There are many places you can get WordPress Information. The WordPress Helpers is your best source for all things WordPress, of course ;-) , but we can’t do our job without a bunch of support. Today, WPShout pointed us at an interesting little tool for managing WordPress passwords.
And we hate it, and say you shouldn’t go there. Here’s why:
As we’ve told you before, you need to have at least a nodding acquaintance with The WordPress database. When all else fails, being able to get inside it gives you a chance to recover from WordPress disasters, and managing WordPress passwords is, of course one of those recover-from-disaster issues.
The right way to take care of a WordPress Passwords disaster depends on your circumstances. This page at wordpress.org explains your options, and in fairness to the tool WPShout points at, unless you have administrative privileges none of the options will help you with WordPress passwords disasters.
But take a look at the choice titled Through phpMyAdmin. Play with it for a bit. It works; we’ve used it, both here and for clients. Now try out the tool that WPShout’s article leads to. Try it a few times with the same password. Notice anything?
That’s right; hash the same password more than once and you’ll get more than one result.
While we aren’t cryptography experts, this is concerning.
Since administrative users on a WordPress installation have so many options to manage WordPress passwords, obviously the only reason for this tool is for non-administrative users to fix their WordPress passwords without needing to bug the admin. But look at this picture of the log-in page at The WordPress Helpers.
When WordPress passwords get misplaced there’s a simple way to recover them built right into WordPress.
If something catastrophic has happened, this won’t work, of course, but if something catastrophic happens in WordPress someone with administrative access will need to step in, anyway.
Sometimes knowing a great tool when you see it is a matter of knowing when you aren’t looking at one. Have a great day.
Source: WPShout
WordPress Passwords and The WordPress DatabaseWe'll send a weekly email with the latest information, recommendations, quick WordPress tips and more. We're serious about privacy and won't spam you or sell your information.
Or if you prefer, subscribe to our RSS feed. Stay up to date, live!