How to Recover a lost Joomla Password on Hepsia Control panel

Are you having problems logging in to your Joomla Admin Page and now you have decided to reset the password?

Well, in Joomla, there are several methods you can use to recover your lost password. (Usually, the easiest way to do that is through the “Forgot your password?” link on the main login page for your website), which details are given below.

However, if that approach does not work due to:

  • Lost access to your email account;
  • Or because your site has been "hacked" and the passwords or users were changed;
  • Or perhaps the person who knew the passwords is no longer available;
  • Or whatever the situation may be.

Then your other option would be following the steps indicated in Methods 1, 2 & 3 of this article.

Listed below are the possible methods available to Joomla! administrators.

Using the Forgot your password link on the login screen

Joomla makes it quite easy for users to reset their admin passwords.
You can do that by simply going to the login page screen and clicking on the "Interrogation Marks" of either your username or password, as it's displayed below:

Once you click on it, it will take you to the password reset page where you will be asked to enter an email address associated with that user account. After that, Joomla will send a verification code to the email address just entered, and once you have received the verification code, you will be able to choose a new password for your account.

But if for some reason you don’t have access to the email address, or your Joomla site fails to send an email, then your other option would be to reset it through configuration.php file.

Method 1: configuration.php file

If you have access to your configuration.php file for the Joomla installation on your server, then you can recover the password using the following method.

  1. Using an FTP program connect to your site. Find the configuration.php file and look at the file permissions. If the permissions are 444 or some other value, change the permissions of the configuration.php file to 644. This will help prevent issues when uploading the changed configuration.php file later in this process.
  2. Download the configuration file.
  3. Open the configuration.php file that was downloaded in a text editor such as notepad++ and add this line:

    public $root_user='myname';

    to the bottom of the list where myname is a username with administrator access that you know the password for. Please understand that a username that is Author level or higher can also be used in place of a username with administrator access.

  4. Save the configuration.php file and upload it back to the site. You may leave the permissions on the configuration.php file at 644.
  5. Note that this user will now be a temporary super administrator.

  6. Login to the back end and change the password of the administrator user you don't have the password for or create a new super admin user. If you create the new user you may want to block or delete the old user depending on your circumstances.
  7. When finished, make sure to use the "Click here to try to do it automatically" link that appears in the alert box to remove the line that was added to the configuration.php file.
  8. If using the link was not successful, then go back and delete the added line from your configuration.php file using a text editor. Upload the configuration.php file back to the site.
  9. Using your FTP program verify the file permissions of the configuration.php file, they should be 444. If you manually removed the added line, then change the file permissions on the configuration.php file to 444.

If you have no users who know their passwords and you can't utilize front end registration either, then you may need to make a change in your database as outlined below in this document.

Method 2: Direct Editing of Database

If the methods above did not work, you have two other options, both of which require working with the MySQL database directly.

Change the Password in the Database

If the admin user is still defined, the simplest option is to change the password in the database to a known value. This requires that you have access to the MySQL database using phpMyAdmin or another client.

Well, the process here is almost the same as explained on other article at How to Recover a lost WordPress Password...

Step 1:
You will need to login to the Control panel dashboard of your Joomla hosting account;

Step 2:
Click on the MySQL icon under the database section.

Step 3:
Then click on the phpMyAdmin icon similar to the one highlighted below.

Step 4:
This will launch the phpMyAdmin app where you will need to select your Joomla database. Once you have selected the database in question, click on "+" sign to expand it.

Step 5:
You will now see a list of tables in your Joomla database. Find and click on the table with "_users" appended in the list of tables (note: you may have a prefix that is not jos_, simply go to the _users table for your prefix). Find the user whose password you want to change and press the Edit icon for this row.

Step 6:
A form similar to the one displayed below will open. Delete the value on the password field, just below the email address.

Copy the new value


and paste it into the password field, and then press the Go button. phpMyAdmin should display the message "Affected rows: 1". At this point, the password should be changed to "secret".

Log in with this user and password and change the password of this user to a secure value. Check all of the users using the User Manager to make sure they are legitimate. If you have been hacked, you may want to change all of the passwords on the site.

Please also note that for a stronger password we usually recommend using a password generator app like the one at SeoPrimeTools Password Generator.

Method 3: Add a New Super Administrator User

If changing the password won't work, or you aren't sure which user is a member of the Super Administrator group, you can use this method to create a new user.

  1. Navigate to phpMyAdmin and select the database for the Joomla site in the left-hand box by clicking on "+" sign to expand it. This will show the database tables on the left side of the screen.
  2. Press the "SQL" button in the toolbar to run an SQL query on the selected database. This will display a field called "Run SQL query/queries on database (your database)".
  3. Delete any text in this field and copy and paste the following query below and press the Go button to execute the query and add the new Administrator user to the table.
  4. Use the SQL query below to add another administrator account.

Make sure you match your db table prefix!

The following code uses jos31_ as the table name prefix which is only an example table prefix. The prefix when you first installed Joomla is RANDOM or what you set it specifically too. You will need to change all occurrences of jos31_(your install set prefix) found in the code below to the prefix your installation is using.

SQL code for use with Joomla 2.5 & Joomla 3.1

INSERT INTO `jos31_users`
   (`name`, `username`, `password`, `params`, `registerDate`, `lastvisitDate`, `lastResetTime`)
VALUES ('Administrator2', 'admin2',
    'd2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199', '', NOW(), NOW(), NOW());
INSERT INTO `jos31_user_usergroup_map` (`user_id`,`group_id`)

At this point, you should be able to log into the back end of Joomla! with the username of "admin2" and password of "secret". After logging in, go to the User Manager and change the password to a new secure value and add a valid e-mail address to the account. If there is a chance you have been "hacked", be sure to check that all users are legitimate, especially any members of the Super Administrator group.


The password values shown on this page are public knowledge and are only for recovery purposes. Please make sure you change the password to a secure value after logging in before your site gets hacked.

The examples above change the password to "secret". Two other possible values are shown below:

- password = "this is the MD5 and salted hashed password"

- admin  = 433903e0a9d6a712e00251e44d29bf87:UJ0b9J5fufL3FKfCc0TLsYJBh2PFULvT
- secret = d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199
- OU812  = 5e3128b27a2c1f8eb53689f511c4ca9e:J584KAEv9d8VKwRGhb8ve7GdKoG7isMm

Share This on!