hello and good day dear friends, 🤩
the story: two weeks ago i lost the acess to my wordpress-site:
well i thought i can fix it - due to some works in the backend - the db - in the user- table:
i found the user_pass column and change the password there. well i knew i will need to enter a new, secure password hash.
( Alternatively, i might were able to edit the user_email column to update the email address associated with the account )
5. Save changes: Click "Save" or "Continue" to apply the changes to the databas
i had to get the hash for the new password
Then i run this query to update the users password
update: here a littel update:
belive it or not: i encounterred that if i set the login to the new password - with the hash - then i am only able to log in
once with the new data /and credentials -imagine: if i try to do this a secod timme then it fails -
even if i try it from another notebook - it fails -
what can i do here!`?
hmm to make it working again - i have to do hmm - "nasty things" :
i have to enter the term on the db again - then it will work for a one-time login!?
but belive me - thats really annouying - thats awful
what can i do - what is the solution!?
update: some days later:
.....i am confronted with a “works once, then fails” behavior - and i have to confess: i never ever had this - i even never have heard about such a issue. But now i am encountering it:
question: is this a known WordPress login issue?! Hhmm - i am in trouble i think. hmm i am pulling my hairs - since i work on a solution for more than two nights. Btw: a fresh install would not be that hard - but i want to find out what goes wrong here..
I did some research - asked my buddies in the wp-meetup at my hometown: a friend told me that it could have to do with some sort of wrong password hashing - that isn’t being handled the way WordPress expects.
i tried to find out more - to get more insights here:
well i thought that it was caused by the usage of a external generator: that this was the cause i could log in once only. hmm - well i thought that this caused my issues: When i insert a hash from an external generator (like CodeBeautify), it looks valid at first (sight). On first login, WordPress re-hashes the password internally (using wp_hash_password()), and replaces a stored hash in the database. But since i inserted hash isn’t generated by WordPress itself, it probably fails: the re-hash doesn’t match future login attempts.
and yes: i thougth that’s why i only get a “one-time login.”
i tried to do so:
i tried to fix this: in other words my attempt was to replace 1 with the ID of the wp_user (checked in wp_susers). After logging in, of course i think its my turn to remove this line immediately.
i Used SQL, but let WP generate the hash: Instead of inserting a pre-hash ( like in my preious trials) this time i tried to insert a plain MD5 hash just once. WordPress - afaik will detect it, then convert it to the correct format.
That said i then tried to log in with MyNewSecurePassword.
Well my assuming and my hope was: This time, WordPress should upgrade the hash properly — and i won’t need to repeat the “nasty hack” again.
....well i thougth - okay i had to do some extra steps: additionally: In wp_usermeta, i think it is important to verify that my admin-name has a row with:
i think its important to make sure my database table prefix (wp_"prefix") matches my actual WordPress config in wp-config.php.
....well the next thing i think is important is the check of the wp_usermetada-table:
In WordPress, the role/permissions are stored in the wp_usermeta table. Without wp_capabilities and wp_user_level, WordPress won’t recognize the account as an administrator after the first login refresh.
Then i tried to reset the password properly: Since MD5 is giving me the above mentioned “one-time login” problem, I think its a good method and way to use WordPress’s own hashing.
i do not have WP-CLI - i am on Webadmin.
...like so:
....and then i tried to look at the user-meta-rows: ...
doing the
Insert of the missing usermeta rows (capabilities + level).
Update of the password with a proper WordPress hash and subsequently
Try to log in again with the plain password we used to generate that hash.
....well i think that this is to do like so
logging in with my_admin_passwd_ and the new password.
and i thought that i should now be able to log in multiple times, and my_admin_login_name_ will be a full administrator again.
but belive it or not - this does not work - i am allmost pullin my hair and hmm some times i just wanted to quit the trials - and do a
fresh install
what do you say..!? What else can i do now to fix this "login one time - then all fails"?
i think that if login still fails - i need to disable plugins by renaming /wp-content/plugins to /wp-content/plugins.hold and try again - and yes: besides this i need to ensure siteurl and home are correct:
what do you say..!?
Do you think that its time to think over a fresh installation - this would take only half an hour.. i guess
loook forward to hear from you
🤩
the story: two weeks ago i lost the acess to my wordpress-site:
well i thought i can fix it - due to some works in the backend - the db - in the user- table:
i found the user_pass column and change the password there. well i knew i will need to enter a new, secure password hash.
( Alternatively, i might were able to edit the user_email column to update the email address associated with the account )
5. Save changes: Click "Save" or "Continue" to apply the changes to the databas
i had to get the hash for the new password
Then i run this query to update the users password
Code:
UPDATE `users` SET `user_pass` = 'NEW_HASH_HERE' WHERE `users`.`user_login` = 'YOUR_USERNAME';update: here a littel update:
belive it or not: i encounterred that if i set the login to the new password - with the hash - then i am only able to log in
once with the new data /and credentials -imagine: if i try to do this a secod timme then it fails -
even if i try it from another notebook - it fails -
what can i do here!`?
hmm to make it working again - i have to do hmm - "nasty things" :
i have to enter the term on the db again - then it will work for a one-time login!?
Code:
UPDATE `wp_users` SET `user_pass` = 'my hash' WHERE `user_login` = 'my user name'but belive me - thats really annouying - thats awful
what can i do - what is the solution!?
update: some days later:
.....i am confronted with a “works once, then fails” behavior - and i have to confess: i never ever had this - i even never have heard about such a issue. But now i am encountering it:
question: is this a known WordPress login issue?! Hhmm - i am in trouble i think. hmm i am pulling my hairs - since i work on a solution for more than two nights. Btw: a fresh install would not be that hard - but i want to find out what goes wrong here..
I did some research - asked my buddies in the wp-meetup at my hometown: a friend told me that it could have to do with some sort of wrong password hashing - that isn’t being handled the way WordPress expects.
i tried to find out more - to get more insights here:
well i thought that it was caused by the usage of a external generator: that this was the cause i could log in once only. hmm - well i thought that this caused my issues: When i insert a hash from an external generator (like CodeBeautify), it looks valid at first (sight). On first login, WordPress re-hashes the password internally (using wp_hash_password()), and replaces a stored hash in the database. But since i inserted hash isn’t generated by WordPress itself, it probably fails: the re-hash doesn’t match future login attempts.
and yes: i thougth that’s why i only get a “one-time login.”
i tried to do so:
Code:
UPDATE `wp_users`
SET `user_pass` = MD5('MyNewSecurePassword')
WHERE `user_login` = 'my_admin_name';i tried to fix this: in other words my attempt was to replace 1 with the ID of the wp_user (checked in wp_susers). After logging in, of course i think its my turn to remove this line immediately.
i Used SQL, but let WP generate the hash: Instead of inserting a pre-hash ( like in my preious trials) this time i tried to insert a plain MD5 hash just once. WordPress - afaik will detect it, then convert it to the correct format.
That said i then tried to log in with MyNewSecurePassword.
Well my assuming and my hope was: This time, WordPress should upgrade the hash properly — and i won’t need to repeat the “nasty hack” again.
....well i thougth - okay i had to do some extra steps: additionally: In wp_usermeta, i think it is important to verify that my admin-name has a row with:
Code:
meta_key = wp_capabilities
meta_value containing "administrator"i think its important to make sure my database table prefix (wp_"prefix") matches my actual WordPress config in wp-config.php.
....well the next thing i think is important is the check of the wp_usermetada-table:
In WordPress, the role/permissions are stored in the wp_usermeta table. Without wp_capabilities and wp_user_level, WordPress won’t recognize the account as an administrator after the first login refresh.
Code:
-- Give my user a administrator role
INSERT INTO wp_usermeta (user_id, meta_key, meta_value)
VALUES (
(SELECT ID FROM wp_susers WHERE user_login = 'hubcom'),
'wp_capabilities',
'a:1:{s:13:"administrator";b:1;}'
);
-- and subsequently: Set user level 10 (hmm that is the one of the admin)
INSERT INTO wp_usermeta (user_id, meta_key, meta_value)
VALUES (
(SELECT ID FROM wp_users WHERE user_login = 'hubcom'),
'wp_user_level',
'10'
);Then i tried to reset the password properly: Since MD5 is giving me the above mentioned “one-time login” problem, I think its a good method and way to use WordPress’s own hashing.
i do not have WP-CLI - i am on Webadmin.
...like so:
Code:
UPDATE wp_users
SET user_pass = '$P$B2NL7Z9695jvFMJyLW- my hash- bla bla'
WHERE user_login = 'my_admin_login_name';....and then i tried to look at the user-meta-rows: ...
doing the
Insert of the missing usermeta rows (capabilities + level).
Update of the password with a proper WordPress hash and subsequently
Try to log in again with the plain password we used to generate that hash.
....well i think that this is to do like so
Code:
--step 1. Ensure my-admin-user has administrator rights
INSERT INTO wp_usermeta (user_id, meta_key, meta_value)
VALUES (
(SELECT ID FROM wp_users WHERE user_login = 'hubcom'),
'wp_capabilities',
'a:1:{s:13:"administrator";b:1;}'
)
ON DUPLICATE KEY UPDATE meta_value = 'a:1:{s:13:"administrator";b:1;}';
INSERT INTO wp_usermeta (user_id, meta_key, meta_value)
VALUES (
(SELECT ID FROM wp_users WHERE user_login = 'my admin-password'),
'wp_user_level',
'10'
)
ON DUPLICATE KEY UPDATE meta_value = '10';
-- 2. Reset my admin-password (replace with a hash from a WordPress password generator)
UPDATE wp_users
SET user_pass = '$P$B2NL7Z9695jvFMJyLWQ- myadminpasswd-hash'
WHERE user_login = 'my_admin_passwd_';logging in with my_admin_passwd_ and the new password.
and i thought that i should now be able to log in multiple times, and my_admin_login_name_ will be a full administrator again.
but belive it or not - this does not work - i am allmost pullin my hair and hmm some times i just wanted to quit the trials - and do a
fresh install
what do you say..!? What else can i do now to fix this "login one time - then all fails"?
i think that if login still fails - i need to disable plugins by renaming /wp-content/plugins to /wp-content/plugins.hold and try again - and yes: besides this i need to ensure siteurl and home are correct:
what do you say..!?
Do you think that its time to think over a fresh installation - this would take only half an hour.. i guess
loook forward to hear from you
🤩
Last edited:
Facebook
Twitter