Where was the password encrypted?
I’m asking that because the main behavior of the wp-config.php file is to accept a non-encrypted plain password in the ‘define(‘DB_PASSWORD’, ”);’ section, conforming the Codex article: https://codex.ww.wp.xz.cn/Editing_wp-config.php.
@mateusgetulio, but my old wp-config.php file is using an encrypted password.
like this:
/** MySQL database password */
define(‘DB_PASSWORD’, ‘f4D#34fvAcJO9’);
…
define(‘AUTH_KEY’, ‘# 7n_wQAQ*O0PUpm(@c#’);
define(‘SECURE_AUTH_KEY’, ‘_6H3Ntajb(pryvPO3RKaW’);
define(‘LOGGED_IN_KEY’, ‘GZYz2s*((cyr&%/8Jc!Cxf’);
define(‘NONCE_KEY’, ‘*EpVHbqr0BG1x-6HAp ‘);
define(‘AUTH_SALT’, ‘DN@z%%zZIr_9zG(tRtKhX’);
define(‘SECURE_AUTH_SALT’, ‘MTBr*pRItpM3f6V/#GBzG’);
define(‘LOGGED_IN_SALT’, ‘YK&0IRvxuYfb!_yv@wxAO’);
define(‘NONCE_SALT’, ‘DZ8vBQMI1=yWk*%Z=1mbL’);
It’s not plain text(I know my old password, but it’s not ‘f4D#34fvAcJO9’), so how should I set the password as same as my reset password?
For what I know this keys+salts section is part of the WordPress Security Key System, which is designed to protect cookie data.
In summary, when a user logs in, it is created a cookie entry to remember that user session. A hashed(MD5 if I remember it right) version of this User’s password is stored within the cookie.
The Security Key was developed to make this system even safer than an usual hash password, by adding a combination of four salts and four extra keys to it. But apparently it doesn’t affect the login itself.
However, it’s like you said, you know the old password and this is an encrypted version of it, which probably means that not only this end(wp-config.php) was changed but also the point where the login is made, in this case probably in the wp-login.php file.
What you could do here is to compare your wp-login.php file with a version coming directly from a new WordPress installation zip file, this way it will get easier to check which encrypt method your WordPress installation is using and then apply it to the new password.
Obs.: I did a basic check out on this old password just to see if it would match a well-known encrypt format but the system couldn’t match it against no popular hash format.
@mateusgetulio, I installed two new version wordpress on two different folders just now, the passwords are same like encrypt, even if I use same password for both, the encrypt results are different, I think they use different salts.
When you did this test, installing the WordPress again, you did it using the zip file from https://ww.wp.xz.cn/download/ or by the host panel?
Godaddy, just like other servers, has its own versions of WordPress which you can install with one click.
Sometimes these versions already came customized, and it could also include a specific encryption.
If you do a standard installation, using the zip file instead, you’ll notice that there’s no special database password encryption in the wp-config.php.
Alternatively, one thing you could try to do is to:
-Create a new “fake” installation from the panel using the password you want(just to force it creates a valid wp-config file containing this password already encrypted).
-Change the other database information in this new file if necessary, just to match the main site database information.
-Replace the old wp-config.php with this new one generated (do a backup first).
Thanks @mateusgetulio, finally, I resolved this problem. The password is actual plain text. I let godaddy reset my password, it’s working now.
Thanks so much dude!
