Not able to log for the first time on a salted WordPress by creating pwd on BD

I've inherited a WordPress project and first thing I tried to do was create a superadmin user by inserting a new user into wp_users and the appropriate permissions into wp_usermeta.

I've done that a dozen times without problems...

but…

All the current and working passwords start with $P$B… and are 35 chars long strings with dots and slashes on them. Which means, I guess, that maybe they are using some hashing other than md5 and maybe some salt.

I've read all the answers to this question and I'm almost sure that I should be able to just login for the first time with just the MD5 of my password on the database and WP should take it from here but this is not working.

I've also tried without success:

  • setting the password via wp_set_password
  • creating the user on wp_users and not setting anything for it on wp_meta. Then login.

Is there any way to create the full hash salt and all? Is there any configuration that disables the backwards compatibility that permitted to log in with MD5 on the first log in?

Thanks a lot!

Topic encryption password Wordpress

Category Web

1
answered at

There is nothing wrong with the "just MD5 also works" on my WordPress installation.

As I was creating users via 

INSERT INTO wp_users (user_login, user_pass, user_nicename, user_email,  display_name,user_registered) VALUES ('login', MD5('password'), 'Name Surname', '[email protected]',  'username',now());
INSERT INTO wp_usermeta (umeta_id, user_id, meta_key, meta_value) VALUES (NULL, (Select max(id) FROM wp_users), 'wp_capabilities', 'a:1:{s:13:"administrator";s:1:"1";}');
INSERT INTO wp_usermeta (umeta_id, user_id, meta_key, meta_value) VALUES (NULL, (Select max(id) FROM wp_users), 'wp_user_level', '10');

I did accidentally create more than one user.

At login time either WordPress was selecting the first user and I was modifying the last (and so not doing anything) or WordPress was refusing to login me because there where more than one user with exactly the same username/password.

I'm answering just to let anyone that uses the above method (the insert) to create admin users that, of course, there is no the user already exists check so please don't repeat my mistake.

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.