[SOLVED] WordPress sign-in failure
Hello
I've created a one-click install of WordPress on linode. All the passwords I've entered are correct, besides my Wordpress sign-in password which doesn't work. I deleted my linode and created a new one with the same sets of passwords. Once again, all passwords worked, besides the one to my Wordpress profile.
Solution
The problem was resolved by manually crating a md5 hash for the Wordpress user password and entering it into the MySQL database through the command line. WordPress.org has a very good guide for how to do this (x).
With regards
Eric Gustafsson
@gustafseb
[EDITS]
2020-04-08 15:40 – Changed IT to IF => […] which makes me question this line of reasoning, IF the database […]
2020-04-08 15:59 – Removed the following:
My own suspicions: My password for the WordPress database contains uncommon symbols, it may be an incompatibility problem where Linode has let me create a password with a non-accepted symbol (however the Wordpress website looks otherwise alright, which makes me question this line of reasoning, if the database password contained non-acceptable symbols, all of Wordpress would probably be complaining)
2020-04-08 15:59 – Added: update 1 New passwords
I've now reset the linode for a third time (deleted and created a new). This time with new passwords and I still cannot sign in to the Wordpress user.
2020-04-08 16:25 – Removed the following:
Update 1 New passwords: I've now reset the linode for a third time (deleted and created a new). This time with new passwords and I still cannot sign in to the Wordpress user.
2020-04-08 16:25 – Removed the following:
Help much appreciated
2020-04-08 16:25 – Added:
Solution: The problem was resolved by manually crating a md5 hash for the Wordpress user password and entering it into the MySQL database through the command line. WordPress.org has a very good guide for how to do this (x).
2 Replies
rgerke
Linode Staff
Eric,
This is great - thanks for posting this and updating it as you progressed toward the solution. I think this post is going to be very helpful for other users running into this same WordPress issue.
Eric --
See:
https://roots.io/improving-wordpress-password-security/
I'm not suggesting you buy this plugin. I'm only offering it as information about the vulnerabilities of MD5. Note the date on the article. It's been known since 1996 that MD5 had problems:
You should probably be using SHA-2 (or one of it's variants…SHA-256 or SHA-512) for password hashing. You can get free plugins for these or, if you're somewhat adept at PHP, roll your own. PHP has had functions for SHA-2/-256/-512 built into it since PHP 5?…anyway a long time.
Just a thought…
-- sw
P.S. This does not mean that hackers are going to swarm onto your Wordpress installation and start breaking in and posting porn or phishing messages tomorrow. I'm just informing you of a risk you can eliminate fairly easily.