Loading...

Knowledge Base
Home 
 
/
 Reset Your WordPress Password
Categories: WordPress

Reset Your WordPress Password

Share

In WordPress, there is more than one way to set your password. In normal circumstances, you can do it through the WordPress interface. If you forget your password, WordPress has a built in recovery mechanism that uses email.

But on some hosts, especially when email isn't working right, sometimes you have to take different steps to reset your password.

Here's a list of different ways to reset a password. Any one of them will work, and you only need one to succeed. Which method you will use depends on what type of access you still have to your website.

Change Your Password

WordPress

To change your password in current versions:

  1. In the Admin Panel menu, go to USERS.

  2. Click on your username in the list to edit.

  3. In the Edit User screen, scroll down to the New Password section and type in a new password in the two boxes provided. The strength box will show how good (strong) your password is.

  4. Click the UPDATE PROFILE button.

Your new password takes effect immediately.

Automatic Emailer

If you know your username and the email account in your profile, you can use the "lost password" feature of WordPress.

  • Go to your WordPress Login page (something like https://wordpress.org/support/article/resetting-your-password/).

  • Click 'Lost Password.'

  • Enter your user name and the email address on file for that account on the next page.

  • Wait happily as your new password is emailed to you.

  • Once you get your new password, login and change it to something you can remember, on your profile page.

MySQL Command Line

  1. Get an MD5 hash of your password by:

    • Visiting md5 Hash Generator, or...

    • Creating a key with Python, or...

    • On Unix/Linux:

      1. Create file 'wp.txt' with the new password in it (and nothing else)

      2. md5sum wp.txt

      3. rm wp.txt

    • On Mac OS X:

      • Create file 'wp.txt' with the new password in it (and nothing else), then enter either of the lines below

        md5 -q ./wp.txt; rm ./wp.txt (If you want the MD5 hash printed out)

        md5 -q ./wp.txt | pbcopy; rm ./wp.txt (If you want the MD5 hash copied to the clipboard)

  2. mysql -u root -p (log into MySQL)

  3. Enter your MySQL password.

  4. use (name-of-database) (select WordPress database).

  5. show tables; (you're looking for a table name with "users" at the end).

  6. SELECT ID, user_login, user_pass FROM (name-of-table-you-found) (this gives you an idea of what's going on inside).

  7. UPDATE (name-of-table-you-found) SET user_pass="(MD5-string-you-made)" WHERE ID = (id#-of-account-you-are-resetting-password-for) (actually changes the password).

  8. SELECT ID, user_login, user_pass FROM (name-of-table-you-found) (confirm that it was changed).

  9. Type Control+D, to exit the MySQL client.

    Note: if you have a recent version of MySQL (version 5.x?) you can have MySQL compute the MD5 hash for you. In that case follow the below instructions...

Having MySQL Compute the MD5 Hash for You

  1. Skip step one above.

  2. Do the following for step seven instead:

    "UPDATE (name-of-table-you-found) SET user_pass = MD5('"(new-password)"') WHERE ID = (id#-of-account-you-are-reseting-password-for)"
    (actually changes the password)

Even if the passwords are salted, meaning they look like $P$BLDJMdyBwegaCLE0GeDiGtC/mqXLzB0, you can still replace the password with an MD5 hash, and WordPress will let you log in.

phpMyAdmin

This article is for those who have phpMyAdmin access to their database.
Note: use phpMyAdmin at your own risk. If you doubt your ability to use it, seek further advice. We are not responsible for loss of data.

  1. Log in to phpMyAdmin and click Databases.

    A list of databases will appear.

  2. Click the name of your WordPress database.

  3. All the tables in your database will appear; if they do not click Structure

  4. Look for wp_users and then click the browse icon.

  5. Click edit (looks like a pencil icon in some versions) next to your username in the user_login section.

  6. Your user_id will be shown; click Edit.

  7. Select the long list of letters/numbers adjacent to 'user_pass', delete them, and retype in your new password.
    Note: the password is case-sensitive.

  8. Click the dropdown menu indicated and select MD5 from the menu.

  9. Check that your password is actually correct, and that MD5 is in the box.

  10. Click the 'Go' button near the bottom right of the screen

  11. Now go back to the login screen and test the new password on the login screen

If it doesn't work, check that you've followed these instructions exactly.

FTP

There is also an easy way to reset your password via FTP, if you're using the admin user.

  1. Log in to your site via FTP and download your active theme's functions.php file

  2. Edit the file and add this code to it, right at the beginning, after the first '<?php':

    wp_set_password( 'password', 1 );

  3. Put in your own new password for the main admin user; the "1" is the user ID number in the 'wp_users' table

  4. Upload the modified file back to your site

  5. After you then are able to login, make sure to go back and remove that code; it will reset your password on every page load until you do

WordPress Command Line Interface (WP CLI)

WP CLI is a command line tool for managing your WordPress installation.

  1. Move into the '/wordpress' directory and type

    ​$ wp user list


    ​to see all users. Find the ID of the user you'd like to update.

  2. Then, update the user

    $ wp user update 1 --user_pass=$UP3RstrongP4$$w0rd

     

    ​​replacing "1" with the id of the user you want to update.

More on WP CLI

Emergency Password Reset Script

If the other solutions listed above won't work, then try the Emergency Password Reset Script. It is not a plugin; it's a PHP script.

There are a few things you should know about the Emergency Password Reset Script before you dive in...

  • Requires you know the administrator username

  • It updates the administrator password and sends an email to the administrator's email address

  • If you don't receive the email, the password is still changed

  • You do not need to be logged in to use it (if you could login, you wouldn't need the script)

  • Place this in the root of your WordPress installation; do not upload this to your WordPress Plugins directory

  • Delete the script when you are done for security reasons​

Now, you're ready. To use the Emergency Password Reset Script:

  1. Copy the emergency script from Emergency Password Script and put into a file called 'emergency.php' in the root of your WordPress installation (the same directory that contains wp-config.php)

  2. In your browser, open http://example.com/emergency.php

  3. As instructed, enter the administrator username (usually admin) and the new password, then click Update Options

    A message is displayed noting the changed password. An email is sent to the blog administrator with the changed password information.

  4. Delete emergency.php from your server when you are done

    Do not leave it on your server as someone else could use it to change your password.



​See also Log Into WordPress, Install WordPress with Softaculous, Move Your WordPress Site to A Small Orange

Did you find this article helpful?

 
* Your feedback is too short

Loading...