This tool for Concrete CMS v8 and v9 helps you recover your Concrete CMS website's Super User account in (almost) any situation.
Concrete CMS Super User is the only omnipotent user, the one that can't be limited in any way and has full authority over your website.
As such, not having full control of the Super User means your control over your website can be limited.
Even worse, whoever else has control over your Super user can take your website hostage.
But before you try to use this tool to get your Super User back, please consider the following.
Whoever connects as the Super User has to know exactly what they are doing because they have the power to destroy things irremediably.
I know many web professionals who do NOT give their client the Super User credentials because they don't want them to break stuff.
This is the only legitimate reason I know and can think of for not giving you Super User access. Although a legitimate reason, it is only acceptable if the web professional is ready to hand the Super User over to the site owner, at no extra cost, provided the site owner understands the responsibility.
Don't ask for control over the Super User, break stuff and then expect the developer to fix it for free, or even blame them for the havoc you wreaked and the misery you brought upon yourself.
Concrete CMS comes with a password recovery tool you can access from your login screen. Did you try that? If not, try that first, it's easier.
This tool helps you recover your Super User account by taking into account several possible scenarios from the simplest (You lost your password) to the most serious (someone took steps to make sure you can't take control back of your Super User account)
This tool can help you get your Super User back if:
- you lost your password
- you lost your username/email and password
- you don't have access to your email
- the Super User username was changed from “admin” to something else, and you don't know what it is
- the Super User account was deleted
- the Super User account was deleted, and another user was given the “admin” username
In any case, the tool will let you know exactly what the situation is and will give you all the information you need to fix it.
There's only one requirement: you must have access to your server and the files on your server. Nothing else is required.
If you don't have access to your Super User AND no access to your server, I am afraid you're stuck.
If someone blocked your access to the Super User on purpose, they could counter your attempt at getting it back if you do not follow this steps before and after recovering it.
You have to make sure nobody can go back to your server and rollback your changes after you recovered your Super User. They could even do it using this same tool.
Follow these steps:
- Delete all user accounts that have access to your hosting account except your own
- Change your hosting account password
- make sure your hosting account uses your email address
- Delete all existing FTP accounts
- Create a new FTP account that you and only you fully control
After you recovered your Super User and you followed the steps above, it is highly unlikely someone could steal it back from you, but they still could break stuff on your site, so follow these steps:
- Delete all users in the “administrators” user group that you do not recognize or are not needed
- Delete all users in any group with specific editing permissions if you do not recognize them or do not need them
- Delete all users not in any group that you do not recognize or need and that seem to have specific editing permissions in place
Download the file c5-su-recovery.php and put it on your server inside application/bootstrap
We don't want just anybody accessing your website to have access to this tool, so we're going to protect it with a password.
This is not your new Super User password, it is only a security password to make sure others can't use this tool while you are working with it.
Open the file for modification and, at the top, where it says
$authorizationPassword = "YourPasswordHere";
Put your own security password in place of YourPasswordHere and save. Your new password can only use numbers and letters and no spaces. So if your new password is mySafetyPassword, you will have:
$authorizationPassword = "mySafetyPassword";
And please make it something better than "mySafetyPassword"!!!
Open the file application\bootstrap\app.php for modification and, at the top, add the line
require_once __DIR__ . '/c5-su-recovery.php';
Now you're ready to go. Visit any page on your website by adding this at the end of the URL:
?p=mySafetyPassword
If you visit your home page for instance, you will use https://www.yourwebsite.com?p=mySafetyPassword
There you will be greeted by a form and an explanatory message describing your situation and the steps to follow. Just follow the steps.
Once you're done, I strongly suggest you delete the recovery tool from your server. To do so:
- Remove the code added to
application\bootstrap\app.php - Delete the file c5-su-recovery.php
- Login as the Super User and change your password again just to be sure
- Remove any user accounts you don't need from your website