update wordpress user password through phpmyadmin

Many PHP new developer asked my how to update wordpress user password through phpmyadmin. It is very easy trick. Many PHP sites are using Md5 encryption logic for saving the password in database.

Similarly wordpress is using MD5 encryption for saving the password in database. We can easily keep any password and change through phpmyadmin for wordpress users very easily.

First we need to open phpmyadmin in your web-browser. open wp_users tables. You are able to see following screenshot when choose user for edit.


First select user for which you want to edit the password and click on change button. you will be able to see above image.

Important thing is, you need to select MD5 in function column for user_pass field. Than choose your password and click on go button.

It is very simple to change password using phpmyadmin for any php application if that application is using MD5 encryption logic for saving the password.

WordPress Hacking and you What you can do

As if website hacking is not something new to you, to mention hacking of WordPress sites could just sound like another form of it. But you’re relying on the wonderful technology that WordPress provides to post, manage and display your website content could mean just being over –confident or outright ignorant about the perils that are already the matter of concern in the wide world of website design.

Wordpress Hacking and you
WordPress Hacking and you

Any website is hacked for a variety of reasons; to steal information, to place spammy links, to feed on the traffic a particular website has to ones advantage and much more. This is not very different with hacking of WordPress sites too. WordPress works almost entirely on its plugins and a well devised database to create a system where dynamic content is a cakewalk for anyone, who owns a website, to manage. Hackers simply find the vulnerability in a plugin, insert a malicious code or code edit and gain access to the database that manages all content. There, they can place SQL codes to manipulate the website’s content and pretty much have your website under their control.

Why WordPress is a point of concern?

Why WordPress is a point of concern
Why WordPress is a point of concern


The turn of events, making a highly desirable and easy technology as WordPress, utilized for website designing from just being a blog building platform, to be a vulnerable target for hackers to break in to, is more of a recent development. The interesting facts related to this phenomenon are;

  • WordPress’s popularity has soared across the world and currently accounts for a huge share of websites built and maintained around the world.
  • Ease with WordPress in building websites has misled website owners to a false sense of security also. Most of this is seen among small businesses and startup companies who are also happy with the lesser investment it needs.
  • Following the last point, a large group of website owners don’t really religiously update their WordPress installations, whereby rendering themselves vulnerable to security loopholes that hackers utilize.
  • The third-party plugin developers are also risking their customers with plugins that has not been tested enough and neither been created with farsightedness.

Let’s try a more technical view of this scenario.


  • On a development level, bad coding can create vulnerabilities that hackers can use to their advantage
  • At the administrative level, applying poorly constructed passwords can make access to skilled hackers very easy
  • Plugins developed without a good amount of testing and a stable and fool-proof coding can compromise the website’s security on a whole
  • Website owners/managers who do not care to do regular WordPress updates puts themselves at great risk of falling prey to newer hacking attacks

So how do I safeguard myself?


It’s one thing to operate and manage WordPress modules at an operational level, where you essentially add and edit content for your website. When it comes to making your WordPress website safe from hackers, you definitely need to meet the experts and get things done. Nevertheless, you had better looked up for the following cues;

  • Are there pages in your websites failing to appear as expected?
  • Is your admin area failing to perform at any point?
  • Have you verified that new plugin that you have considered attaching to your website?
  • Are you getting a lot of spam emails lately?

If any of these cues turns on, it’s time for you to call for technical experts like hosting supporters to get your website checked. Few of the measures that can help in preserving your website are;

  • Take backup of your website data regularly
  • Change your passwords to stronger ones. The more mixed up and complex, the better
  • Use WordPress security keys. Your hosting support should know that in the file wp-config.php there is a place where you can enter encrypted security keys for information stored in your cookies. Go to https://api.wordpress.org/secret-key/1.1/ to generate your keys and update your wp-config.php
  • Delete plugins that cannot be trusted or those that are not in use anymore
  • If you can make out from the Error log file, it will tell you which file is causing the issue. You can replace or remove those files
  • It is best to upgrade your WordPress to latest versions. This also includes your Worpress theme
  • Check for file permissions and upload permissions
  • Use some security plugins like the ones listed below
    • Wordfence
    • All in One Security Firewall
    • Sucuri Security
    • iThemes Security (formerly Better WP Security)
  • Change WordPress Table prefix. This is something your tech support understands and can help you with
  • If you have any contact forms in your website, crosscheck with developers if that form is built with core CT standards.


WordPress has made building and maintaining websites a wonderful experience for you. But as much a great tool it is, it can serve you with its caliber when you keep it updated and well-maintained. Your diligence will pay off with your WordPress installation giving you the great advantage of seamless website performance for a long time into the future.

Delete users by date wordpress Mysql

spam users which was registered. I used following Mysql commands for removing he wordpress users. query for Delete users by date wordpress Mysql


Some days before I enabled the my site registration as subscribers. In last seven days there are four thousand subscribers has been registered on my site. After reviewing the users and there server request logs I got to know about that was spam users which was registered to my site. WordPress is always easy target for spammers and hackers. I tried to use some code for remove the wordpress users but then later I used following Mysql commands for removing he wordpress users.

Delete users by date wordpress Mysql


When you create or register the user in wordpress that time some tables are filled by wordpress. Some entries will insert into wp_usermeta table and wp_users table. If you want to delete the bulk users then you need to delete user entries from wp_usermeta table first. You can use following SQL command for deleting the user meta entries from wp_usermeta table.

DELETE wp_usermeta FROM wp_usermeta, wp_users WHERE wp_users.user_registered > '2013-11' AND wp_users.ID = wp_usermeta.user_id;

After deleting the user meta entries from table then remove users from wp_users table using following command

DELETE FROM `wp_users` WHERE `user_registered` > '2013-11';

Note: Before deleting the users from wordpress database, take the Database backup. Take the worpdress backup and restore on local box. Make sure your DB backup file is perfect.

Do not delete users from wp_users at the first. First delete user meta from wp_usermeta then execute the next command.


How can we save Ram usages using some wordpress theme tricks

While running wordpress site, save Ram usage is always great idea and you can easily improve the site performance by simple wordpress theme tricks.

We mostly use the get_permalink(), get_the_title() methods in our wordpress theme. Do not pass the post ID as parameter.

if you’re doing a get_permalink or get_title() call with Post id, 8 out of 10 times you’ll need to more of that post than just the permalink, so this isn’t really a problem.

save Ram usage

Post object is actually already slightly faster than calling get_permalink with $post->ID (in get_post it then only sanitizes and adds to cache, it doesn’t fetch new data), but the real benefit comes when you add a variable called filter in the $post object, setting it to “sample”. Now you decide whether that post object is going to be cached or not and which variables it contains.

Pass the $Post object instead of Post ID.

Do not use the Custom fields. Your server need to fire extra custom quries on Mysql server.

If your are using $wpdb->get_results or new WP_Query( $args ) then add the order by.

How can we save Ram usages using some wordpress theme tricks
How can we save Ram usages using some wordpress theme tricks

If wordpress site is hacked then how to fix issue

Recently one of my wordpress site is hacked which is on wordpress. There is something wrong happening on server. We fixed issue with some steps, we given full steps for fixing issue. Due to disk I/O notification and CPU usages notification email I got to know.

If wordpress site is hacked then how to fix issue

There is something wrong happening on server.

First thing I did which is checking the apache access logs and error logs. I was getting per second 100 request from some IP addresses.

I stoped apache server and I took my database and filesystem backup. Deleted my admin username and added new administrator with new username.

You should use the Better WP Security wordpress plugin. This is very useful plugin.

iThemes Security (formerly Better WP Security)

I added following code in my .htaccess file

 <limit GET POST PUT>
 Order Allow,Deny
 Allow from all
 # uncomment/edit/repeat next line to block IPs
 # Deny from 123.456.789
 Deny from
 Deny from
 Deny from

If wordpress site is hacked then how to fix issue
If wordpress site is hacked then how to fix issue

But above code was still not helpful to me because disk I/O and apache process was taking time to sending the request to 403.

Then I blocked the IP Address on My Linux server using following commands.

 iptables -A INPUT -s -j DROP
 iptables -A INPUT -s -j DROP
 iptables -A INPUT -s -j DROP

This solved my issue.

WordPress Under Huge Attack by Malicious Botnet: Protect your WP

From last two months WordPress Under Huge Attack by Malicious Botnet. Hackers are using thousands of individual computers and IP addresses. The botnet goes for the most obvious hack attempt: target sites with admin as the username , and will try to access that site’s password with a combination of thousands of possible passwords.

The WordPress site currently powers over 60 million websites and read by over a quarter of a billion users every month.When survey website W3Techs conducted a survey, it was found that 17% of the world’s websites are powered by WordPress.

While the attack may only succeed a small percentage of the time, the attack could result in hundreds or thousands of compromised servers when averaged over tens of thousands of sites powered by WordPress software.

If wordpress site is hacked then how to fix issue
If wordpress site is hacked then how to fix issue

I recommend following solutions for handling this issue
Change your WordPress admin Username

We can use the following article for changing the admin username

Update wordpress version
WordPress founder Matt Mullenweg advises that if you do these first three “you’ll be ahead of 99% of sites out there and probably never have a problem.”

Use the Better WP Security plugin
As most WordPress attacks are a result of plugin vulnerabilities, weak passwords, and obsolete software. Better WP Security will hide the places those vulnerabilities live keeping an attacker from learning too much about your site and keeping them away from sensitive areas like login, admin, etc.Better WP Security takes the best WordPress security features and techniques and combines them in a single plugin thereby ensuring that as many security holes as possible are patched without having to worry about conflicting features or the possibility of missing anything on your site.

With one-click activation for most features as well as advanced features for experienced users Better WP Security can help protect any site.

iThemes Security (formerly Better WP Security)

install and update the wordpress plugins without providing ftp access

I did so much R&D about installing and updating the wordpress plugin without using ftp access. I got very nice trick to solve this issue. When you are using the shared hosting or VPS server for wordpress site hosting. You always face issue for installing the wordpress plugin or wordpress theme. It issue happen when you do the the wordpress updation. Using following simple steps you can install the wordpress plugins and themes without giving the ftp access.

update wordpress plugins without ftp access

I always did the wordpress plugins and theme updation. So every time providing the ftp credentials are really panic. So I am always using following steps for doing wordpress up-gradation.

First you need to add the following code in your wp-config.php file.

define('FTP_USER', 'username');
define('FTP_PASS', 'mypassword');
define('FTP_HOST', '');
define('FTP_SSL', false);

But this is old idea. If you dont want to add the ftp access in wp-config.php file then Just add the following line wp-config.php file.

define('FS_METHOD', 'direct');

Note: You need to give 755 permission to wp-content folder. Create the upgrade folder in wp-content folder.

If still you are facing issue then give 777 permission to all wp-content folder.

For permission use following command

cd your_wordpress_directory
sudo chown -R www-data wp-content
sudo chmod -R 755 wp-content

More information:

WordPress will try to write a temporary file to your /wp-content directory. If this succeeds, it compares the ownership of the file with it’s own uid, and if there is a match it will allow you to use the ‘direct’ method of installing plugins, themes, or updates.

Now, if for some reason you do not want to rely on the automatic check for which filesystem method to use, you can define a constant, 'FS_METHOD' in your wp-config.php file that is either 'direct' 'ssh', 'ftpext' or 'ftpsockets' and it will use method. Keep in mind that if you set this to ‘direct’ but your web user (the username under which your webs server runs) does not have proper write permissions, you will receive an error.

update wordpress plugins without ftp access
update wordpress plugins without ftp access

Show comments from custom post type in wordpress

WordPress tutorial, Show comments from custom post type in wordpress. we shows comments in sidebar. But what to do for show comments for custom post type.

Show comments from custom post type in wordpress

It’s not well documented, but according to the codex, you can pass a ‘post_type’ variable in the get_comments function.

 $comments = get_comments('number=10&status=approve&post_type=YOUR_POST_TYPE');
foreach($comments as $comment) :

// comment loop code will go here


Note: This code only useful after wordpress 3.1 version.

Show comments from custom post type in wordpress
Show comments from custom post type in wordpress

Surfers risk fraud with online banking login details

Nearly three-quarters (73 per cent) of people recently fraud with online banking, surveyed admitted to using the same login details for their online banking across other websites and social networks.

fraud with online banking
fraud with online banking

Trusteer, the customer protection company for online businesses, said that by reusing these credentials, people put themselves at a serious risk of fraud.

Reusing passwords was the most common mistake made by those asked but 47 per cent also admitted to using exactly the same user ID and password to login to less secure sites.

Criminals have devised various ways to get login details from less secure sites such as online email clients and social networks and then test these credentials on financial sites to commit fraud.

Basic of Rails routing -rails routes basic hack

Here I am going to focus on only basic routing technic of Rails.

If you are new in rails. Just wanted to remind you.

First go to Rails project’s “public” folder and delete or rename the index.html file. If index.html file is there then default routing will not run.

If you want Users controller’s index page as a home page of site then go for this code in routes.rb file.

map.connect ”, { :controller => ‘users’, :action => ‘index’ }

In view you can use link for home page and logo of site(basic hack)

<%= link_to(“HOME”,{:controller=>’/’}) %>