In general, databases store passwords in plain text format.
Therefore, hackers or anyone can access the password from the database easily.
In website management software like Joomla, an effective solution to this security risk is to encrypt the password.
That’s why, at Bobcares, we often get requests from our customers to configure Joomla password encryption as part of our Server Management Services.
Today, we’ll see how our Support Engineers set up them and fix related issues.
Steps to encrypt password in Joomla
Encrypting password always make the password more secure. Let’s see how our Support Engineers set up password encryption in Joomla.
1. First, we log in to control panel account and open the phpMyAdmin option under Databases.
2. In phpMyAdmin menu, click on the Joomla database name and expand the tables.
3. Then, open the jos_users table from the Database drop-down list. It is this table that contain the Joomla users.
4. Next, we click the Edit link next to the particular user details.
5. We choose MD5 in the Function column.
6. Finally, we click the Go button.
This automatically sets an encrypted password for the Joomla user.
That’s how we configure password encryption in Joomla.
Common errors & fixes in Joomla password encryption
Unfortunately, setting the password encryption in Joomla may not work always as expected.
Let’s take a closer look on the reasons for password encryption failure and how our Support Engineers fixed it.
1. Problems after migration
Migration can be a reason for password problems in Joomla.
Recently, one of our customers approached us regarding Joomla password encryption. After migrating to a new version, his password didn’t work and couldn’t log in to the website.
In Joomla, if the password for the administrator doesn’t work, it is possible to set the temporary password.
To work around this our Support Engineers logged in to hosting panel & navigated to PHPmyAdmin. We, then did a password reset of the Joomla admin user.
Additionally, when you have no clue about the current admin user, we insert a new admin user to the Joomla user table. For example, when the Joomla user table name is jos45_users, we execute the following query.
INSERT INTO `jos45_users`
(`name`, `username`, `password`, `params`, `registerDate`, `lastvisitDate`, `lastResetTime`)
VALUES ('Administrator2', 'admin2',
'd2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199', '', NOW(), NOW(), NOW());
INSERT INTO `jos45_user_usergroup_map` (`user_id`,`group_id`)
VALUES (LAST_INSERT_ID(),'8');
After executing, Joomla allows access to a user “admin2” with a password of “secret”. And, after logging in, reset the password immediately to avoid any hack attempts.
2. Data Broken using salted MD5
In general, using salted MD5 technique fairly secures passwords. However, MD5 has received a certain amount of bad press as being “broken” and has been stopped permitting its use internally because of security concerns.
As an alternative method, we recommend the SHA-1 algorithm because of security concern.
We took the following steps to change the password algorithm in Joomla.
1. First, we took the backup of the whole website.
2. Then, we logged in to the administrative panel.
3. We edit the file /libraries/Joomla/user/helper.php on the server.
4. And we located the line of code public static function getCryptedPassword.
5. We replaced the ‘md5-hex’ with ‘ssha’ & it looks like this.
public static function getCryptedPassword($plaintext, $salt = '', $encryption = 'ssha', $show_encrypt = false)
6. Finally, we saved the file on the server to reflect the changes made.
[Having trouble with Joomla password encryption? We’ll fix it for you.]
Conclusion
To be more precise, using the hashing algorithm, Joomla can generate an encrypted password for security purpose. Today, we saw how our Support Engineers configured “Joomla password encryption” and fixed the common errors.
0 Comments