WordPress.org

Support

Password help

  • 8 character letters and numbers password.
    According to keepass, that’s a 42 bit strength (if that means much), yet that password has been cracked.

    Brute force ?
    Some other way ?

    This is a WP site. All posts gone save for the one with js and violent video links that was inserted. It almost definitely WAS the password but it’s similar to
    f15hb3l1
    so any ideas ?

Viewing 6 replies - 1 through 6 (of 6 total)
  • get mysql access and overwrite the password?:)

    It’s not redoing the pw – that’s a cinch.
    It’s how they got it, after all, they deleted every post…

    btw. the hashes used in wp is md5 which is a total length of 32 characters

    Podz: do you have access to the server logs? If so, you can check whether wp-login.php has been requested a lot of times. That’ll help confirm whether it was a brute forced attack.

    Has this password been used anywhere else?
    Has it been transmitted over an insecure network, like a coffeeshop wireless network?

    Skippy, it’s my site he’s speaking of. It was my /themes directory. I rarely log into the site.

    Moderator Matt Mullenweg
    Keymaster

    @matt

    The WP password (almost) doesn’t matter. It’s the DB password and account password that are important. Also nothing can protect you if someone else on your server gets hacked and the compromised user is able to read your files. (Your config file, for example.)

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Password help’ is closed to new replies.