Joomla Admin login Tutorial

Access to the Joomla backend is restricted to administrators and require login with a username and password. The backend of Joomla is also referred to as the admin section. Now, how do you log in to the backend of your Joomla website. Here are the steps to follow:

  1. Enter the admin URL. This will be yourdomain.com/administrator.
  2. Enter your admin username. This will be the username you entered while setting up your Joomla website.
  3. Enter your admin password. Similarly, this will be the password you entered while setting up your Joomla website.

If the credentials you have entered are correct, you should be able to login to your Joomla administrator area. Successfully logging in will allow you to edit your website, add content, and manage all aspects of your Joomla website.

 

Can you change the admin URL

For security reasons, you may want to change the login URL. Traditionally, it is known that logging in to the Joomla admin area requires appending /administrator to the URL. By changing the admin URL and using a custom URL to access your backend, you will be adding an additional layer of security to your Joomla website.

However, changing your admin URL can require hacking core files. We do not advise that you hack core files.

We will rather suggest that you add a secret word to your admin URL like yourdomain/administrator/secret-word

Generally, we recommend that you maintain better security practices for your Joomla website instead of trying to secure your website by hacking core files.

  • Keep your Joomla website updated
  • maintain a healthy backup
  • Use strong passwords and uncommon usernames. It is much easier and safer to change your website admin username than altering core files. Every Joomla website uses "admin" as default admin username. Changing this to something different can help your security.

Learn details about Joomla website security in post: How Secure is Your Joomla Website

 

Joomla User Levels

In the Joomla Administration page, different groups have different access level features, and they are directly related to the editing, creation, and publishing of content as well as to access to the Administrative interface.

Each group has certain levels of access control, and once a user is made a member of that group, they automatically inherit those rights.

  1. Registered: ​Registered group allows the user to login to the Front-end interface. They can't contribute to the content, but this could allow them access to other sections, like a forum or download section if the site contains one.​
  2. Author​: It permits a user to post content. They are able to submit new content, select options to show the item on the front page and they can also select dates for publishing, but they have no access to publish any content. ​They can edit only their articles but only when that article has been published and is visible.​
  3. Editor​: ​Editor group enables a user to post and edit any content item from the Front-end. They can also edit the content that has not been published. Still, Editor users can't publish or change the publishing status of any articles, even their own article.​
  4. Publisher​: ​It permits a user to post, edit, and publish any content item from the Front-end.​

3 Administration section groups allow access to Joomla:

  1. Manager​: ​It allows the manager to create or edit any content, access to some Backend features like deleting, adding, and editing Categories, and Sections.​ They can also be editing the Front Page and Menus. But they have no access to the "Mechanics" of Joomla, like user management or the ability to install components or modules of Joomla.​
  2. Administrator​​: ​It allows access to almost every administration functions. This user has all the privileges on the back end of a Manager, and they also have the access to set options on, and install/delete components, plugins, and modules.​ They just cannot change, edit, or install Site Templates or make any changes to the sites Global configuration options.​
  3. Super Administrator​​: ​A Super Administration account can only be created or deleted by another Super Administration account. ​Each and every access to all areas is given to Super Administrators, and once these type of account are created, they cannot be as easily deleted.​ A Super Administration account holder admin can block the user from logging in or change the Password on another Super Administration account.

Further reading: Joomla User Manager Tutorial

 

Change the Password of Your Administrator User​

​Sometimes you want to change the admin password for your Joomla websiite to make it stronger or it happens that you input the username and password but it doesn't allow me to login and so you think you should reset it.

If you are able to login to the admin section and want to change the password, that is much easier. You go to user, click user manager and select the user whose password you want to change. Input the new password and save.

If you are simply unable to login to your Joomla backend, changing the password is possible in cPanel. In that case, you can try the following steps.

Joomla has recommended three ways to recover admin password when lost.

Method 1. configuration.php file

If you have access to your configuration.php file for the Joomla installation on your server, then you can recover the password using the following method:

1. Using an FTP program connect to your site. Find the configuration.php file and look at the file permissions. If the permissions are 444 or some other value, then change the permissions of the configuration.php file to 644. This will help prevent issues when uploading the changed configuration.php file later in this process.

2. Download the configuration file.

3. Open the configuration.php file that was downloaded in a text editor such as notepad++ and add this line

public $root_user='myname';

to the bottom of the list where myname is a username with administrator access that you know the password for. A username that is in the Author User Group view access level or higher can also be used in place of a username with administrator access.

4. Save the configuration.php file and upload it back to the site. You may leave the permissions on the configuration.php file at 644.

This user will now be a temporary super administrator.

5. Login to the back end and change the password of the administrator user you don't have the password for or create a new super admin user. If you create the new user you may want to block or delete the old user depending on your circumstances.

6. When finished, make sure to use the "Click here to try to do it automatically" link that appears in the alert box to remove the line that was added to the configuration.php file. If using the link was not successful, then go back and delete the added line from your configuration.php file using a text editor. Upload the configuration.php file back to the site.

7. Using your FTP program verify the file permissions of the configuration.php file, they should be 444. If you manually removed the added line, then change the file permissions on the configuration.php file to 444.

If you have no users who know their passwords and you can't utilize front end registration you may need to make a change in your database as outlined below in this document.

Method 2: Direct Editing of Database

If the methods above did not work, you have two other options, both of which require working with the MySQL database directly.

Change the Password in the Database

If the admin user is still defined, the simplest option is to change the password in the database to a known value. This requires that you have access to the MySQL database using phpMyAdmin or another client.

 
Warning: Make sure you change your password once you regain access
 

These instructions show how to manually change a password to the word - "secret"

  1. Navigate to phpMyAdmin and select the database for the Joomla! site in the left-hand drop-down list box. This will show the database tables on the left side of the screen.
  2. Find and click on the table with "_users" appended in the list of tables (note: you may have a prefix that is not jos_, simply go to the _users table for your prefix).
  3. Click on the "Browse" button in the top toolbar. This will show all of the users that are set up for this site.
  4. Find the user whose password you want to change and press the Edit icon for this row.
  5. A form will display that allows you to edit the password field. Copy the value 
    d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199
    into the password field and press the Go button. phpMyAdmin should display the message "Affected rows: 1". At this point, the password should be changed to "secret".
  6. Log in with this user and password and change the password of this user to a secure value. Check all of the users using the User Manager to make sure they are legitimate. If you have been hacked, you may want to change all of the passwords on the site.

Add a New Super Administrator User

If changing the password won't work, or you aren't sure which user is a member of the Super Administrator group, you can use this method to create a new user.

  1. Navigate to phpMyAdmin and select the database for the Joomla! site in the left-hand drop-down list box. This will show the database tables on the left side of the screen.
  2. Press the "SQL" button in the toolbar to run an SQL query on the selected database. This will display a field called "Run SQL query/queries on database <your database>".
  3. Delete any text in this field and copy and paste the following query below and press the Go button to execute the query and add the new Administrator user to the table.
  4. Use the SQL query below to add another administrator account.

Make sure you match your db table prefix!

SQL code for use with Jooml

INSERT INTO `jos31_users`
   (`name`, `username`, `password`, `params`, `registerDate`, `lastvisitDate`, `lastResetTime`)
VALUES ('Administrator2', 'admin2',
    'd2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199', '', NOW(), NOW(), NOW());
INSERT INTO `jos31_user_usergroup_map` (`user_id`,`group_id`)
VALUES (LAST_INSERT_ID(),'8');

At this point, you should be able to log into the back end of Joomla! 
with the username of "admin2" and password of "secret". After logging 
in, go to the User Manager and change the password to a new secure value
 and add a valid e-mail address to the account. If there is a chance you
 have been "hacked", be sure to check that all users are legitimate, 
especially any members of the Super Administrator group.
Warning!

Warning: The password values shown on this page are public knowledge and are only for recovery. Your site may be hacked if you do not change the password to a secure value after logging in. Be sure you change the password to a secure value after logging in.

he examples above change the password to "secret". Two other possible values are shown below:

- admin  = 433903e0a9d6a712e00251e44d29bf87:UJ0b9J5fufL3FKfCc0TLsYJBh2PFULvT
- secret = d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199
- OU812  = 5e3128b27a2c1f8eb53689f511c4ca9e:J584KAEv9d8VKwRGhb8ve7GdKoG7isMm
  • 2 Users Found This Useful
Was this answer helpful?

Related Articles

How Secure is Your Joomla Website

Joomla is the third most popular content management systems(CMS) used by webmasters and designers...

How to Fix The Joomla White Screen of Death

The White Screen of Death (WSOD) describes a situation where the Joomla website displays a blank...

My Joomla Website Displays a Blank Page, What Should I do

A blank white screen displayed on a Joomla website can be very disturbing but it is not an...

Joomla Backup and Restore Tutorial

This tutorial covers how to backup and restore a Joomla website. We will adopt the following...

How to Prevent Spam on Your Joomla Website

Eliminating web spam and reducing the capacity of attackers to hurt web operations has been the...