While we generally recommend using SSH Keys to access your Clouds in MODX Cloud, there are times when it's prudent to change the SSH/SFTP and/or MySQL (database) passwords.
The process for changing the SSH/SFTP and MySQL passwords is the same inside the MODX Cloud Dashboard, however, you may have additional changes to make depending on what kind of site is hosted in your MODX Cloud instance.
Changing SSL/SFTP and MySQL (Database) Passwords
To change the password for SSH/SFTP or MySQL:
- From the MODX Cloud Dashboard, locate the Cloud you'd like to change the password(s) for and click to go to the Cloud Edit view.
- You can find the Password area for either MySQL or SSH/SFTP; please note that the current password is hidden by default. To see the current password, click reveal. To change the password, click change and a Change Password dialog will open.
- In the Change Password dialog box you can customize the length or the inclusion of special characters. The minimum password length is 12 characters and the maximum is 30 characters. If you have legacy code or external systems that might not support special characters you may wish to check Disable special characters.
- Once you're happy with the password generated you can click on the 📋 (clipboard) icon to copy it, or you can manually select and copy (CTRL+C (Windows/Linux) CMD+C (Mac)) and click Change Password.
- You'll be presented with one of two confirmation dialogues.
- For SSH/SFTP password changes it will be a simple confirmation that the change will start immediately.
- For database password changes you'll be presented with a warning about causing database connections to stop with applications such as WordPress or custom applications or connections to the database. See About MySQL Password Changes below.
About MySQL Password Changes
As noted above, changing the MySQL (database) password is not always straightforward. The password change process will update the password in standard MODX Revolution and WordPress installations, however, some sites use non-standard configurations, have secondary applications (e.g., WordPress in a MODX Cloud in a subdirectory), scripts that connect directly to the database or external applications that need to connect to the database. As such, you will have to change the password everywhere that the password is used in configurations or external tools such as a MySQL remote database management application.
Change Password FAQ
Why is the password limited to 30 characters?
The passwords used for SSH/SFTP and MySQL are generally used for limited purposes and NIST suggests that the minimum length of generated passwords should be over 6 characters. Our generated passwords are over 12 characters long. Some people want to feel more comfortable by having a longer password. You can have up to 30 characters including special characters.
MODX Cloud limits failed login attempts to 3 before a temporary ban with a timeout and eventual total block. Individual Clouds are isolated and a compromise of one Cloud instance cannot allow access to another in MODX Cloud. In addition, we have (DDoS) protections at the network level to prevent brute force attacks. It would take an impossibly long time to gain access with this password range.
Why can't I choose my password?
If the purpose of changing the password is to ensure the security of your website and applications, our password generator uses a recipe to generate unique, mixed-character combinations that do not contain compromised passwords, password fragments or passwords that less informed users might reuse across sites and services.
Since the SSH/SFTP and MySQL passwords are generally stored in a configuration file or a password manager such as KeePass, Apple Keychain, 1Password or similar. It's not necessary to make them memorable. If you forget them, they are available for reference in the MODX Cloud Dashboard.
Why would I want to omit special characters?
If you changed your password and updated all the locations where it's referenced, but one of your applications starts behaving incorrectly or breaks altogether, it may be having issues with the special characters. Some older applications cannot handle non-alphanumeric characters and as such may behave in unexpected ways when they contain special characters. This is often the case where the password field is stored and sent as plain text and some of the characters in the password could be special characters in that programming language. Some characters that could be problematic are $;<>/\| for older applications. If things break with a mixed-character password with special characters, try changing it again, updating it in all the places and see if it things start working again.