In an effort to follow good security practices, we use random passwords for each of our Admin logins. But sometimes we can forgot those passwords. Well, this video assumes that the Forgot Password feature on the Magento Login Screen isn’t working. So I’ll show you 2 alternative methods for resetting your Admin Password using either the Command Line Interface of phpMyAdmin.
Before I start, I just want to stress the importance of how powerful both the Command Line Interface and phpMyAdmin are. If you’re new to these tools and find them overwhelming, then I highly recommend experimenting on a development server. Until you feel comfortable before using them in a Production environment.
Method 1: The Command Line Interface (SSH)
So, the first method assumes that you still have access and the appropriate privileges to the Command Line Interface on your web server. What we’re going to do is create ourselves a brand new Admin User. This will allow us to login as that new user and change the password to the account that we’ve forgotten.
So, the first thing you’re going to need is access to your web server via an SSH Client. In this example, I’m using Putty for windows.
If you aren’t sure about your login details for your web server, you can always reach out to your web server provider for assistance.
I’m going to connect to my web server and navigate to the directory where I have Magento installed. This location can vary from one installation to another.
Now that I am sitting in my Magento root directory, I can run the command I need to create a new Magento Admin user. I can tell that I’m in the root directory of Magento, because when I type ls -l and hit enter, I can see all of the core files in the current directory.
So, now I’m going to enter the following command. You can copy and paste this command from my article – There is a link to that in the description below.
php bin/magento admin:user:create --admin-user="john_the_admin" --admin-password="abc1234" --admin-email="[email protected]" --admin-firstname="John" --admin-lastname="Smith"
As you can see, it’s broken down into several sections:
- The initial command to create the user
- The Admin users username (john_the_admin)
- The Admin users password (abc123)
- The Admin users email address ([email protected])
- The Admin users first name (John)
- The Admin users surname (Smith)
After we hit enter, you will see a notification confirming that your new user has been successfully created.
So now if we login to the backend of Magento with our new user details, we can navigate to Systems > All Users to change the password of our username that we forgot.
Once we’ve finished making the changes we need to make (and checked that the new password is working), we should delete the new user – Which can be done from the backend of Magento.
I just want to take a moment here to highlight how powerful the Command Line Interface is, and that you should always follow Best Practices of Server Security to ensure you avoid unauthorised access.
Method 2: Amending the Database (phpMyAdmin)
The second method assumes that you still have access and the appropriate privileges for phpMyAdmin. What we’re going to do is run an SQL command to replace our current password that’s been forgotten.
So, the first thing we’re going to need is access your phpMyAdmin portal.
If you aren’t sure about your login details (or where to access phpMyAdmin from), then you can always reach out to your web server provider for assistance.
From phpMyAdmin, I’m going to select the Database from the left which represents the Magento Database where our admin user resides. Clicking on this database will load a bunch of tables in the main window.
At the top, you will see a tab labelled “SQL”. Clicking on this will load up a page with a blank box. This is where we will enter our SQL command to change the password for our username.
So, now I’m going to enter the following command. Check the description for a link to an article that I wrote, where you can copy and paste this.
UPDATE admin_user SET `password` = SHA2('abc1234', 256) WHERE `username`='forgetful_john';
As you can see, there are 2 variables that we need to change:
- Acb1234 represents the new password that we want to use
- Forgetful_john is the username that we want to apply the new password to
After we press the GO button (on the right), we will receive a notification that the command has been executed. To check this, simply try logging into the backend.
However, it’s important to note that if you’ve failed to login to your account several times then you might be on a cooldown. This is a security feature to combat brute force hacking. The default waiting period for Magento is 30 minutes. So even if you’ve changed your password, you might not be able to login until the cooldown period has ended.
If you can’t wait this long, then you can amend the database record where this timeout information is held.
To do this, simply select your Magento Database from the left panel and then select the “admin_user” table. Here you will see a list of Magento Admin Users. Scrolling to the right will display 2 columns; ‘first_failure’ and ‘lock_expires’.
If you are on a cooldown, then these 2 fields will contain a date and a time. If they do, then double-click both cells (one at a time) to display a calendar popup. Then click the “Null” box so it is ticked and click any blank space of the screen to save the value.
So, I hope you found this video useful. If you did, be sure to hit that Like button. And for more Magento Tips and Tutorials, be sure to subscribe and hit the bell notification to be alerted when new videos are uploaded.