I must make a confession. I haven't written a blog post in over a year because I had forgotten my password to log into the admin portion of my blog. #shameEmoji
Not only had I forgotten my password but I was lazy and hadn't configured email support on the server running my blog and therefore I could not reset my password via traditional methods.
So for over a year I did nothing except guess at the password on and off to no avail. Earlier today I sat down to reset my Ghost users password the old fashioned way by manually updating the MySQL database powering this blog.
I found that there was very little resources on how to do this online so I figured I should share how I did it for the other unfortunate souls who my be in my position.
Resetting the Password
For this tutorial, I am going to assume you have the following:
- SSH access to the server running your blog
- Admin (sudo) privilege on your user
- Know the password to your MySQL database
If you don't have the following, you should resolve them first before continuing.
- Once you have SSH'd into your server with sufficiant privlidges, navigate to the directory of your ghost installation. In my case this was
var/www/ghost
. - Find your production configuration file most probably named
config.production.json
. View and save the contents of this file as we need it later. The contents of the file should like similiar to the following:
{
"url": "http://yourblog.com",
"server": {
"port": 1236,
"host": "127.0.0.1"
},
"database": {
"client": "mysql",
"connection": {
"host": "localhost",
"user": "ghost",
"password": "hashed_password",
"database": "blog_prod"
}
},
- Enter the MySQL monitor via
mysql -u root -p
. You will be prompted for the DB admin password at this point. - Set the Ghost database via
USE your_db
. In this example, the command would beuse blog_prod
. - Find your user record via
SELECT * from users;
. Take note ofid
of your user as we will use this later in the update command for your user. - Ghost does not store passwords in plain text (obviously). Instead it hashes your password using an NPM package known as bcrypt. This means we must enter a hashed version of your desired new password. Luckily there is a great online tool to help us with this! Open the tool, enter your new plaintext password, use the default number of hashing rounds (probably 4) and then generate your hash. It should look something like this
$2a$04$Hx5JtNu4sJlvSHnzQSp7nOv.QYl9MX57p80zT.JCFTyKfCVAZWxHu
. Copy this hash. - We will now update your user record with this new hash. Again from the MySQL monitor, enter the following command
UPDATE users SET password = '$2a$04$Hx5JtNu4sJlvSHnzQSp7nOv.QYl9MX57p80zT.JCFTyKfCVAZWxHu' WHERE id = 1;
. Continuing using this example, my command would beUPDATE users SET password = '{your_hash}' WHERE id = {your_user_id};
. Run the command you get a success message that shows the update password hash and a1 row set (0.00 sec)
message.
NOTE: If you are getting errors such as the following:
ERROR 1292 (22007): Truncated incorrect DOUBLE value:
ERROR 1406 (22001): Data too long for column:
Try breaking up the command by entering just one SQL statement at a time. For example, first you would enter UPDATE users
, press enter, then type SET password = '{your_hash}'
, press enter, finally type WHERE id = {your_user_id};
.
Conclusion
If you managed to make it through the above steps your password should now be reset. You should now be able to go to your blogs admin login portal, enter your users email and your new password and be able to log in.
I really hope this helped someone else out there. Comment below if this either helped you or you have more questions!