If you ever get your passwords locked out or wanted to reset your password, being the domain/db owner yourself, then there is a way to solve this. Connect to your ExpressionEngine database and browse to the table exp_members. This will list rows corresponding to the the number of members registered in the system. Now edit the corresponding row that has your username. You will note that the password is encrypted and is 40 characters long. ExpressionEngine uses SHA1 encryption, so you will need a tool to generate SHA1 hash. If you don’t know (or don’t want to know) what those are, use this 40 character value:
8b60e9d739b5a5bfd87cbfe67501ab4fa6e41504
The above is the SHA1 hash for the word “recovery”. Replace this in the password field in your database row (pay attention to the field name, there is a similar field named unique_id just next to it) and Save your row (hit Go in phpMyAdmin). You have now successfully reset your password to “recovery”. Now, go quickly login to your system and change your password the normal way.
Questions?
Do this only when you have no other choice of recovering your password. If you have doubts that someone else reading this post, might try the same out to hack into your own system, then actually they can’t. Well, they can’t as long as they don’t have access to your database 
This tells you two lessons: Number 1) Always keep very secured passwords to your hosting and database accounts and Number 2) Do not forget any of your passwords
By and large, ExpressionEngine is more secured enforcing password lockouts and the folks have done necessary precautions to prevent hacker attacks—Kudos to them. Honestly speaking, I haven’t seen a little security hole in EE myself as far.
Cheers and Happy ethical Hacking!
Posted by Sheriff, Md. at 09:33 PM. Filed under:
(107) Comments • (0) Trackbacks • Permalink