🎉 Announcing our new Equinix Sydney data centre SY5!
Learn more
PricingGo to SiteCoveClient login

Recovering Lost Admin Access to Your CMS

Losing access to the admin panel of your Content Management System (CMS) can be a major issue, especially if you rely on it for managing your website. Whether it’s due to a forgotten password, a compromised account, or a technical glitch, regaining access quickly is crucial to maintaining your website’s functionality and security.

In this guide, we’ll walk you through the steps to recover lost admin access to your CMS, including some preventive measures to help you avoid this problem in the future.

1. Check for Password Recovery Options

Most CMS platforms (WordPress, Joomla, Drupal, etc.) offer a built-in password recovery feature. If you’ve forgotten your admin credentials or are unable to log in for any reason, the first thing to try is resetting your password.

A. WordPress:

  • Use the Password Reset Link: On the WordPress login page, click on the “Lost your password?” link. Enter your registered email address, and WordPress will send a password reset link to your inbox.

  • Email Recovery: If you can access the email account associated with your WordPress site, follow the instructions in the email to reset your password.

B. Joomla:

  • Use the “Forgot Password” Link: On the Joomla login screen, click the “Forgot your password?” link. Enter the username or email address associated with your admin account to receive a password reset link.

C. Drupal:

  • Reset via Email: On the login page, click “Request new password”. Enter the username or email address associated with the admin account, and Drupal will send a reset link.

If you do not receive the reset email within a few minutes, make sure to check your spam or junk folder. If the reset link still doesn’t arrive, proceed with other recovery methods.

2. Check for User Account Access via FTP or File Manager

If you can’t recover access through the password reset link or you have no access to the registered email, you can attempt to gain access to your CMS through your website's FTP (File Transfer Protocol) or File Manager in cPanel (or similar hosting control panels). This method will work for most major CMS platforms, including WordPress, Joomla, and Drupal.

A. WordPress:

  1. Connect to Your Website via FTP: Use an FTP client like FileZilla or access your cPanel and use the File Manager to navigate to your WordPress installation folder.

  2. Find the functions.php file: Go to the /wp-content/themes/your-theme-name/ folder and find the functions.php file.

  3. Edit the functions.php File: Add the following code at the end of the file:

    wp_set_password('newpassword', 1);

    Replace 'newpassword' with a strong password. The 1 in the code refers to the ID of the admin user (which is usually 1).

  4. Save and Upload: Save the changes to the functions.php file and upload it back to the server.

  5. Login: Go back to your WordPress login page and log in using the new password you set in the functions.php file.

  6. Remove the Code: After successfully logging in, remove the code you added to the functions.php file to avoid any security risks.

B. Joomla:

  1. Access FTP or File Manager: Connect to your website’s FTP server or open the File Manager in cPanel.

  2. Navigate to the users Table: Access the Joomla database using phpMyAdmin (in cPanel) or a similar database tool. Go to the users table.

  3. Change the Admin Password: Find your admin user account and update the password field with a new value. Joomla typically stores passwords in a hashed format, so use an MD5 hash generator to hash your new password before saving.

  4. Log in with New Password: Go to your Joomla admin panel and log in with your updated password.

C. Drupal:

  1. Access the Database: Like Joomla, Drupal stores user data in a database. Use phpMyAdmin to access the database and locate the users table.

  2. Reset Password: Locate your admin account and modify the password field. You can either generate a new password hash using Drupal’s hash function or use the MD5 hash method (though it's less secure).

  3. Log In: Save the changes and log in to your Drupal admin panel with the new password.

3. Using cPanel or phpMyAdmin to Reset Admin Credentials

If you have access to your website’s cPanel or database via phpMyAdmin, you can directly reset your admin credentials without needing FTP.

A. WordPress:

  1. Log in to cPanel and navigate to phpMyAdmin.

  2. Select Your WordPress Database: Find your WordPress database from the left sidebar and click on it.

  3. Open the wp_users Table: This table stores all user data for your WordPress site.

  4. Find the Admin Account: Locate your admin account in the list of users. Click Edit next to your account.

  5. Change the Password: Under the user_pass field, select the MD5 option from the dropdown and enter your new password in the value field.

  6. Save Changes: Click Go to save the changes.

  7. Log In: Use the new password to log in to your WordPress admin panel.

B. Joomla/Drupal:

Follow the same steps as for WordPress: using phpMyAdmin, access your database, and change the admin password directly in the users table. Remember to hash the password if necessary (MD5 or another hash method, depending on the CMS).

4. Check for User Privileges and Permissions

Once you regain access, verify that the admin account has full user privileges and permissions. Sometimes, during the recovery process, users may inadvertently lose their admin status or privileges.

  • Verify User Role: Ensure that your admin account is still listed as an administrator in the CMS's user settings.

  • Check for Unauthorized Users: Look for any unfamiliar accounts that may have been created by hackers. Remove any suspicious accounts immediately.

5. Enhance Security to Prevent Future Access Issues

Once you’ve successfully regained access, it's crucial to strengthen your security to prevent future login issues and hacks. Here are some tips to improve your CMS security:

A. Enable Two-Factor Authentication (2FA)

Adding 2FA adds an extra layer of protection to your admin login. This ensures that even if someone obtains your password, they cannot log in without access to your second authentication method (e.g., an SMS code or authentication app).

B. Change All Admin Passwords Regularly

Use a password manager to generate and store strong, unique passwords for all admin accounts. Set a routine to change your passwords every 3-6 months to avoid potential risks from old or compromised credentials.

C. Keep Your CMS, Themes, and Plugins Updated

Regularly update your CMS, themes, and plugins to protect against known vulnerabilities. Security patches are often released with updates to fix potential exploits.

D. Backup Your Website Regularly

Set up automatic backups to ensure that you always have access to a recent version of your website, including all admin credentials, in case of emergencies.

PreviousDealing with Google’s “This Site May Be Hacked” WarningNextHandling Plugin and Theme Conflicts

Last updated

Was this helpful?