The markup of your button is <input disabled=”” class=”woocommerce-Button button” value=”Reset Password” type=”submit”> it shouldn’t be disabled, removing the disabled attr doesn’t seem to fix the problem, but I think that this button is “Decoration”, and it is not associated with any ajax request, the theme default functionality for reset password seems to open the … Read more
A phrase consiting of words separated by spaces (“apples ocean barbarians”) can be easy to remember and type, yet strong due to the number of characters. Such a password works on WP, but not all web apps will accept this method.
In short you want to mach your password with real hash code right. $user = get_user_by( ‘login’, $username ); if ( $user && wp_check_password( ‘123456’, $user->data->user_pass, $user->ID) ) echo “password Matched”; else echo “Not matched”;
In general, no. This is not possible. The password is btw, not encrypted only once, but twice with md5. There are some cases where you type the password to the database, and for the short time, it will not be encrypted at all. 🙂 The very first time the admin authenticate itself again, the password … Read more
You can change the password directly in the database, through phpmyadmin.
My process for cleaning a hacked site includes changing all credentials (user/pass) on hosting, FTP, WP (don’t use an admin-level user called ‘admin’) updating everything- from the repository – WP, themes, plugins. Remove old/unused plugins and themes use FTP of file manager to check every folder for files that look out of place (look at … Read more
As you can see here, WordPress will use WordPress as sender name and wordpress@<SITENAME> as sender email, if these params were note passed to wp_mail. You can use wp_mail_from and wp_mail_from_name filters to modify these values though. So if you want to change the sender e-mail address, just use this code: add_filter( ‘wp_mail_from’, function( $email … Read more
Nice job recovering your password, however, the exploit probably still exists so you might get hacked again. Your next step is to find and seal up the security hole. It could be a plugin. It could be a theme. Download and run the Sucuri plugin to help you figure it out.
There’s a whole article on this in the Codex: http://codex.wordpress.org/Resetting_Your_Password I’m partial to the Emergency Password Script, but the FTP method is probably also equally as easy. Upload the following as a file to your server. Visit its URL and follow the prompts. Immediately delete the file from your server. <?php /* This program is … Read more
I’m the author of the linked article (thanks for the shout-out, by the way). The WordPress function that does the hashing is wp_has_password() and, by default, it will run the password through 8 rounds whatever the “best” algorithm the server makes available to PHPass is. WordPress, again by default, uses MD5. However you can also … Read more