Password automatically Resetting

  • stbill79

    (@stbill79)


    15 years, 4 months ago

    Hi

    This has been happening since 2.5 – I upgraded to 2.6, but no luck resolving the issue:

    Basically, when a user goes to the wp-admin page and logs in, the password is automatically changed – The password gets changed whether I successfully login or not. I can load phpmyadmin on another page, try logging in with a good OR bad password, and then refresh the users table and see that the password has been completely changed.

    I can successfully login using the very first password I ever used, but nothing else will work. I can explicitly change the password using Phpmyadmin, but it will be automatically reset the next time I login on the wp-admin page.

    This is weird as hell and is really bothersome, especially because the password that it is resetting to is really weak.

    Anyone have any idea whats going on. My site is self hosted – I set up a test site on my local box, and I get the same behavior.

    Thanks
    Bill

Viewing 4 replies - 1 through 4 (of 4 total)
  • whooami

    (@whooami)

    15 years, 4 months ago

    My site is self hosted – I set up a test site on my local box, and I get the same behavior.

    I am very skeptical of that happening, im sorry.

    Thread Starter stbill79

    (@stbill79)

    15 years, 4 months ago

    Thanks for your help!

    Thread Starter stbill79

    (@stbill79)

    15 years, 3 months ago

    Well if anyone ever does a search someday for the same problem, here is how I fixed it:

    Basically my whole server site got hacked a few weeks before I even noticed this problem. The hack (probably a bot) just went into each and every directory under my web root, and messed with every file named index.{html, htm, php, etc}. Besides defacing the main pages of every site, it also added some javascript to the end of each file that sent some info to some remote site.

    Long story short, I grepped and cleaned out all the files (or so I thought), replaced all my WordPress installations with fresh copies, but I guess I missed one little thing:

    In my main theme folder under wp-content, there is a file called functions.php. Above the single legitimate function in that file, the bot had placed this single line:

    wp_set_password('password',1);

    obviously this was why my password was getting reset every single time I was doing something within my blog!

    mmmpie

    (@mmmpie)

    14 years, 8 months ago

    I have just run into this problem.

    I tried to auto-upgrade from 2.7.1 to 2.8.3 and something got borked.
    So I deleted the old install, downloaded the latest tar and unzipped it.
    Edited the config to connect to the db.
    The site was working again.
    But when I went to login it wouldnt let me.

    I had lost the default password for my previous install, so I had generated a new one and modified the user password using phpmyadmin.

    I repeated the process.
    I still couldnt log in, and the md5 in the db reverted to the old value every time.

    The solution for me was to ask wordpress for a new password.
    This is a test server, so I dont get the email that it sends.
    Then I was able to update the md5 in the db and this time it stuck.

    I did notice that the md5 was changed, but to a different value than before.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Password automatically Resetting’ is closed to new replies.