Technology & Web Resources For Your Business
Home > Tech > Web Development > CMS > Joomla: How to Reset Super Admin Password

Joomla: How to Reset Super Admin Password

The easiest and most straightforward way to reset your Joomla password is to use the back-end User Manager. Login to your Joomla site as a member of the Super Administrator group, and then reset your password in the User Manager. If you don’t have access to a member of the Super Admin group, you’ll need to go into your database and manually replace the password of the Super Administrator. Joomla passwords are encoded with a one-way “salted” MD5 hash, which means you can’t recover the password, you can only replace it.

Before we begin, you must have access to your database. If you don’t, pass these instructions on to someone who does. It’s also a good idea to backup your database before making changes, just in case something goes awry.

How to Login to Joomla Backend

First things first. To login to the backend of your Joomla site, browse to, replacing “” with your website URL. If you are unable to login, or unable to reset your password using the “forgot my password” link, try the steps below to reset your Joomla admin password.

Joomla 1.6+

If you are using Joomla version 1.6 or later, follow these instructions to reset your lost password.

Configuration File Method

If you have access to your Joomla configuration file (configuration.php), you can use the following method to reset your password:

  1. FTP into your Joomla installation, locate the configuration.php file, and change its permissions (chmod) from 444 to 644.
  2. Download the configuration file, open it, and using a text editor (such as Notepad in Windows. Don’t use a word processor – these will insert code into the configuration file that may break it) add the following line to the bottom of the file: public $root_user = ‘username’;
  3. Make sure the ‘username’ is a username that already exists and has Author level or higher (preferably administrator) access.
  4. Save the changes you made to the configuration.php file and re-upload it to your site.
  5. You’ve created a temporary Super Administrator that you can use to login to the back-end and either change the Super Admin pw or create a new Super Admin user. Consider blocking or deleting the older user if you create a new one, for security purposes (ie. if the old one had their password hacked).
  6. As a last step, you want to make sure the line we added to the configuration.php file is removed. You can do this manually or check the “click here to try to do it automatically” link in the alert box that appears.
  7. Once the line is removed, restore the permissions of the configuration.php file back to 444. This is an important security measure protecting access to this important configuration file.

If you don’t know any users that are Author level or higher, you may need to access your database directly using the methods below to reset your Joomla password.

Joomla Hosting Joomla website hosting




Looking for a web host that will make your Joomla website pages load super fast? Checkout MyHosting – they offer solutions optimized to bring the most out of your Joomla CMS platform.

Database method

Finding the Password

  • Log in to your Joomla database (via phpMyAdmin for example)
  • Click to edit the _users database (will be preceded by your account name, for example: example_users)
  • Edit the entry for where usertype = “Super Administrator” (should be the first record)

Resetting the Password

In the password field you’ll notice a string of characters. Joomla uses a one-way encoding method, which means you won’t be able to retrieve your old password. However, you will be able to reset the password to a new one using mySQL’s built-in MD5 function:

UPDATE example_users SET password=MD5(‘new password’) WHERE usertype = “Super Administrator”;

Congrats! You just successfully reset your Joomla password. Go to your Joomla domain at and try logging in with the new password. You should be logged in as Super Administrator.

Reset Using cPanel

For those not familiar with mySQL, you should also be able to login with cPanel, click on the “SQL” tab, and enter the above query there.

Copying the Password from Another User

An alternate method to reset your password, if you’re not comfortable with SQL commands, is to simply copy and paste the password hash from another user (to which you know the password) over to your admin user. You’ll then be able to login as the admin user using that password. If you don’t have another user, you should be able to register as one, and then copy the password over.

Applying the Email From Another User

Yet another alternate method to retrieving your lost Joomla admin password is to change your admin user’s email address to one you are familiar with. Then use the lost password retrieval function (the “forgot password” link in the login section) to have your Joomla password emailed to you.


Thanks to feedback from our web rockers we’ve been able to add various user based suggestions in addition to our own. Please use caution when trying these optional suggestions!

AlphaNumeric Only

If for some reason the above method does not work try encoding a password that contains only alphanumeric (a-z, 0-9) characters. This method may not work if your password contains special characters (@!#$).

Joomla User Plugin

Another possible reason that you’re unable to login is that you may have inadvertently deleted the Joomla User Plugin. You can remedy this by logging into you backend, and locating the jos_plugins table in your database. Edit this entry and set the published status of user joomla to 1 (enabled). Once you’ve done this, try logging in again.

Temporarily Remove PHP Authentication

This is another potential approach you can use to recover your Joomla admin password, but proceed with caution. Also note that this has only been tested in Joomla 1.5. Locate the file plugins/authentication/joomla.php, and change the line

if ( $crypt == $testcrypt) {


if ( $crypt == $testcrypt || $_SERVER[‘REMOTE_ADDR’] == “Your IP Address”) {

Replace “Your IP Address” with your IP address (your IP address is: ). Now anyone from your IP address (ie. your PC or local network) can login with any password. After logging in and changing your password, remember to restore the original code.

Can’t Login and No Errors

If you can’t login and Joomla is not giving you any error messages, it could be that your sessions directory doesn’t have the correct permissions. They should be set to 755 (you can login via FTP, find your sessions directory, and adjust the permissions (CHMOD)).

Invalid Session Error

If you’re getting an invalid session error when you try to login, you probably need to clear your browser and or site cache and cookies. Refer to our browser cache clearing instructions for details on clearing the cache your browser. For Joomla, you can clear the cache tables in your database (if you were able to login, you could browse to Tools > Clean Cache).

How to reset Joomla 1.5, Joomla 1.0 and earlier passwords

In each of these examples you’ll want to follow the above instructions, but then modify your SQL query to the following, which will reset your password to the one you specify.

UPDATE `jos_users` SET `password` = MD5( ‘new password’ ) WHERE `jos_users`.`username` = “admin”;

If this doesn’t work, try changing jos_users to mos_users.

How to Reset a User to Super Administrator

An alternate approach is to adjust the username, email, and password of the existing Super Administrator usertype so you can regain access to your website via an existing user. Here’s the steps to take:

  • Log in to your hosting account and browse to your domain name.
  • Click on “View Details” (varies depending on hosting provider)
  • Click on “cPanel”
  • Click on “phpMyAdmin” under the “Databases” section
  • Click on the name of your database in the left column (should be something besides the default “information_schema”).
  • Back up the database using the “export” function in the top menu just in case you inadvertently screw something up.
  • Scroll down and click on “[tablename]_users” (the name, not the icon) in the left column (tablename will be whatever your database name is).
  • Copy the username, email and password from your user to the “usertype” that is set to “Super Administrator” (this will allow you to login as Super Admin again; you’ll also need to change your old username (for example, to “Admin2”) so they don’t both have the same username.

When logging in now using the same credentials, your user should be back to Super Administrator and you should have access to all the backend admin functions.

Joomla: Evolution of a CMS

Joomla is one of the world’s premier open source CMS (Content Management System). It’s competitors include WordPress (which began as a blogging platform but has since grown into a full-fledged CMS thanks to all the plugins developers have created), Drupal, TypePad, and others. Drupal probably most closely resembles Joomla’s overall structure and functionality, although Drupal tends to be a lot more robust and powerful, while Joomla is known to be more user-friendly and attractive right out of the box.

Our site's mission is to help consumers make more informed purchase decisions. This post may contain affiliate links (marked with "Affiliate" when you hover over them) and we will be compensated if you make a purchase after clicking through these links. Our website accepts financial compensation to allow us to provide this free service to you, our reader, while eliminating the need to clutter pages with advertisements. Compensation does not influence the rankings of products. More info on our disclosure page.

About Alex Schenker
Alex bring a series of in-depth articles on search marketing and content management systems as well as troubleshooting tips to We Rock Your Web's collection. He is an avid tennis player, nature enthusiast, and hiker, and enjoys spending time with his wife, friends, and dogs, Bella and Lily.
  • Pedro V.

    Hi. I have a serious problem. I had been out of the web design for a few years till I was tasked with building my condo’s site. I came across this “company” AssociationComm that supposedly “builds websites” for condos. I opened an account and was excited to work side-by-side with the designer. From the beginning I noticed problems with the company’s customer service: emails would not be answered, phone calls went to voice mail and were not returned, etc. I did research online and found out a number of violations with the BBB in Salt Lake City and with prior customers. I also found out that the alleged company was solely operated by a Jefferson Baisden. I confronted him on my findings and he admitted to many of them but promised to mend his ways and “do it right if he were given a chance”. I then discovered that he used Joomla to build the sites and all he provided was a template, with a little configuration. He helped me familiarize myself with the backend and I did the rest. The customer had to build the site. I learned as much Joomla as possible and built the site myself under a temporary domain name. Now that I’m ready to make the DNS changes, pointing to the right domain name, the guy won’t answer emails, texts or voice mails again. I asked him to create a backup of the site and I would go somewhere else and he declined. I don’t care about the money I paid. I just want my files. I don’t have access to the cPanel, and the hosting company said they can’t do anything for me because he owns the files. Any suggestions? I’m kind of desperate. Thanks.

  • ish

    I don’t have a username for phpadmin how to get one for my website?

    • You need to contact your hosting provider to get the username. This is usually setup when creating the database, but if your site’s already up and running it’s already been created.

  • Signe

    Hello. I am having a similar problem but only on my home computer. I try to log into the admin and repeatedly get the message “Username and Password do not match” I am able to log in on the computer at work, on my smart phone, on a friend’s computer just not on mine- which is where I need to in order to update content and photos. I did not build the Joomla site myslef. I am an artist who hired someone. He has reset my password for me and still I cannot login. I have tried Firefox, EI and Chrome. My home internet provider is Comcast Xfinity. We are both baffled. Do you have any suggestions?

    • That’s a very strange situation Signe. Sometimes something as simple as clearing your cache can solve a problem like this. I’ve personally had this issue with signing into a site before and after I clear my cache it suddenly works. If this doesn’t help you please let me know and we’ll find another solution for you! Thanks for commenting.

  • Guest

    Thank you so much for this article. This site has some really amazing resources and I am glad I found it. When I get done here, I am going to do some more reading and see what other issues I can resolve around here on my own by following your advice.

    I am new to Joomla. I am not a very technical person. I know how to use my computer and I can usually navigate my way through new software, but when it come to things like this, I am very lost. I lost my password and I had no idea what to do about it. I would have even called someone if I could. It was very frustrating.

    I also love how you put things in layman’s terms. Not everyone know the ins and outs the technical word and I get tired of trying to understand what the really technical people are saying. It is just not my thing. I have my own set of skills, but the details of computers and so forth is not among them.

    Anyhow I finally got in, thanks to your advice. So I just wanted to say thanks and keep up the good work. We appreciate it out here!

  • Guest

    You have no idea how much I appreciate articles like these. I had to reset my Joomla password and had no idea how to go about doing it. I had several people offer me advice, but nothing that they said to do worked when I tried it. I spent hours trying to figure out how to do it before I ended up here. I have the problem fixed now, thanks to the information you gave me here, which I tried with great success. But really, it should not be so difficult to do. Of course, if I had kept my things in order to begin with, it would not have been a problem.

    I even tried looking in several forums as I have had good luck getting technical advice on those, but sometimes I find that there is some superior attitudes to be found on there I am not an idiot just because I am not a tech genius. I am really just the average person who does not happen to have a book to help me translate tech language into terms I can understand. So thank you for putting this information into terms just about anyone can understand. It is much appreciated from this corner of the world.

  • guest

    I am ever grateful to you for giving us all the information you presented here. I could not get into my Joomla until after I came in here and applied some of the things you offered here. Thanks for putting everything in such basic terms. It is frustrating enough not being able to get into your system without the added stress of trying to interpret the instructions on how to get into the system when you find them.

    I did want to mention that I did have to use all lowercase letters to create a new password. I tried several other ones, but they did not work, so I resorted to the simplest method possible. Also, I’ve noticed a trend in software that does not allow for special characters or mixed lower and uppercase letters. Some won’t even allow you to mix numbers and letters. While I find this interesting because it seems like an advance system would be able to handle these combinations, it’s not really a big enough deal for me to do anything significant about it. I just think that people should be aware of that since I have already had a few problems with more than one software program. If all else fails, just keep it simple.

  • Guest

    Thank you so much for putting this information out there. I had no idea how to change my Joomla password. I did try everything but nothing I did worked and I was getting so frustrated that I was ready to give up on the whole thing. And the idea of calling someone to come do it for me was more than I really wanted to think about. IT services never come cheap, no matter how small the job is.

    I am glad you mentioned something about not being able to retrieve the password too. All this time I just thought I must be totally missing how to do it. It is nice to know that it is no reflection on my own capabilities. It is simply the way the program works. At any rate, it was also a great reminder that I need to make note of every password I use with every program I use. I use quite a few programs and sites in the course of a day and there have been quite a few times when I could not remember my password. I find that it is always a good idea to have them written down somewhere just in case I could not remember them or something happened to the computer. The Joomla one is one I really need to write down.

  • guest

    I find the whole issues of the alpha numeric characters to be something that really gets under my skin. We are supposed to be at the height of the technology era, but there are plenty of devices and programs still out there that cannot deal with the mixture of characters. Some of them can’t deal with capital letters either, which I find to be totally ridiculous.

    The thing that really irritates me the most about the whole issue is that some companies do not tell you about this until you have gotten to the point where you just want to tear your hair our because you have tried everything and still nothing works. And who would think of that? I mean, the first time it happened to me, my first thoughts were that I should probably get ready to get a whole new device. If it wasn’t sophisticated enough to handle mixed character, it probably wasn’t going to be able to perform the tasks I needed it to do. And even if it was, the program already seemed outdated and wasn’t going to last long anyhow, but that was a particular device which shall remain nameless…

  • guest

    I noticed that you mentioned how you should always back up your database. I am on a roll with stressing things like that since I recently lost all of my information after not properly backing up my database. It’s so easy to overlook that one step and assume that the end result will be the one you want. The problem is that people can make mistakes while they are working on your computer or the computer can have a problem that you don’t know anything about until it is too late. This isn’t even the first time I’ve been through such nonsense. However I am hoping it is my last.

    I also noted that there is a comment here that mentions software you can use to reset passwords in three steps. While I think that having such software available is sometimes a good idea, I also think that knowing how to do to without the software is a skill that you should learn. After all, you can get into a situation where the software doesn’t work or you don’t have it with you when you need it.

    Great job on the article. You really made the process one that is very easy to understand.

  • Guest

    So, I think a lot of people who read this might think that some of the information offered here is just common sense. And, I suppose if you’re well versed in technical things, it very well might be. But for those who don’t ever work with this kind of thing and just want to get done whatever they have to get done, this can be phenomenal information. I am one of those kind of people. I have a lot of skills, but speaking tech isn’t always one of them.

    This is some great step by step info here and is one of the reasons that I love coming to this site. You don’t just assume that people are well versed in these areas, but instead put it into terms that just about can understand. Personally, I would probably just have one of my friends do this for me, but I still love to read about it. I’m not absorbing the details through osmosis or anything, but I do feel a bit more comfortable when I at least put an effort forth to understand the language used. Thanks for helping with that!

  • guest

    I don’t even know how I would survive the Internet if it wasn’t for articles like these. I don’t use Joomla, but that could change as fast as everything else on the Internet changes. I would love to learn more about dumb things like this. I hate having to pay someone to figure out how to fix a simple problem like this.

    Even with the Blogger platform I have problems with coding and things like that. Heck, I was really impressed with myself when I could simply make a link that took you to a place further down on the page rather than to a whole other page or site.

    I think the problem with people like me is that we tend to make things like this harder than they are. When I get really frustrated with the Internet or my computer, I have to remind myself that it’s just one big calculator. If you give it the right information you’ll get the results you’re looking for. If you give it the wrong information, God knows what you’re going to get.

    But this issue seems simple enough. I keep a list of all my passwords for everything so that I can easily access them when I need to. Any time I haven’t done that I end up regretting it.

  • Anonymous

    Using phpmyadmin, I reset the password using this SQL statement

    update jos_users set password = md5(“password”) where username = “admin”;

    The value of the password field in the jos_users table became 5f4dcc3b5aa765d61d8327deb882cf99

    I could login using this value.

    However when I entered Joomla using another super admin account and changed password of admin in user management to the same string “password”.

    The value in the jos_users table became


    The hashed pattern was much longer and I could also login using this value.

    I noticed this value changed when I repeatedly perform the change password process inside Joomla.

    Can anyone tell me why this happened?

    • Anonymous

      Joomla 1.5 and latest generates a random salt for each password. Your password in database will be like this: encryptedpassword:salt

      so u need to encrpyt your password with the salt and replace it in your database

      I have successfully done it before. So this is a few steps how i recover my password:

      1. go to phpMyAdmin and find table name=’jos_users’
      2. browse and click edit button for user name=’Administrator’
      3. the password field will be=(encryptedpassword):(salt)
      4. copy (salt) and you need it to generate encrypted password
      5. make new php file and paste this code into it:
      < ?php$salt="paste your salt here"; $crypt=md5("type your new password".$salt.":".$salt; echo $crypt;?>

      6. then view your php file in localhost or online web server.
      7. copy all encrypted password and paste it in password field in table ‘jos_users’ which name is Administrator
      8. or simply use this sql command and run it:
      UPDATE `jos_users` SET `password` = ‘your new encrypted password’ WHERE `jos_users`.`name` =’Administrator’;

      that’s all.thanks.=).sorry for my broken english.ada aku kisah??lol.=)

    • a web rocker

      It’s in encrypted format. Change to md5 and then use.

    • We Rock Your Web

      Your first hashed value is simply the password. The second one consists of a username and a password, in the form username:password.

  • Anonymous

    I am having trouble getting this changing of the administrator password to work and get error messages. I have copied and pasted your whole string and tried the password various ways. I have cut some words off to see if that would do it, but did not get it. Here’s the last attempt:

    SET password=MD5(slowcow) WHERE usertype = “Super Administrator”

    What exactly would you type in if you are trying to use “example” as a password. ( I will change later)

  • Anonymous

    Hi Folks,

    First of all thanks for your effort in letting us know how we might be able to reset the admin password. However, I can’t get it to work. Basically I tried all the tricks and tips you’ve given but have not had any success so far. Here is what I did:

    First I tried the UPDATE `jos_users` SET `password` = MD5( ‘new password’ ) WHERE `jos_users`.`username` = “admin”; command, as I am running the latest 1.5 version of Joomla. After that I tried this one:

    if ( $crypt == $testcrypt) { so that it reads:

    if ( true /* $crypt == $testcrypt */ ) {

    and Joomla still wants to have a password. And if I say i.e. blablafoo I still get that Authentication Error. Well, I then tried the first recommended Update Version:

    UPDATE example_users SET password=MD5(‘new password’) WHERE usertype = “Super Administrator”;

    And still no success! It is a local installation with the latest XAMPP on a Win/Professional System. So, has anyone some more ideas, am I having a rights issue? I simply got stuck and hope that one of you might kick me off the horse! Thanks a lot for your highly appreciated help!



  • Anonymous

    After beating my head against the screen and mouthing insanities about phpMyAdmin passwords that I couldn’t remember I found this (on this very page):

    Submitted by a visitor from afar on Fri, 2007-08-31 08:09.

    By temporarily removing the authentication in PHP, you can let anyone login. So, in Joomla 1.5 RC, you can go to plugins/authentication/joomla.php and modify the line:

    if ( $crypt == $testcrypt) {

    so that it reads:

    if ( true /* $crypt == $testcrypt */ ) {

    Now everyone can login with any password. Change your password to something that you can remember. Do not forget to put the original authentication code back in.


    Thanks heaps Jack! You saved my bacon!!

    • Anonymous

      Super Jack… Very helpful


    • Anonymous

      Hello Jack,

      I tried to follow your steps and did exactly what you have mentioned but still it’s not working. This is the code I used:

      if ( true /* $crypt == $testcrypt */ ) {

      $user = JUser::getInstance($result->id); // Bring this in line with the rest of the system

      $response->email = $user->email;

      $response->fullname = $user->name;

      $response->status = JAUTHENTICATE_STATUS_SUCCESS;

      $response->error_message = ”;

      } else {

      $response->status = JAUTHENTICATE_STATUS_FAILURE;

      $response->error_message = ‘Invalid password’;


      2nd Solution:

      I changed the password from jos_user and tried to login as the administrator, but even this did not work.

      3rd Solution:

      I went through user_plugin and the numeric value given is 1.

      4th Solution:

      I changed the below code again in order to work through the IP address but that did not work as well. One more thing – I cleared all the cache and deleted the history of my browser too.

      if ( true /* $crypt == $testcrypt */ ) {

      $user = JUser::getInstance($result->id); // Bring this in line with the rest of the system

      $response->email = $user->email;

      Following all the above steps I am still not been able to login inside the panel.

      Looking forward to hearing from you.


    • Anonymous

      This solution worked for me after trying many of the mentioned tricks.

      Thanks a lot.


    • Anonymous

      It is better to replace:

      if ( $crypt == $testcrypt) {

      if ( $crypt == $testcrypt || $_SERVER[‘REMOTE_ADDR’] == “your ip address”) {

      Only the people with that IP can login to your system.

  • Anonymous

    Helped me a lot.


  • Anonymous

    By temporarily removing the authentication in PHP, you can let anyone login. So, in Joomla 1.5 RC, you can go to plugins/authentication/joomla.php and modify the line:

    if ( $crypt == $testcrypt) {

    so that it reads:

    if ( true /* $crypt == $testcrypt */ ) {

    Now everyone can login with any password. Change your password to something that you can remember. Do not forget to put the original authentication code back in.


    • Anonymous

      Many thanks Jack,

      Saved me lot of trouble!


    • Anonymous

      Thank you, JACK!

    • Anonymous

      Hi Jack,

      I have joomla 1.0.15 installed, and am unable to reset the password (MD5 from phpMyAdmin…).

      I wanted to ask you if you know of a “different approach” which would also apply to my version of Joomla, as opposed to 1.5?



      • Anonymous

        I found a solution for 1.0.15

        search in administrator/index.php and find the line (approx. 105)

        if (strcmp( $hash, $cryptpass ) || !$acl->acl_check( ‘administration’, ‘login’, ‘users’, $my->usertype ) )

        and change it to:

        if ( false /* strcmp( $hash, $cryptpass ) || !$acl->acl_check( ‘administration’, ‘login’, ‘users’, $my->usertype )*/ )

        now you can login and generate a new user or set your password in the backend.

        all other versions of creating new passwd with or without salt didn’t work in Joomla 1.0.15

    • Anonymous

      This was an invaluable piece of information and worked like a charm. Thanks for this!!!

    • Anonymous

      Thank you, the first approach didn’t work for me.

      If you want check out our joomla website – we’re currently working on updating the site and since my developer is as slow as a snail I’m trying to learn how to develop my own site.

    • Anonymous

      Thank you Jack. That is a real help, you saved me a lot of stress!

    • Anonymous

      You rule, buddy.

    • Anonymous

      I was tearing my hair out! Was following the Joomla tutorial and couldn’t get past the phpMyAdmin or MySQL Administrator passwords so I was well and truly stuffed here. Had all the files on Localhost because the site is not live yet so was able to easily find and edit the correct line. You saved my bacon!!

    • Anonymous


      after hours of searching and trying nothing worked

      till I read Jacks one woot thanks heaps 🙂



    • Anonymous

      Jack, YOU ARE THE MAAAAAANNNN!!! (maybe God?)…:) worked like a charm!..what a guy. thanks a lot for saving my bacon. bims

  • Anonymous

    Thank you for the useful info. I regained my access to the admin section now!!!

    May I add that once you get to see your password in the _users , you should again use to decode it, because it is encoded there.


  • Lauren

    Oh My God!! You are a super genius! Thank you sooooo much Alex for telling me how to fix this super administrator thing. I would have had to rebuild the whole website!!! I appreciate it soooo much. I would have gotten back to you sooner, but my laptop was having issues, so I couldn’t try it yet. If I had gone to school for programming like I should have I would have thought of it myself. You are a lifesaver!

    I emailed We Rock Your Web in a horrible moment of need when I was locked out of my website I built in Joomla by a free application that I uploaded to it not working properly and overriding some code. Everyone knows Joomla does not offer any type of support, so I thought I was out of luck and had to rebuild the website from scratch, because I don’t know how to configure the backend in CPanel. Luckily in a message board I came across these wonderful people at We Rock Your Web.

    Alex got back to me almost immediately and taught me how to fix my website, now with his help I will be able to do this myself next time if another problem arises! I cannot thank him and We Rock Your Web enough for helping me, they saved me time and problems with my client. I am eternally grateful! I would recommend them to anyone.


    New Orleans, LA

    Joomla web designer

  • faizal

    Hello, I missed the password and I sent the email address but I couldn’t receive any email from joomla (I am the administrator and I check this with as a registered user). If I want to do any configuration, can anyone please provide step by step instructions?

    Thank you.

  • Simone

    Hello, I changed the access level administrator and now when I make a login I do not see the menu, can anyone help me? I am using joomla 2.5.

    Thanks, Simone

  • Anonymous

    I cannot login to my control panel for my joomla site. My domain is and i cannot figure out how to reset the password. Please help.

  • a web rocker

    totally not helpful, no database entry exists as described or any other username appears in _users – also the configuration.php method does not even explain what password to use once the file has been modified. Waste of even more time now.

  • Anonymous

    I think if I tried to count all the different sites and accounts that I have to remember passwords for it kind of makes my brain go numb. Just for my job I think I have about five or six that I have to use on a regular basis. I pretty much have to reset one of them a month because each account has a different requirement for passwords that I have to adhere to. These requirements always seem to get more complex too, requiring a certain amount of characters, using certain types of characters, and not allowing certain strings of characters to be used. It can be very confusing.

    For that reason I really appreciate the tip on how to reset a password for a Joomla account that is ultra-tight on security when it comes to accessing this kind of information. It definitely is not as easy or intuitive as some of my more simple accounts so I needed the help.

    In the future, I will make a more comprehensive list of all my passwords that I can reference more easily.

  • Anonymous

    Joomla is one of the coolest content management platforms online. However, it is not quite as well known as others, like Word Press. Nevertheless, Joomla has a lot of great features that make it an attractive option. Many people are drawn to the fact that it is free and open source. Therefore, nothing about it is proprietary. Many people who manage content online really hate the fact that many of their tools actually tie them to a particular vendor. Joomla does not.

    Also, Joomla is pretty easy to learn. There are all kinds of resources and helps available. Better yet, since it is free and open source, there is a large community of users who are eager to help and can provide all kinds of support. It is almost like a family.

    You can search online for articles and classes about how to perform almost any type of function in Joomla. This includes things like resetting the super admin password, which was one of the main points in this article. There are also a number of video training tools that can teach anything about Joomla.

  • a web rocker

    Thanks for providing this documentation – you saved my butt.

  • Anonymous

    My first impression after reading this article title was, “Huh, what happened?” But now that I reread the title, I kind of understand, it’s just resetting a password for something. However, when I hear or read the word Joomla, my brain just stops listening most of the time. I have no experience in Joomla and a very limited understanding of it. But one thing that I truly love about your blog is that you cover everything web related, from the simple things to the highly technical coding types of stuff. You also cover both hardware and software in an audience friendly manner.

    Though I don’t think that Joomla is really ever going to be something that I’ll use in my life, it’s good to know that you have tutorials and trouble shooting articles like this one. As I read further into it, I realized that your instructions were so simple that I could easily do what you were instructing me to do.

    I run into people that can use information like this all the time, and now I know that I can always refer them to WeRockYourWeb,com

  • JJ

    I still can’t reset my super admin password and I have been doing this for the last 3 days. I’m about to go nuts!… I’m pretty new at this stuff and can’t understand some of the lingo tutorials use which is making it to difficult for me.

    I can’t find a human been at the Joomla page to help me and I feel so frustrated with all this. Is there an Angel out there to help me?

    Greetings from Ecuador

    • We Rock Your Web

      Hi Juan,

      We can try to go in and reset the password for you (we would need your hosts login credentials), or lead you through it step by step. What version of Joomla are you running?

      Please don’t post any login credentials here. Use our contact form to communicate with us directly.

      • JJ

        Good to hear from you.

        Thank you very much for contacting me but I have great news. I found the missing password!!.. Yipii…

        Sorry about that… After I send you the message, I sat down and wrote all the possible word combinations I would use as a password and after 4 hours or so, finally did it.

        Thanks for your time and support. I owe you one.

        Greetings from Ecuador.

      • Tanush

        Hi Alex,
        I’m using Joomla 2.5 here, I would like to reset my password. If I try to reset my password using my email, it says “Reset password failed: A Super Administrator can’t request a password reminder. Please contact another Super Administrator or use an alternative method.” So, a password reset might be the thing I need.
        Thank You.

  • Anonymous

    Joomla is one of the best and most function content management systems available on the internet today. This software is actually much more than a program. It is an entire platform which can help to run a website, database or any number of other functions. Learning Joomla will enable a webmaster to go from running ordinary functions, to having complete power and control over their site.

    Best of all, it is really not that hard or difficult to become a Joomla master. There are all kinds of tools and helps today which can enable anyone to really learn this program right from the comfort of their own home. For example, this article. It shows a number of different ways in which someone (presumably the webmaster of a site) can go about resetting their super admin password.

    You can also go out and find a number of video trainings and other courses. These are all over the internet. Most of these resources are free or very low cost. Since there is a large community of other Joomla users, there are a great many articles and tips freely available.

  • Anonymous

    Joomla is one of the best content management system platforms and software on the market today. One of the best things about it is that since it is open source, it is free. This also means that there is a strong and very active community of people who stand behind it and offer help and support. Someone who is interested in using Joomla to host their website will be able to perform just about any function they wish.

    One of the more pesky problems that a Joomla administrator may face is having to reset their super admin password. This is sort of like the master password. It allows the administrator to get inside the system and make any type of changes that may be needed. Of course, if you are needing to change this, it might be due to the fact that you have forgotten the password itself!

    Fortunately, this article provides a variety of ways for an administrator to get back into the system and find or even change the password. Most of these methods seem to be pretty easy and anyone should be able to follow.

  • Anonymous

    What is Joomla? Many people who have been online for some time may have the word Joomla, but without any real understanding about what it is. Joomla is one of the most powerful, functional and easy to use content management systems available. It is a platform which can be used to store and manage all of the content for a website or any number of other functions. One of the best things about this program is the fact that it is open source. This means that there are all kinds of new things being created for it and that there will always be a large community of users to help and support each other.

    If you are interested in learning more about Joomla, there are a lot of resources available. You can search for articles written about specific aspects or even find full blown courses. Better still, there are a number of excellent (and free) videos online. Watch a few of these and you could even become a Joomla master in no time at all, designing templates and backing up sites.

  • Anonymous

    This article gives users a lot of different ways and ideas for changing their super administrator password in the Joomla content management system. However, what I found the most valuable part was the extra information about Joomla itself. As a total beginner, about all I knew regarding this program was that it is a way to help manage content for a web site.

    It turns out that Joomla is one of the premier versions of open source content management system software. It competes with platforms such as Word Press, Drupal and TypePad. It is also known to be very user friendly without needing much in the way of customization.

    Since this is an open source version, there is quite a lot of support and help available. There is a fairly large community of users available which is great if there are ever any questions or issues. Additionally, there are all kinds of other resources available online for anyone interested in learning how to use Joomla (or use it more effectively). The author also points out that there is a very helpful series of video tutorials.

  • Anonymous

    Remembering back to when I first started using Joomla, I have often wondered what would have happened to me if I lost or forgot my super admin password. Fortunately, the author has chosen to share a number of different methods to resetting a Joomla super admin password. They all seem rather easy to me.

    One of the best suggestions the author provides is to back up your database before attempting to reset the password. To that I would only add that a database backup should be done before any type of work is done on it. Not doing so is just asking for trouble.

    You can reset the password very easily by using cPanel. You simply have to log in using the SQL tab and run a query. Anyone who is familiar with SQL and cPanel should not have any trouble doing so.

    I am no tech wizard, but I am sure there even more ways to easily change or reset your password. The author also points out that there are all kinds of videos available for anyone who is really interested in learning the Joomla program.

  • Anonymous

    The point about the invalid session error is the real key. I have often logged on and off an effort to see my updated password and data take effect, without realizing the larger causes behind such a sign. Like the article says, either your permissions are messed up or your need to do some cache clearing in order to make sure your browser is accepting the change properly, too. And sometimes it just takes a little bit for the changes to take effect.

    Joomla may be an open source platform, but that doesn’t mean that things happen instantly through it at all times. Also, sometimes commands can go through subtle changes that could make all the difference in the world. If your commands are returning errors or not working, then look at the latest Joomla posts and updates. See if you are missing a change that has been implemented in the latest version of the platform, or if perhaps you need to download the latest version of the platform yourself to ensure everything is working properly. Remember, changing your password is a key step to good security!

  • siddarth

    Indeed very helpful. Sounds good in case when you have to recover your lost password. These codes will definitely save lots of time which is taken, trying to deal with the password verification process.

  • Anonymous

    The program itself was designed to be incredibly versatile. This has most certainly been accomplished. You can use this model to publish all kinds of content on the internet and additional intranets. There is even a web application framework which can be used independently. The program itself is written in the PHP programming language and uses object oriented programming techniques.

    Judging by the number of downloads this is an incredibly popular format. According to Wikipedia, as of March 2012, there have been over 30 million downloads. The community also keeps track of extensions which have been created for the program. This equals almost 10,000 entries listed on the official extension directory. This does not even count the number of additional unregistered extensions which may be easily found and used.

    Someone who is interested in developing new extensions, applications or resources for Joomla will find a lot of help and support. There are all kinds of places which offer guidance, including forums and message boards and even sites devoted specifically to developers. These places are full of all kinds of resources, even including actual snippets of code and ideas.

  • Anonymous

    Joomla is one of the most exciting content management systems on the market today. What makes this really interesting is the fact that it is open source. This means that anyone who has the technical ability and the desire is able to take the actual source code and modify it. This allows for an almost infinite number of application, hacks, additions and tricks.

    Even a task as seemingly simple as changing or resetting a password is a great example of the flexibility and power of an open source system as opposed to something which is totally controlled by a company or individual creator. The article provides several ideas on ways that can be used to set or change this password. It is an excellent example, complete with actual code and commands that can be used to accomplish the job.

    Joomla actually started back in 2005. The development team was working on another project at the time which just evolved into a new vision. They were a little frustrated with the way software development typically procedure and wanted to create something that was free and would be able to be accessed by everyone who was interested.

  • Anonymous

    As the author correctly points out, one of the most frustrating things that can happen to a website owner is either being locked out of their own site or database system, or not knowing how to reset a password. This article is a very thorough guide to doing just that- resetting your super admin password within your Joomla content management system.

    The super admin password is the main daddy. This is what gives you access to everything in the account. If this were to become lost then most people would have a heck of a time trying to get back into their account. Actually, though, the author gives a lot of different tips and tricks for finding it listed right in your database.

    I must confess that I am not a Joomla user. But I still found it interesting to see how one would go about locating and then changing this password. I am familiar with how to do this in a number of other content management systems, and this is a little different. There are actually several different ways or approaches one could take to reset a lost password.

    The first way is likely the easiest and the most direct method. Generally speaking, if it is easy and direct, this is probably where you should start! The only thing is that this assumes you have access into your database. That may be a problem, given the fact that you are looking to reset a lost password. However, I assume that any good web owner will certainly give themselves a back door way into the site. So, OK, you can get into your account. The author gives a very clear method of actually locating the password (it should be the first entry under the edit users database).

    Once again, resetting the actual password is a very simple process. The author even gives you the exact command and line of code needed to use in order to accomplish this task. These actual step by step directions are incredibly helpful. They are the best pieces of information which the author provides.

    Honestly, the coding is quite interesting to me. I am not sure if many other readers will share my opinion or not, but I love trying to figure out how something works. This is especially true if it is internet or technology related. The code shows me in detail how the Joomla system is similar and different to other systems that I am used to working with.

    In addition to all of this, the author also provides readers with several other suggestions and “optional” ideas which may work, although caution is advised. The main thing to remember about Joomla is that there is always something being added to the program, which means that tomorrow there may be an even easier way to solve a common problem. This makes Joomla such a cool platform to use for web development.

  • Anonymous

    There are several additional easy ways to change or reset a password in Joomla. This platform is actually pretty easy to get into and work with. This was one of the biggest surprises for me personally. I began to design and build web pages and sites in the era where coding was regarding as the standard requirement. Everyone who was worth anything (in terms of web design skills) needed to know how to code. Also, this was during the days when it was hard coding. We literally spent days pouring over books learning the commands to do even the most basic tasks. Believe it or not, I miss those good ole days!

    Of course, today all this has changed. There is now no need to learn actual HTML or any other programming language. You just simply need to master some software programs. Learn Dream Weaver and you can create as snazzy a web page as any master coder of years past. Not only that, but you spend one heck of a lot less effort in doing so.

    The author also points out that you do not even have to log into your account directly. Instead, try clicking the MySql button. This will get you access very quickly. From here, you can easily find the lines for your password and reset this.

    On the other hand, if you are not comfortable with using SQL commands, you can try an alternative method. Actually, there a couple of neat little tricks you can try here. The first is to copy and paste the password hash (I am not familiar with what exactly the password hash is, but I gather most Joomla users are) from another user over to your admin account. I gather that this is basically logging in to the account as another user. So, this means that another user would be able to reset the admin password.

    Honestly, this seems a little strange to me. Actually it seems a bit unsecure. I would not want to have any user be able to see or (if they cannot see) and reset the master password. Perhaps it would a good idea to make this option available for one or two key users, but definitely not everyone.

    Another trick that I actually like is to change your admin user email address. Change it to one that you are familiar with and can access, obviously. Then, you can use the forgot password function to have it sent to your new email address, which should now be registered. I like this trick. Of course it is a way to game the system, and probably speaks to the fact that is a bit less secure than many would like, but it still works.

    You may also want to try reloading or reinstalling the Joomla user plug in. Get into to the back end of your account and then find this plug in and set the published status to 1. This status means that it is enabled.

  • Anonymous

    I must confess that I am not a Joomla user, so this article may not have really been targeted to me specifically. However, I am a website owner and developer. Therefore, I am a little familiar with what Joomla is and understand a bit about what the author is trying to accomplish here. Essentially, there are a number of different ways and things that can be done if you need to reset your administrator password.

    For the uninitiated, this super admin password is the big daddy of them all. This is the one that grants access to everything on your Joomla site. If you were to lose this or forget it, you would have a pretty interesting time trying to get back into your database. By interesting, I really mean not much fun and a whole lot of frustration. Yeah. THAT kind of interesting. Interesting meaning like you have a client screaming at you at 2 am because their site is down (one of the ones that you are hosting on a site where you have lost your Joomla password). Trust me, I do not care how good their technical support staff is, being wakened from a dead sleep and then having to call some rep in India for help (when you are already frustrated no less), will drive almost anyone to start drinking!

    Actually, I think the best tip was given right up front. Back up your database. We all know that this only makes sense. Yet, very few of us ever do. Maybe we are all just lazy? Or we all think that there will never be a disaster or a problem? Personally, I have experienced a number of really difficult times with data. Those times when I had back-ups made everything so much easier. Trust me, you will a lot more relaxed knowing that you just need to push a few buttons and everything will be fine again.

    The next tip for resetting the password is also quite basic, but accomplishes the job. You simply need to get into your database, either yourself or someone else. This assumes that you still have access to the password. Apparently, finding the password from this point is pretty easy. You click to edit the user database and then the next entry should be where you will see the super administrator password.

    From here resetting your password is quite simple. The article actually provides a single line of code that should be used to accomplish this. To be honest, the whole process was much easier than I thought it would be.

    I had always thought that Joomla was a powerful platform for managing your content. This may be why it is even called a CMS, or content management system. Yet, still I had envisioned this to be a highly technical process. I thought that getting involved in this would mean having to learn code and maybe even become a programmer. I was quite happy to discover that this was not the case.

  • saman

    I have a new job and my job is to work on my organization’s website. However, no one in the office knows the super admin password because the person who set the account up is no longer around. The only information they do have is how to login to the front door not the back door. I have absolutely no idea how to retrieve the super admin password. I have the username and password but no other information. I think he worked on the website in a different office so my office computer didn’t have joomla installed on it or xampp or anything. I downloaded xampp and joomla but i can’t access the admin panel to make changes.

    What do i need to do?? Please help.

    • We Rock Your Web

      First off, when you say you have the username and pw, which username and pw do you have? (I’m assuming not the one for Super Admin 😉

      The article above illustrates several different methods to restore your super admin password. You’ll most likely need to access your Joomla database on the backend. Do you have the access credentials necessary to get there (ie. via cPanel)?

  • Hello friends,

    I have this problem of can’t login and no error message. I have reset my admin password, created new admin and still can’t login.

    I also to use the adjusting the permissions of sessions directory, but not find any sessions directory in my account.

    I run Joomla 2.5.

    Hope to hear from you again.

    Thank you.


    • Bhesh Thapa

      Your webpage may already be hacked. Please use firebug to check for any inconsistencies between your fresh Joomla file and your webpage.

      My webpage also had some hidden Javascript and iframe which caused the same problems as yours.

      • rick

        Reading these posts, I am getting the feeling my site may have been hacked.

        I am a novice and use joomla because it is easy to use. When logging into my admin panel, i get the message “You do not have access to the administrator section of this site”. I have been into cpanel users and can see that I am still a super administrator. When i use an incorrect password i get the message “username and password do not match”. I changed my password and still get the message “You do not have access to the administrator section of this site”. Is there anything I can do?

        Go easy on me, I am not that technical other than being able to access cpanel, see users, and access and update joomla content.

  • Anonymous

    I have lost my super administrator password in Joomla.

  • Anonymous

    Awesome – I was able to retrieve my Joomla administrator password and an now back in my website! Thank you thank you thank you. The only thing I can think of that would make this article more useful would be to organize it by Joomla versions, and have a quick overview of the most effective method to retrieve or reset the administrator pw.

  • wrbros

    Login as Administrator means you have all the rights to do any thing in the windows without any restrictions.Let us suppose you are logged in as a guest user that means having low privilages and in your guest user these privileges are defined/set by the administrator and you may not be able to delete, install or download any thing without your administrator permission. If you install or delete some thing it may ask you for the administrator password to do so.

    some times while working on Excel or Word due to some problem your file or backup files get crashed and there is an option to send this problem to the Microsoft team so that they can resolve it or they can update their error database if this is a new type of error which has never occurred before.

  • Anonymous

    If you have access to the Linux server you can directly change the pw using Grub or the Linux boot CD.

    • Paul

      Hi Everybody,

      To prevent confusion: the previous comment by “a web rocker” does not apply to Joomla, so ignore that one.

      What is being described is (part of) the process to change the password of a linux-user. These have nothing in common, and are totally separate.

      Regards, Paul

  • Anonymous

    Symptom: Entered correct username/password – Login page just kept re-displaying – no error messages, nothing.

    Cause: I had put a rewrite statement in my .htaccess file to redirect to – this statement was causing my to get redirected to so it never ran administrator/index.php to do the logon

    Solution: First removed to prove this was the problem, then recoded the rewrite statement in my .htaccess

    • We Rock Your Web

      Very interesting, wouldn’t have thought to check rewrite statements. Thanks for taking the time to share your experience and solution with our readers. Hopefully someone else will benefit from your knowledge.

  • Anonymous

    I successfully changed my super administrator password in Joomla two days ago, but now when I edit my text in Joomla such text does not reflect on my site. Please help!

  • Anonymous

    I cannot reset the admin password by following these steps. Maybe I am doing something wrong? Can you help please?

    • We Rock Your Web

      Can you describe what you’ve tried and where you’re getting stuck/ what’s not working? Then I can help troubleshoot your problem.

  • Anonymous

    Wow! It worked! A huge huge thank you!!!!

  • Anonymous

    I had forgotten how to reset my Joomla password. Thanks for the reminder!

  • Anonymous

    Great article, it helped me a lot. After temporarily removing PHP authentication I managed to login to the backend successfully and I changed the password correctly. But, after I had restored the original code and then logged in again I received the message “Username and password do not match.”

    I tried all the options mentioned above but I just can’t find a solution ;(

    Any help is appreciated and many thanks in advance!



  • Anonymous

    Another possible cause of being locked out can be if the Authentication – Joomla plugin is deactivated (unpublished). This produces the same error message as wrong uid/pwd.

    In this case the problem can be fixed in the …_plugins table, setting published=1 where name is ‘Authentication – Joomla’.

    • Web Rocker

      Excellent advice, thanks for sharing this with our readers 🙂

  • Anonymous

    I had a similar problem but solved it in very simple steps:

    * Get a new password in plain text (please don’t forget it).
    * Use an MD5 password converter to encrypt it.
    * In PHPMyAdmin (described above) replace the string of characters with your new encrypted password (ie. edit it then save it).
    * Go back to the Joomla site and login with your new password.

    It worked for me!!!

  • Anonymous


    My name is Matt, and recently I bought a site from a client who is not answering to me.

    My problem is that I don’t know the way to login to my admin, for example :\administrator – but when I type this it’s says “page not found.” And I have to add something to the site asap.

    I have my Cpanel login details, but honestly I don’t know how to find the admin details.


    • Web Rocker

      Hi Matt,

      Is your website running Joomla? Try getting in touch with your hosting provider and see if they can give you access. If not, contact us and we’ll try and help you troubleshoot.

  • Anonymous

    I lost the password to my admin account in Joomla 1.5. Can you help me? My host is http://**. Password: **. User: **. Website: **.com.

    • Web Rocker

      Try using the methods above to recover your Joomla password/ regain access. And please, don’t post your login details in the comment section where everyone can see them.

      Good luck – let us know how it goes!

  • Anonymous

    thanks a huge lot!

  • Anonymous

    Well this isn’t my Joomla problem right now but I’ve come across this page in the hunt for a solution to my problem (I have a building supplies site and Joomla freezing up on a certain page). I’m pretty sure I’m going to need help with this situation at some point so I am bookmarking this because if I need to reset the admin password I can jump straight to this.

  • Anonymous

    I successfully changed admin password from the Joomla 1.0 backend, but I have not managed to login back in again. I get the error “Invalid session”! Any help please?

    • Anonymous

      I can’t do anything since I used Joomla on my son’s computer. For some reason it works on my login password for my computer. How do I delete both. Because then I will reset them.

  • Anonymous

    it works 🙂 Thank you again!

  • Anonymous

    I discovered a great video that shows Joomla Novices how to login to the back end of a joomla website. It can be found at this link. Hope that is helpful.

  • Anonymous

    Thanks a bunch! Saved my big a**!

  • Anonymous

    Last week my parents changed my password, which was really annoying. I tried to get it back. My computer is Win XP and at first I tried the ctrl+alt+del+del thing but it said it can’t do it because of ‘account restrictions’. Then I went for help in a forum and they told me to download the software Password Genius. It’s quite easy and I recovered my password at last.

  • Anonymous

    I don’t like to verify my way, because I’m glad it worked somehow, and it would be time expensive to test each possibility again and again.

    But a small hint, if everything else has failed: I tried nearly anything above with no success.

    Then I changed my browser. I tried with opera in the first with bad luck. I switched to Firefox – and surprise (me stupid -beep- had forgotten) , there was the old password stored. (yes I know, that’s funny)

    Now the biggest surprise, although I have changed the db entry of the password, I could login with the old password stored in my Firefox.

    My guess: you have to rebuild your cache if you make a change in your database.

    I hope that this was useful to someone.

    Best regards,

  • Anonymous

    My friends gmail account got hacked months ago because she had a password with a bunch of numbers. Then she resets her password to a more secure password with a combination of numbers, letters, and special characters. Of course – she can’t remember this password, so proceeds to restore the old one, thinking no one will hack in again. Oops – less than 48 hours later the account gets hacked again.

    So my question – how does the security of a gmail password, which is a common email service, relate to the security of a Joomla password? Can I have my password be a bunch of numbers or do I need to create a super secure password that is non-dictionary word, letters, special symbols, etc.?

    • Anonymous

      Security does not just reside in the actual password, though it does play a big part. I do not know about Gmail’s way of securing accounts, but I do know that Joomla is in no way secure without the proper knowledge of security itself. I’ll get to that in a bit.

      Unless I knew of who cracked the password or how the password was cracked on your friend’s Gmail, I can’t explain the similarities. In fact, there really is no way to compare the two, in my opinion. Every server and website is differently setup, and has completely different code. Also, it would be helpful to know what browser your friend was using. If the connection to Gmail wasn’t secure, through SSL, then that would seriously compromise your password. As I said, security does not only have to do with the password itself. If your friend did not have a secure connection, then it wasn’t encrypted, meaning that anybody on your friend’s network or even the Internet (with proper tools) could see her password clearly. But, even with encryption, there’s a possibility of someone brute-forcing the password, in which case, whether they obtain the password depends on how secure your password is.

      Of course, secure passwords need a mix of numbers, letters (both capital and non-capital), and symbols (alt-characters are the best, but I don’t know if your Joomla installation is set up to allow those in passwords…you need a Unicode setting on your database). But, you also need to keep in mind that brute-forcing is usually able to crack any password up to 15 characters, so 16 or more is ideal. Also, the best secure passwords don’t have any words, ID numbers, or dates, as that can compromise your password to hackers that can look up that information.

      So, to answer your question, yes, you do need to create a secure password with those characteristics, but on top of that, you need to make sure your server is secure. Joomla administration, for instance, should never be running without SSL encryption. Talk to the host or server administrator about how to set that up. One last thing, make sure that you limit what plugins/components are installed on your Joomla website. Look them up on the Joomla vulnerable extensions list.

      The best security is re-writing Joomla’s code, in my opinion. The base of Joomla attacks, is the code itself. If common things in the code are changed, (value names, class names, etc) then a hacker’s tool can’t tell what CMS you have, thus it fails to hack.

      My advice, encrypt with SSL, search around Google for ways to secure Joomla, maybe even changing the Super Administrator account.

      Good luck!

      • Anonymous

        Wow, this is very helpful advice indeed. Thank you so much for taking the time to write such a helpful and extended explanation of Joomla security, and security in general.

        I will look into setting up SSL on my Joomla server, and maybe even switching my CMS to a different system, such as Drupal.

        How secure is Drupal, compared to Joomla, in your opinion?

  • Anonymous

    After reading this what I did was go to my site and register as a new user (for example, JOHN) with a password that I will remember. Then I went to my PHP admin and the user part of my Joomla installation database.

    I clicked edit user JOHN and copied the entire string in the password box. Then I clicked the back tab in my browser. Next, I went to my super admin and clicked edit and on the password box cleared the string and pasted the JOHN password I copied. Finally, I went to my admin and logged in using the new password and voila, I was in my admin again.

    If you try this and it fails drop me an email rokwama at gmail dot com and I will try to help (

  • Anonymous

    I tried everything above for two days with no success. It wasn’t until i went to reinstall that i noticed my .htaccess was changed to htaccess.txt, (don’t know if it was a theme or plugin). I changed it back & previously reset pwd in phpmyadmin. All good now!

  • Anonymous

    Gracias muy buena info

  • Anonymous

    Forget my last query for exact wording about the password. I have figured it out.

  • Anonymous

    thank u bebeh…u make my job done! walah!!!

  • Anonymous

    This is just what I was looking for. Nice to know there are so many different ways to reset your Joomla password. Considering how easy it is to lose a password, it’s nice to have options handy.

    Bottom line I need to find a better way of storing passwords. Does anyone have a recommendation? Maybe a password file?

  • Anonymous

    I love working with Joomla – it’s by far the easiest and most robust CMS out there. The admin panel is a breeze, article posting is super easy, and with all the available modules – like CB and Virtumart, there are few limits to what you can do in Joomla.

  • Anonymous

    Thx, I just created a new user as advised above, then copied the password hashes back into the super admin.


    thx Dude

  • Anonymous

    Fantastic – the MD5 method (using the MD5 has for “admin”) above helped me get right back into my Joomla website. Now I just need to remember to change my password back! 😉

  • Anonymous

    I had my passwords written down but could not gain access any way. Tried 6 sites and none of the solutions worked.

    Then did what jack said and it worked!!!!!!

    Thanks jack!!!! Your one minute posting has helped many people all over the world for years!!!!!!!

  • Anonymous

    Worked like a champ.

  • Anonymous

    I have been getting the error message “Username and password do not match”

    I have tried Jack’s solution to modifying the joomla.php file and that has produced no effect. (and I have used this in the past on another site)

    I have checked the configuration.php file and confirmed I am using the correct password.

    What can I do?

    • Anonymous

      You may have deleted JOOMLA USER PLUGIN.

      To enable this plugin from backend. Goto your Joomla database. Locate jos_plugins TABLE, then set the PUBLISHED status of USER JOOMLA to 1 (i.e enabled). Then you can relogin or tried other password reset suggestions. That should solve your problem.


      • Anonymous

        you saved my life..
        i did exactly as you explained..
        now i m able to login
        thanks alot

      • Anonymous

        Hi, I tried exactly what you suggested, but this didn’t work. So instead of User Joomla I noticed that Authentication – Joomla was set to 0. I changed this to 1 and I was able to get back in. Your post put me on the right track so a big thank you for that! Colum – quinncolum at hotmail dot com.

      • Anonymous

        I spent 2 hours in Joomla forums trying to reset my password with no success, and setting the Authentication – Joomla to 1 finally was the solution. You guys are awesome, keep doing what you’re doing, thank you.

      • Anonymous

        Thanks a Trillion mate. I could kiss you. I’m never touching the plug-ins again.

  • Anonymous

    I had the same problem, it was the Joomla user plugin which was disabled!

  • Anonymous

    simple logic, but didn’t come to my mind.. u saved my day ..Thanks

  • Anonymous

    According to MySQL this is wrong…. this is useless information.

    • We Rock Your Web

      Would you care to go into detail? Works for us and appears to work for most of the people visiting this page…

  • Anonymous

    OK, thanks but after careful reading and changing the password for the super admin and even adding a new super, none of the MySQL entered passwords work.

    I have full MySQL access and ftp access…how do I go in and do serious surgery?

    There was a method in 1.5RC to make it possible to enter any password and get in. I am in 1.5.12, having been up to 14 and rolled back to 12 where it happened.

    Alternatively, if something is screwing up the passwords entered when I add a new one, can I activate the show+send password box in the modules without having access to the admin back end. In theory yes, but where???


  • Anonymous

    thank you

  • Anonymous

    Thanks for posting this quick little tutorial. I was about to freak out when I realized I couldn’t change my unknown password. This saved me a huge headache. 🙂

  • Anonymous

    Hi there. I am having trouble with my footprints filmworks administrator and the steps instructed seem not to be working for me. Any other ideas, please assist.

    Md for footprints filmworks
    Omar Abdulla

    • alex

      Hi Omar,

      Did you try the “forgot password” link – to have your email password, or a password reset link – emailed to you? If the email address stored with the user is still active, you should be able to restore your password using this less intrusive method.

  • Anonymous

    Hi there. I have lost my administration username and password for my domain. How do I go about resetting it and entering into my website domain.

    Omar Abdulla from Footprints Filmworks

  • Anonymous

    Awesome – thank you. Back inside my Joomla website now. I’ll be sure to backup the password for next time! Thanks again for bailing me out 🙂

  • Anonymous

    Thanks, it worked! You might want to be a bit clearer with the instructions. Initially I wondered if I was supposed to copy the text string into the “password” field for administrator because I (and probably many others) have no idea what an “MD5 function” is.

    I entered the text string in the field under the “SQL” tab (using cPanel) and it worked!

    Thank you.

  • Anonymous

    I don’t know how to thank you…your technique save my website from some [expletive]. Thanks very much!

  • Anonymous

    I am using Joomla 1.0, and I lost my password. How do I reset it?


    • We Rock Your Web

      We updated the article to include instructions for resetting passwords in earlier versions of Joomla. Please see the updated article above for details.

  • Anonymous

    Many Thanks!!! You just saved me a whole load of bother!

  • Anonymous

    Sweet! I just got my Joomla password back using the password recovery method you described. I suppose there’s different ways of doing it, but the first approach you described did the trick. Thank you!

  • Anonymous

    It works for me. Thanks.

  • Anonymous

    I have downloaded the Hash Calc.and mysql. What is the stored connection, and default schema? Where do I find that info?


    • alexc

      Hi Janith,

      Try using mySQL’s built in MD5 function as described above:

      UPDATE example_users SET password=MD5(‘yourpassword’) WHERE usertype = “Super Administrator”;

  • Anonymous

    Thanks a lot!!! It worked like a charm.

  • Anonymous

    Thanks for the tip. Now that I have my Joomla admin password back, is there any way to engage SSL when logging into Joomla? In other words, does Joomla support a secure login protocol? I ask because I’m planning on transferring some sensitive information from my old website to my new Joomla based site and my first priority is to ensure that the information stays secure and away from prying eyes.


  • Anonymous

    THANKS THANKS and THANKS! From Romania 🙂

  • Anonymous

    Hello guys, in case you don’t wanna have trouble accessing phpMyAdmin, there’s a script which allows you to reset any Admin password EASILY. This works for Joomla 1.x and 1.5.

  • Anonymous

    I just followed the instructions for update command in phpmyadmin and PW change was a snap – very easy. Thank you.

    Joomla rocks

  • Anonymous

    I am freaked out that my password did not work in the first place. yes, I know, you think I mistyped or forgot, but NO, I was typing in the correct password. Well, using the SQL UPDATE statement worked like a charm for me, still freaked out.

  • Anonymous

    You can use phpMyAdmin to view & edit the mos_users table?

    in the password field of the admin user.

    it’s the md5 result of the standard password “admin”.

    • Anonymous

      This is really great. Thank you so much.

  • Anonymous

    Please, for god’s sake help me.

    I don’t really know what really happened. I was using myPhpAdmin. I went in the jos_users Database. Clicked SQL. And ran the following query, exactly like that:

    UPDATE example_users SET password=MD5(‘admin’) WHERE usertype = “Super Administrator”;

    Now my site just busted down completely !

    When I try to access it, it says: Database Error: Unable to connect to the database:Could not connect to MySQL

    Please give me a light !

    • alexc

      Hi there,

      First I would simply recommend loading a backup of your Joomla database. Also, I’m assuming you updated “example_users” to reflect your user name? If not, you may want to rerun the SQL statement with your user name inserted.

  • Anonymous

    Thank you so much. Worked like a charm.

  • Anonymous

    Thanks for the UPDATE string, it works a teat.


  • Anonymous

    I get the message “Invalid session.” Any help?

    • alexc

      It sounds like you might need to clear your cache and your sessions tables. You can try doing it via your browser, if that doesn’t work you might need to truncate the database tables.

  • Anonymous

    I have tried all of this to no avail. I see my user name and MD5 password in phpMySQL. I’ve changed it, saved it, done everything. I go to login on my admin site and STILL get that my user name and password do not match! Any other trouble shooting tips??

  • Anonymous

    That was great to reset the password.

    It’s working, perfect.

    M. Javed Rahmani

  • Anonymous

    Hi there, I did a site “clone” installed joomla in a test server, when everything was ready …moved it to prod..a sister domain on the same server, everything is working fine, but cannot login to the “members” area…

    I have no prob. on the admin side…..any ideas…

  • Anonymous

    This is great! Thanks a ton you just saved me a complete re-install. (blech!)

  • Anonymous

    Help! i’ve tried to change the password with MD5 encoding, but it still wont work.

    the login page doesn’t give any error message if i enter the right password, but it also wont login to the administrator page. it only take me back to the login page.

    but if i entered the wrong password, it said “Username and password do not match”

    anyone can help..?

    i previously installed the same joomla 1.5RC but with different localhost/…… name and different db.

    the old joomla cannot login, but the new joomla can…

    Oh and the if ( true /* $crypt == $testcrypt */ ) wont work also

    thx4 any help =)

    • Anonymous

      mine does the same thing. It gives you a need to login and not a bad username or password in the address bar.


      Any help?

    • Anonymous

      this is most likely because you session directory is not writable. you need to check with your host to make this directory 755

      if you have root access you can putty into server and change permissions your self

      • Anonymous

        which one is the session directory?

  • Anonymous

    Hi guy,
    nice, but too complicated. MySQL and hence also phpmyadmin already offer the MD5 function. So you don’t need a seperate website to create the MD5 hash.


    • alexc

      You’re right – I’ve simply been to lazy to update the article until now. Thanks for the push! 🙂

      • Anonymous

        Thank you!

  • Anonymous

    Just thought I’d take the time to thank you profusely !
    You’ve just saved me hours of pulling my hair out…

    This does suck a bit security-wise though, no ?

    Thanks again,
    Marie (Avignon, France)

  • Anonymous

    If you have access to your server, then it should be in configuration.php file.

  • Anonymous

    Thank you – worked a treat

  • Anonymous

    Simple UPDATE … SET password=MD5(‘yourpassword’) doesn’t work ?

    MySQL has MD5 built in function.

  • Anonymous

    the site is inactive. i lost my username, not the password. the username is no longer admin. how do i proceed? why is it so challenging to get through this process. any other system has a simple “forgot username/password” button at the login stage…

    • Alex

      The solution: use Drupal instead 😉


      We’ve updated the article with a mySQL UPDATE statement you can use to reset your password using mySQL’s built-in MD5 function.


  • Anonymous

    I folowed these steps and now my site is completely down. I cant login or do anything. help!

    • Alex

      You may have inadvertently edited the wrong fields in the database. That, or your host is having issues unrelated to your changes. Does the site not load at all? Or you simply can’t log in? Either way I recommend restoring a backup of your DB.

  • Anonymous

    Worked perfectly – I’ll have to remember this method for next time… 😀

  • Anonymous

    It works !!!!!

  • Anonymous

    Thanks very much for posting this. Saved me quite a bit of trouble!

  • Anonymous

    I have lost my super adminsitrator password in joomla. no i cant looge to my super administrator
    so ineed to get my super adminsitrator password. IS THERE ANYWAY I CAN GET MY PASSWORD BACK

    • Alex

      Unfortunately because the system stores the password in a one-way hash there is no way that I know of to get it back. This article does describe, however, how to reset the password (so you can regain access as Super Admin). Please let me know if you need help with or more detail on a particular step.

      • Anonymous

        I can not reset the admin password by following the steps. maybe i am doing something wrong? can you help please?

        • Anonymous

          There’s a software called password recovery. It can reset your Joomla or Drupal, etc. password in 3 easy steps.

  • Anonymous

    I tried everything above. I changed the joomla.php file, no help. I ran the sql, no soap: UPDATE `#__users` SET `password` =MD5(“getsmart”) WHERE usertype = “Super Administrator”;

    I think Joomla sucks.

    • We Rock Your Web

      Sorry you’re having trouble with this. Why not give Drupal ( a go? That is our CMS of choice 🙂

Send this to friend