in advance!

Cheers,
Adi

Another possible cause of being locked out can be if the Authentication - Joomla plugin is deactivated (unpublished). This produces the same error message as wrong uid/pwd.

In this case the problem can be fixed in the ..._plugins table, setting published=1 where name is 'Authentication - Joomla'.

I had a similar problem but solved it in very simple steps:

1. Get a new password in plain text (please don't forget it).
2. Use an MD5 password converter to encrypt it.
3. In PHPMyAdmin (described above) replace the string of characters with your new encrypted password (ie. edit it then save it).
4. Go back to the Joomla site and login with your new password.

It worked for me!!!

Hello,

My name is Matt, and recently I bought a site from a client who is not answering to me.

My problem is that I don't know the way to login to my admin, for example : www.example.com\administrator - but when I type this it's says "page not found." And I have to add something to the site asap.

I have my Cpanel login details, but honestly I don't know how to find the admin details.

Thx!!

I lost the password to my admin account in Joomla 1.5. Can you help me? My host is http://**. Password: **. User: **. Website: **.com.

thanks a huge lot!

Hi;
This is my second email to you. I followed all the below mentioned steps but still i am not been able to login inside joomla panel. I spend many days for this but still not been succeed. I wonder if you have any other solution :-

Suggestion n.1)

edited the file administrator/components/com_login/admin.login.php to comment out line 69 (//LoginController::display() )
browsed to the login page.
[tried to login] and got an ‘Invalid token‘ message.
Reedited the [administrator/components/com_login/]admin.login.php file to remove my comment at line 69.
Refreshed the login page in my browser and got the normal login form.
Logged in [successfully].

try this and if it doesn’t work, then:

Suggestion n.2) [user inoxfire]

edit file administrator/components/com_login/admin.login.php [to comment out line 57, // JRequest::checkToken('request') or jexit( 'Invalid Token' );]
browsed to the login page.
[tried to login] and got an ‘Invalid token‘ message.
Reedited the [administrator/components/com_login/]admin.login.php file to remove my comment at line 57.
Refreshed the login page in my browser and got the normal login form.

try this and if it doesn’t work, then:

Suggestion n.3)

Log into phpMyAdmin and navigate to the jos_plugins table.
Look for the "User – Joomla!".
Ensure that it is published as mine was not (set published to 1 just in case).
[Look for] in row "Authentication – Joomla"
Ensure that it is published as mine was not (set published to 1 just in case).

try this and if it doesn’t work, then:
Suggestion n.4)

first check your Super Admin status:
[Open PHPmyAdmin] in the "jos_users" table set SuperAdmin to:
– field "id" – value "62"
– field "gid" – value "25" or "26".
in the "jos_core_acl_aro" table find row for "62":
– field "id" – write this down (should be 10 normally) – this is the "aro_id".
in the "jos_core_acl_groups_aro_map" table find row for "aro_id" = 10
– "group_id" should be "25" or "26".

BONUS:

If, for some reasons, you need to reset your joomla! admin password, or if you need to offer admin access to somebody else, or for whatever the reason, please change it by doing so:

Open PHPmyAdmin.
access your joomla DB and goto table jos_users.
modify "admin"-row and set it’s password code to this: 21232f297a57a5a743894a0e4a801fc3 (it’s the equivalent of ‘admin‘).

Looking forward to hear from you.

Thank You

Ujjwal

Well this isn't my Joomla problem right now but I've come across this page in the hunt for a solution to my problem (I have a building supplies site and Joomla freezing up on a certain page). I'm pretty sure I'm going to need help with this situation at some point so I am bookmarking this because if I need to reset the admin password I can jump straight to this.

it works Thank you again!

I successfully changed admin password from the Joomla 1.0 backend, but I have not managed to login back in again. I get the error "Invalid session"! Any help please?

I discovered a great video that shows Joomla Novices how to login to the back end of a joomla website. It can be found at this link. Hope that is helpful.

Thanks a bunch! Saved my big a**!

Last week my parents changed my password, which was really annoying. I tried to get it back. My computer is Win XP and at first I tried the ctrl+alt+del+del thing but it said it can’t do it because of ‘account restrictions’. Then I went for help in a forum and they told me to download the software Password Genius. It’s quite easy and I recovered my password at last.

After reading this what I did was go to my site and register as a new user (for example, JOHN) with a password that I will remember. Then I went to my PHP admin and the user part of my Joomla installation database.

I clicked edit user JOHN and copied the entire string in the password box. Then I clicked the back tab in my browser. Next, I went to my super admin and clicked edit and on the password box cleared the string and pasted the JOHN password I copied. Finally, I went to my admin and logged in using the new password and voila, I was in my admin again.

If you try this and it fails drop me an email rokwama at gmail dot com and I will try to help (www.tips.rahatechnologies.com).

Gracias muy buena info

I tried everything above for two days with no success. It wasn't until i went to reinstall that i noticed my .htaccess was changed to htaccess.txt, (don't know if it was a theme or plugin). I changed it back & previously reset pwd in phpmyadmin. All good now!

My friends gmail account got hacked months ago because she had a password with a bunch of numbers. Then she resets her password to a more secure password with a combination of numbers, letters, and special characters. Of course - she can't remember this password, so proceeds to restore the old one, thinking no one will hack in again. Oops - less than 48 hours later the account gets hacked again.

So my question - how does the security of a gmail password, which is a common email service, relate to the security of a Joomla password? Can I have my password be a bunch of numbers or do I need to create a super secure password that is non-dictionary word, letters, special symbols, etc.?

Forget my last query for exact wording about the password. I have figured it out.

I am having trouble getting this changing of the administrator password to work and get error messages. I have copied and pasted your whole string and tried the password various ways. I have cut some words off to see if that would do it, but did not get it. Here's the last attempt:

SET password=MD5(slowcow) WHERE usertype = "Super Administrator"

What exactly would you type in if you are trying to use "example" as a password. ( I will change later)

thank u bebeh...u make my job done! walah!!!

This is just what I was looking for. Nice to know there are so many different ways to reset your Joomla password. Considering how easy it is to lose a password, it's nice to have options handy.

Bottom line I need to find a better way of storing passwords. Does anyone have a recommendation? Maybe a password file?

I love working with Joomla - it's by far the easiest and most robust CMS out there. The admin panel is a breeze, article posting is super easy, and with all the available modules - like CB and Virtumart, there are few limits to what you can do in Joomla.

Thx, I just created a new user as advised above, then copied the password hashes back into the super admin.

Awesome
thx Dude

Fantastic - the MD5 method (using the MD5 has for "admin") above helped me get right back into my Joomla website. Now I just need to remember to change my password back!

Hi Folks,

First of all thanks for your effort in letting us know how we might be able to reset the admin password. However, I can't get it to work. Basically I tried all the tricks and tips you've given but have not had any success so far. Here is what I did:

First I tried the UPDATE `jos_users` SET `password` = MD5( 'new password' ) WHERE `jos_users`.`username` = "admin"; command, as I am running the latest 1.5 version of Joomla. After that I tried this one:

if ( $crypt == $testcrypt) { so that it reads:

if ( true /* $crypt == $testcrypt */ ) {

and Joomla still wants to have a password. And if I say i.e. blablafoo I still get that Authentication Error. Well, I then tried the first recommended Update Version:

UPDATE example_users SET password=MD5('new password') WHERE usertype = "Super Administrator";

And still no success! It is a local installation with the latest XAMPP on a Win/Professional System. So, has anyone some more ideas, am I having a rights issue? I simply got stuck and hope that one of you might kick me off the horse! Thanks a lot for your highly appreciated help!

Regards
Niels

I had my passwords written down but could not gain access any way. Tried 6 sites and none of the solutions worked.

Then did what jack said and it worked!!!!!!

Thanks jack!!!! Your one minute posting has helped many people all over the world for years!!!!!!!

Worked like a champ.

I have been getting the error message "Username and password do not match"

I have tried Jack's solution to modifying the joomla.php file and that has produced no effect. (and I have used this in the past on another site)

I have checked the configuration.php file and confirmed I am using the correct password.

What can I do?

I had the same problem, it was the Joomla user plugin which was disabled!

After beating my head against the screen and mouthing insanities about phpMyAdmin passwords that I couldn't remember I found this (on this very page):

Submitted by a visitor from afar on Fri, 2007-08-31 08:09.

By temporarily removing the authentication in PHP, you can let anyone login. So, in Joomla 1.5 RC, you can go to plugins/authentication/joomla.php and modify the line:

if ( $crypt == $testcrypt) {

so that it reads:

if ( true /* $crypt == $testcrypt */ ) {

Now everyone can login with any password. Change your password to something that you can remember. Do not forget to put the original authentication code back in.

Jack
www.jackbriner.com

Thanks heaps Jack! You saved my bacon!!

simple logic, but didn't come to my mind.. u saved my day ..Thanks

According to MySQL this is wrong.... this is useless information.

OK, thanks but after careful reading and changing the password for the super admin and even adding a new super, none of the MySQL entered passwords work.

I have full MySQL access and ftp access...how do I go in and do serious surgery?

There was a method in 1.5RC to make it possible to enter any password and get in. I am in 1.5.12, having been up to 14 and rolled back to 12 where it happened.

Alternatively, if something is screwing up the passwords entered when I add a new one, can I activate the show+send password box in the modules without having access to the admin back end. In theory yes, but where???

Thanks

thank you

Thanks for posting this quick little tutorial. I was about to freak out when I realized I couldn't change my unknown password. This saved me a huge headache.

Hi there. I am having trouble with my footprints filmworks administrator and the steps instructed seem not to be working for me. Any other ideas, please assist.

Md for footprints filmworks
Omar Abdulla

Hi there. I have lost my administration username and password for my domain. How do I go about resetting it and entering into my website domain.

Regards
Omar Abdulla from Footprints Filmworks

Awesome - thank you. Back inside my Joomla website now. I'll be sure to backup the password for next time! Thanks again for bailing me out

Thanks very much for posting this. Saved me quite a bit of trouble!

I tried everything above. I changed the joomla.php file, no help. I ran the sql, no soap: UPDATE `#__users` SET `password` =MD5("getsmart") WHERE usertype = "Super Administrator";

I think Joomla sucks.

Thanks, it worked! You might want to be a bit clearer with the instructions. Initially I wondered if I was supposed to copy the text string into the "password" field for administrator because I (and probably many others) have no idea what an "MD5 function" is.

I entered the text string in the field under the "SQL" tab (using cPanel) and it worked!

Thank you.

I don't know how to thank you...your technique save my website from some [expletive]. Thanks very much!

I am using Joomla 1.0, and I lost my password. How do I reset it?

Jun

It works for me. Thanks.

I have downloaded the Hash Calc.and mysql. What is the stored connection, and default schema? Where do I find that info?

Janith

Thanks a lot!!! It worked like a charm.

Thanks for the tip. Now that I have my Joomla admin password back, is there any way to engage SSL when logging into Joomla? In other words, does Joomla support a secure login protocol? I ask because I'm planning on transferring some sensitive information from my old website to my new Joomla based site and my first priority is to ensure that the information stays secure and away from prying eyes.

Thanks,
Jenny

Many Thanks!!! You just saved me a whole load of bother!
Martin

Sweet! I just got my Joomla password back using the password recovery method you described. I suppose there's different ways of doing it, but the first approach you described did the trick. Thank you!

THANKS THANKS and THANKS! From Romania

Hello guys, in case you don't wanna have trouble accessing phpMyAdmin, there's a script which allows you to reset any Admin password EASILY. This works for Joomla 1.x and 1.5.

I just followed the instructions for update command in phpmyadmin and PW change was a snap - very easy. Thank you.

Thanks
Joomla rocks

I am freaked out that my password did not work in the first place. yes, I know, you think I mistyped or forgot, but NO, I was typing in the correct password. Well, using the SQL UPDATE statement worked like a charm for me, still freaked out.

You can use phpMyAdmin to view & edit the mos_users table?

insert
21232f297a57a5a743894a0e4a801fc3
in the password field of the admin user.

it's the md5 result of the standard password "admin".

Please, for god's sake help me.

I don't really know what really happened. I was using myPhpAdmin. I went in the jos_users Database. Clicked SQL. And ran the following query, exactly like that:

UPDATE example_users SET password=MD5('admin') WHERE usertype = "Super Administrator";

Now my site just busted down completely !

When I try to access it, it says: Database Error: Unable to connect to the database:Could not connect to MySQL

Please give me a light !

Thank you so much. Worked like a charm.

Thanks for the UPDATE string, it works a teat.

James.

I get the message "Invalid session." Any help?

I have tried all of this to no avail. I see my user name and MD5 password in phpMySQL. I've changed it, saved it, done everything. I go to login on my admin site and STILL get that my user name and password do not match! Any other trouble shooting tips??

That was great to reset the password.

It's working, perfect.

Thanks
M. Javed Rahmani

Hi there, I did a site "clone" installed joomla in a test server, when everything was ready ...moved it to prod..a sister domain on the same server, everything is working fine, but cannot login to the "members" area...

I have no prob. on the admin side.....any ideas...

This is great! Thanks a ton you just saved me a complete re-install. (blech!)

Help! i've tried to change the password with MD5 encoding, but it still wont work.

the login page doesn't give any error message if i enter the right password, but it also wont login to the administrator page. it only take me back to the login page.

but if i entered the wrong password, it said "Username and password do not match"

anyone can help..?

i previously installed the same joomla 1.5RC but with different localhost/...... name and different db.

the old joomla cannot login, but the new joomla can...

Oh and the if ( true /* $crypt == $testcrypt */ ) wont work also

thx4 any help =)

Hi guy,
nice, but too complicated. MySQL and hence also phpmyadmin already offer the MD5 function. So you don't need a seperate website to create the MD5 hash.

Bests,
Daniel

If you have access to your server, then it should be in configuration.php file.

Hello,
Just thought I'd take the time to thank you profusely !
You've just saved me hours of pulling my hair out...

This does suck a bit security-wise though, no ?

Thanks again,
Sincerely,
Marie (Avignon, France)

Simple UPDATE ... SET password=MD5('yourpassword') doesn't work ?

MySQL has MD5 built in function.

Thank you - worked a treat

the site MD5er.com is inactive. i lost my username, not the password. the username is no longer admin. how do i proceed? why is it so challenging to get through this process. any other system has a simple "forgot username/password" button at the login stage...

HI!
I folowed these steps and now my site is completely down. I cant login or do anything. help!

Worked perfectly - I'll have to remember this method for next time...

Helped me a lot.

Thanks.

ClickMedia.TV

By temporarily removing the authentication in PHP, you can let anyone login. So, in Joomla 1.5 RC, you can go to plugins/authentication/joomla.php and modify the line:

if ( $crypt == $testcrypt) {

so that it reads:

if ( true /* $crypt == $testcrypt */ ) {


Now everyone can login with any password. Change your password to something that you can remember. Do not forget to put the original authentication code back in.

Jack
www.jackbriner.com

Thank you for the useful info. I regained my access to the admin section now!!!

May I add that once you get to see your password in the _users , you should again use MD5er.com to decode it, because it is encoded there.

Cheers,
Nik
www.hotparishilton.net

It works !!!!!

I have lost my super adminsitrator password in joomla. no i cant looge to my super administrator
so ineed to get my super adminsitrator password. IS THERE ANYWAY I CAN GET MY PASSWORD BACK