Ready to get started?Download WordPress


Password help (7 posts)

  1. Mark (podz)
    Support Maven
    Posted 8 years ago #

    8 character letters and numbers password.
    According to keepass, that's a 42 bit strength (if that means much), yet that password has been cracked.

    Brute force ?
    Some other way ?

    This is a WP site. All posts gone save for the one with js and violent video links that was inserted. It almost definitely WAS the password but it's similar to
    so any ideas ?

  2. stevenhb
    Posted 8 years ago #

    get mysql access and overwrite the password?:)

  3. Mark (podz)
    Support Maven
    Posted 8 years ago #

    It's not redoing the pw - that's a cinch.
    It's how they got it, after all, they deleted every post...

  4. stevenhb
    Posted 8 years ago #

    btw. the hashes used in wp is md5 which is a total length of 32 characters

  5. skippy
    Posted 8 years ago #

    Podz: do you have access to the server logs? If so, you can check whether wp-login.php has been requested a lot of times. That'll help confirm whether it was a brute forced attack.

    Has this password been used anywhere else?
    Has it been transmitted over an insecure network, like a coffeeshop wireless network?

  6. Jennifer Ledbetter Clay
    Posted 8 years ago #

    Skippy, it's my site he's speaking of. It was my /themes directory. I rarely log into the site.

  7. Matt Mullenweg
    Posted 8 years ago #

    The WP password (almost) doesn't matter. It's the DB password and account password that are important. Also nothing can protect you if someone else on your server gets hacked and the compromised user is able to read your files. (Your config file, for example.)

Topic Closed

This topic has been closed to new replies.

About this Topic