Emergency WordPress Password Reset Plugin

If your wordpress gets hacked somehow, you should reset all your user’s passwords as a precaution. there are some other things you should do here. Read about it!

This plugin does just that! It creates new passwords for every user, so hackers are stopped and then it will email all your users a password reset link, so they can create a new password – so watch out if you have more than a hundred on a shared host (they won’t like a mass email out)

It’s available on the WordPress repository here

WordPress uses “salt keys” to protect sensitive things like passwords, forms and some of the cookies that show whether you are logged in. They salt the data before encrypting it. If you have been hacked you must change the salt keys which are in your wp-config.php, but that is a little bit technical.

They look like this…

define('AUTH_KEY',         '+xqP/5U/=0mU$~>N]/yf?h|kyCy9usld:f};3`_UCX.RfUav0.6bgQ}gBp4W9W5_');
define('SECURE_AUTH_KEY',  'o|AAIsN+&@l@g(Li9mQPnDIPrw6umWK0aA|DRp_;Y }rwN.4f#jQ4C$<?7f_-WLV');
define('LOGGED_IN_KEY',    '|[J<1j|Z2CUgH~)#0#jtfoQI8wA}e2Gyq5r(vtl-0^yu3g<&f*![14#nM?+g6#tl');
define('NONCE_KEY',        'XbK2Qzn)}I msVHJYBK<Gq^[=rm2}dJ|1AsB}Dw>v0++ JbNl-1{,83LIqv|:A.~');
define('AUTH_SALT',        'elN8KPP#T^JY$6d2T[Nt_Mp-f|Zx$f*Q9Ur07-R}u4>Xt)Tg+-k%!!zu?*_DL{cK');
define('SECURE_AUTH_SALT', 'F5WI%Ah;!3X|hrk0d@<|&<%u&!+cbE3dFW*UL5p|%7d}:+LbJdBeCmW(66M=ihhH');
define('LOGGED_IN_SALT',   '6*feTK}={POu[+W%wUySL+M,v8Sq4F6U/a}*=?4}lG-Ka94&WD{6.T~3q5mfE{dX');
define('NONCE_SALT',       '5x^h}d~b6KF[4X_[|F~?}jU[8bFx*yLSlryed7q ;~r6$?83RqsVD!x`Fydz-1sy');

So the Emergency Password Reset plugin can do the job for you. Once installed and activated – there is a menu link under Dashboard>Settings>Reset Salts.

Once done you will have to login again to do anything else on the site.

It may be worth resetting the “salts” on a monthly basis anyway!