SilverStripe CMS requires you to log in. If you have lost these details then there is an alternative ‘admin’ password that you can set in the code to allow you to log in. Let’s look at how to set it.

You need access to the files that comprise your site:

Assuming you’re on SilverStripe 4 the default admin password can be set in the .env file at the root of your websites filesystem.

NOTE: If you’re on an older version keep reading for alternate instructions.

It’s possible that this admin password is already set by your developer so if possible check with them to see if it is and if so they can send them to you.

See the note on sending password information securely at the end of this post. If it is not sent securely then it’s possible that a malicious user can log in to your site and will have access to change your site’s content, create themselves a user or whatever they want.

Inside of the .env file, you can add 2 lines (see below) of code in order to set the admin password. Replace ‘username’ with the word ‘admin’ and 'password' with a strong password.

NOTE: Make sure this is a secure password because if it isn’t this is the easiest way for someone to hack your CMS password. You can get a strong password here. It will be an impossible password to remember but below I show you how to use a password protection system to always remember it.

SS_DEFAULT_ADMIN_USERNAME=‘username'
SS_DEFAULT_ADMIN_PASSWORD=‘password’

Save the file and you should be good to go to login.

What if you're on an older version of SilverStripe?

If your site is not in SilverStripe 4 then previous versions of SilverStripe (SilverStripe 3 and below) kept the default admin password in a different file. Check the 'mysite/_config.php' file. Commonly the ‘mysite’ folder is altered in older versions of SilverStripe to be specific to the website so potentially this is named something else. Worst case scenario if you can’t find this and you have access to the code you can do a file search for all files named ‘_config.php’ and locate it that way.

Also, in older versions of SilverStripe, you need to add a similar but slightly different version of the code above. You should be adding,

Security::setDefaultAdmin('admin', 'password');

Make sure to change the word password to a strong password using Strong Password Generator.

Now you can log in using these new details:

Go to the CMS login page at examplesite.com/admin and you can use the details you just entered to log in.

From here you can go to the Security Model Admin Tab and add a new password. In SilverStripe 3 and 4 this will be on the left-hand side of the initial CMS login page. SilverStripe 4 is mobile optimized so if you’re doing this on a mobile phone you will need to open the mobile menu and select Security from here. From memory in a SilverStripe version 2 site, this is not on the left-hand side but at the top of the screen.

Once the Security Page is loaded you can do two things:

1. There should be listed here your existing User Details. You could click into this and use the ‘change password’ feature to update password for your normal log in.
2. Alternatively, you could add a new User (aka Member in SilverStripe) with a new username and password details to replace the ones you lost. In doing so you will also need to add the user to a ‘Group’. Groups are SilverStripe's way of allowing certain users to perform different tasks. If you want the new user your creating to have all privileges then select ‘Administrator’ as the Group. If you need help with this let me know in the comments.

Whichever option you choose, hit the save button to save the details you have just created. If you want you can go back to the file where you added the default user and delete the lines of code that you entered. If you do so then you will need to use the member details you just created to log back in.

That should be it. You’re logged back in now but to avoid this happening again you could install some software to remember all of your passwords. Read on for that information.

How to never lose your password again:

There is a reason you lost your password in the first place most likely - you somehow forgot it, deleted it or misplaced it. You can avoid this by using a service like LastPass. This is a service which will remember the username and password details for you. All of them. It also has secure notes and a browser plugin and an app for mobile. It’s very useful. Just start using it as it’s much easier. You sign up for free here and learn how to use it.

Sending passwords securely:

In the case that your developer has to send you the password and login details for you then try not to do this by email as it isn’t secure. It is better to use a text message or perhaps a secure messaging app like Telegram. Emails go through multiple servers on their way to their destination and as such aren’t really very safe with sensitive information. If someone has the login to your CMS they can do a lot of damage to your site so try to avoid this.