WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Password resets automatically (2 posts)

  1. dionkta
    Member
    Posted 1 year ago #

    I've experience migrating wordpress sites and have done so successfully till recently I encountered this strange case. Haven't been able to find an answer so I thought I post this question to the community.

    Completed task:
    Migrated wordpress site with database and theme (everything) correctly.
    Corrected some of the config as both the url and server has changed.
    Site displays properly.

    Problem:
    When logging in to wordpress using an administrator account, the password resets automatically upon logging in. I see that some people encounter such problems but there isn't a proper solution. From phpmyadmin, I can see that the password is not MD5 hash, its just a string with letters and special characters like "?./"

    Tried:
    Changing the password in phpmyadmin to proper hash but problem arises when I log in and the reset occurs again.
    Updating wordpress to 3.4.1, problem still there
    Disable all plugins and try logging in, problem still there
    Replaced the core files in FTP, problem still there
    Created a new user account and tried logging in, problem still there

    Additional info:
    I'm running the site in my shared server which is also running other wordpress so I'm sure it is an account bound problem. I also know that the site does not have this problem in its old server. I'm out of ideas, has anyone encountered such problems and solved it? Or is this a virus issue (seen someone shouted virus in other threads but not sure if it's creditable)

    [ Please do not bump, that's not permitted here. ]

  2. dionkta
    Member
    Posted 1 year ago #

    Hi all,

    Just to let those who encounter this problem know I've sort of solved the problem. I traced the problem and realized that the problem comes from the hashing code of wp-hash-password function. With my limited knowledge, I don't really know what activity is going on in the hashing function but I know ultimately it does not return me a MD5 hashed password. I opened a fresh copy of the file and realize that it is identical to the one I had so I'm guessing the file has not been compromised; the problem should lie with some configuration thingy.

    Instead of trying to find the problem with my limited knowledge, I just went ahead to comment the hashing algorithm and added in my own md5($password) and have the function return this instead. After that everything worked fine. I know it is not advisable to do hacks on the core file but since there's not help anywhere I just did it my way.

Topic Closed

This topic has been closed to new replies.

About this Topic