CASE STUDY: Password Reset Not Working
I was approached by a client who was having problem with the wordpress password reset.
My cient was attempting to change his password from the normal password change screen under wp-admin. When he attempted to reset his admin user password, a new password was sent, but the new password did not work.
As a side note, his ISP had reported that certain scripts on his blog were open for vulnerabilities.
I suspected that the blog had been hacked and the password reset was sending to some nefarious web troll.
What I did was to white-hat hack the database, and using techniques I don’t want to document here, I was able to get a new MD5 encrypted password. I then updated the database with that password so I was able to login with an admin level password.
The next stage of the fix was to restore the wordpress code base, I took a copy of wp-config.php, backed up all of the existing files before deletingthe blog root, wp-admin and wp-includes, next I refreshed the blogs code base with a mint copy 0f wordpress 2.7 and re-installed wp-config.php.
The blog was back online and in full working order. My client was happy and I am now on his blogroll.