Reprise - Recovering Ghost Blog Password

Laptop Aw Snap!

By default the ghost platform will lock an account if the user makes 4 or more invalid login attempts. This is not usually an issue as the platform has a built in mailer that will send a reset link to the email associated with the user account.

However, if you are not on a managed service and for instance you did not setup your mail relay and or your mail server is experiencing an outage you are out of luck. Well, No. Not exactly. There is still hope yet! Here is what you need to do.

  1. Login to the OS running the ghost blog with a user account that has read/write permissions on the location containing the ghost content directory.

  2. Stop your blog.

  3. Download and install the sqlite3 client for your chosen operating system. sqlite is a light weight relational database commonly embedded in applications that uses the Structured Query Language (SQL). It stores each database in a single file and it is what ghost uses to store all the non media data related to the blogs it manages.

  4. Access the database

     sqlite Path/to/ghost/slash/content/data/ghost.db
  5. Verify the status of the account associated with the locked out user. Replace username@address.domain with the actual email address

     select * from users where email='username@address.domain';
  6. Generate a bcrypt hash for the new password. Ghost uses bcrypt to perform the password encryption and hence our new password must also be hashed using bcrypt. No need to go install bcrypt binaries and tools in this case just use an online generator like this one or google.

  7. Now that we have a new password hash we can go ahead and reset the password.

     update users set password='bcrypt hash from #5' where email='username@address.domain from #4';
  8. Thats it! Now login at url://your-blog.domain/admin and remember to reset that password to something more lasting.

Read our original post to find more password recovery tips.