Support » Fixing WordPress » Password help

  • Mark (podz)


    Support Maven

    8 character letters and numbers password.
    According to keepass, that’s a 42 bit strength (if that means much), yet that password has been cracked.

    Brute force ?
    Some other way ?

    This is a WP site. All posts gone save for the one with js and violent video links that was inserted. It almost definitely WAS the password but it’s similar to
    so any ideas ?

Viewing 6 replies - 1 through 6 (of 6 total)
  • get mysql access and overwrite the password?:)

    Mark (podz)


    Support Maven

    It’s not redoing the pw – that’s a cinch.
    It’s how they got it, after all, they deleted every post…

    btw. the hashes used in wp is md5 which is a total length of 32 characters

    Podz: do you have access to the server logs? If so, you can check whether wp-login.php has been requested a lot of times. That’ll help confirm whether it was a brute forced attack.

    Has this password been used anywhere else?
    Has it been transmitted over an insecure network, like a coffeeshop wireless network?

    Skippy, it’s my site he’s speaking of. It was my /themes directory. I rarely log into the site.

    The WP password (almost) doesn’t matter. It’s the DB password and account password that are important. Also nothing can protect you if someone else on your server gets hacked and the compromised user is able to read your files. (Your config file, for example.)

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Password help’ is closed to new replies.