Looking to change or reset your WordPress password? You’ve come to the right place.
In some cases, the standard password reset via email may not work – if you no longer have access to the email address associated with your WordPress user account or you’re simply not receiving the email.
So, in this comprehensive guide, we’ll cover several methods for managing your WordPress password. As a bonus, we’ll also show you an unconventional method to reset your password via WordPress theme edits.
| Recommended Method | Scenario | Technical Skill Level | Access Level |
|---|---|---|---|
| Reset your password through phpMyAdmin or the command line | I’m confident with technical tasks and have full server access (SSH, cPanel, FTP) | Advanced | Full |
| Reset your password via email | I have basic technical skills and access to my WordPress admin dashboard. | Intermediate | WordPress Admin |
| Reset your password via email / Contact your hosting provider | I’m not very technical and only have access to my WordPress admin dashboard. | Beginner | WordPress Admin |
Update an Existing WordPress Password
If you’re already logged in to your WordPress dashboard, updating your password is straightforward. In the left-hand menu, locate and click on “Users“. If you have multiple users on your site, select “Your Profile“.
Alternatively also available on the top, right-hand side where you’ll see “Howdy, [your name]” – as shown below:
On the profile editing page, scroll down until you find the “Account Management” section. Within this section, you’ll see a field labeled “New Password“.
Click on the “Set New Password” button, and WordPress will automatically generate a strong password for you. If you want to use your password, you can delete the generated one and enter your new password manually.
Once you’ve entered the new password, scroll down further on the page to the “Update Profile” button and click it. This will save your changes, including your new password.
Reset WordPress Password via Email
If you have access to the email address associated with your WordPress admin account, click on the “Lost your password?” link on the login page.
On the next screen, enter the email address associated with your WordPress account. WordPress will send you a password reset link to your email if everything checks out.
How to Change (Or Reset) WordPress Passwords in phpMyAdmin
If you do not know the account’s email address but have access to the database, you can edit the password stored in the database directly.
Note: In this method, we will execute the SQL queries using phpMyAdmin. If you are comfortable working with the CLI, you can execute SQL queries directly in your terminal. However, phpMyAdmin is usually readily available on cPanel-based hosting providers.
- Access your hosting control panel and open phpMyAdmin.
- Locate your WordPress database under Databses:
In our environment, the database for our WordPress site is called “appTowne_…”
- Find the table called wp_users (the prefix may vary) and click on it.
- This will show you a list of all the users on your server. Locate the row corresponding to your user and click the “Edit” button on that row.
- This will open a new page where you can edit all of the fields. In the user_pass field, replace the existing value with a new password.
Be sure to select “MD5” as the hashing function.
- Scroll down to the bottom of the page and click “Go” to execute the SQL query. This will save the changes, and you can now log in with the new password.
How to Change or Reset WordPress Password via WP-CLI
If you have command-line access to your WordPress server, you can use WP-CLI to reset the password.
Log in to your server via SSH and navigate to the root of your WordPress installation. Once you are in the correct folder, execute the following commands in your terminal:
wp user list
wp user update "username" --user_pass="newpassword"The first command will show you a list of all the registered users. If you already know the username of your account then you can skip this command. Next, you can execute the ‘user update’ command to reset the password of the specified username. Make sure to replace ”username” with the username of your account, and “newpassword” with your desired password.
How to Change WordPress Passwords via SFTP (not recommended)
There is a lesser-known way to reset your WordPress password using the wp_set_password() function. This is not the best method to reset your password and the solutions mentioned above should work for most people.
We have included this method to demonstrate how executing arbitrary PHP code can be dangerous. To learn more about the topic, read our blog post on blocking PHP code execution in WordPress directories.
Using this method requires you to know the website’s theme and be able to edit that theme.
Start by connecting to your server using FTP/SSH and navigate to your WordPress theme folder (usually /wp-content/themes/your-theme).
Edit the functions.php file and add the following code at the end:
wp_set_password(‘new_password’, 1);
In the above code snippet, replace the new_password with your desired password, and 1 with the user ID of the account.
By default, the user ID of the administrator is 1, so if you want to reset the password for the admin account, you can leave that as it is.
Save the file and access your site once; this will cause the WordPress engine to execute the above command and reset your password. You can now log in with the new password and then remove the code from the functions.php file.
Alternatively, Contact Your Hosting Provider
If you’ve tried all of the above methods and are still unable to regain access to your WordPress dashboard, we highly suggest that you attempt to contact your hosting provider.
Most recommended hosting providers will be able to handle this change for you – especially if you are with a well-reputed managed hosting provider and are able to verify the authenticity of your request, such as by logging into your hosting account with your hosting provider.
Note: It’s best to use a hosting provider that suits your needs and experience with managing infrastructure so that they’ll be well-suited to help you when you run into issues. The last resort of having to use the emergency password reset script (covered next) is not one that we recommend anyone to take before fully exhausting all other options.
How to Reset WordPress Passwords Using the Emergency Password Reset Script
If, for any reason, contacting your hosting provider is not an option. As a secondary last resort, you can use the Emergency Password Reset Script.
Note: This method also requires access to create and edit files on the server and will temporarily make your site vulnerable (anyone who knows how to look for this file will also be able to reset your password).
Learn more about how to use the Emergency Password Reset Script here.
Final thoughts: elevating your WordPress security!
Now if you’re ever locked out of your WordPress admin area again – you know there’s no need to panic. Simply bookmark this guide and use any of the methods covered above to quickly change or reset your WordPress password.
And, if none of the recommended methods work, we suggest contacting your hosting provider to guide you through the process for your specific setup.
In addition to investing in your website’s security, we recommend diving deeper into WordPress security with the following articles:
- Learn how to automate your WordPress security with Virtual Patching.
- Explore how you can use the auto-update feature to automatically update vulnerable plugins on your WordPress site.
- Understand the importance of blocking login attempts and whether it’s the right strategy for your site’s security.
If you want to keep your WordPress site secure and protected from hackers, you need to stay on top of the latest vulnerabilities and patches. But how can you do that without spending hours researching and monitoring the web?
That’s where Patchstack comes in.
Patchstack scans your WordPress site for vulnerabilities and alerts you as soon as a new one is discovered. You also get a 48-hour early warning before the vulnerability is publicly disclosed, giving you enough time to update your plugins or apply a patch.
Sign up for Patchstack today and get a 48-hour early warning for any new vulnerability. It’s free for up to 10 sites and only takes a few minutes to set up.
FAQs – Resetting Your WordPress Password
What's the difference between resetting and updating a WordPress password?
Resetting a password is the process of creating a new password, usually because the original one has been forgotten. Updating a password, on the other hand, is the act of changing an existing password, typically for security reasons or to use a stronger password.
Is it safe to use the "Emergency Password Reset Script" to reset my WordPress password?
No, it’s generally not recommended to use the “Emergency Password Reset Script” to reset your WordPress password. While it may work in some cases, it poses a security risk as the emergency file could potentially be accessed by others, allowing them to reset your password before you have a chance to do it. It’s better to use one of the recommended methods outlined in this post.
How often should I change my WordPress password?
It’s a good practice to change your WordPress password every few months, or if you ever suspect your account may have been compromised. This helps keep your website secure and protects your content and user data.
What if I can't access the email account associated with my WordPress site?
If you no longer have access to the email account linked to your WordPress login, you’ll need to take a different approach to reset your password. In this case, try resetting the password through phpMyAdmin or the command line if you have access to those methods. If not, you may need to contact your web host for assistance.
How do I know which password reset method is best for my situation?
The recommended password reset method will depend on your level of technical expertise and the access you have to your WordPress site. As a general guideline:
- If you have full server access (SSH, cPanel, FTP), you can use the phpMyAdmin or command-line methods for a more technical reset.
- If you only have access to the WordPress admin dashboard, use the password update method or edit the theme files.
- If you’re not very technically inclined, the email-based reset is likely the easiest option.
What if I'm locked out of my WordPress admin dashboard?
If you’re completely locked out of your WordPress admin area, it becomes more challenging to reset your password. In this case, your best options are to:
- Try resetting the password through phpMyAdmin or the command line if you have those access credentials.
- Contact your web host and explain the situation. They may be able to assist you in regaining access to your WordPress admin dashboard.
How can I prevent having to reset my WordPress password in the future?
To avoid the hassle of resetting your WordPress password in the future, follow these best practices:
- Use a strong, unique password that is not used for any other accounts.
- Enable two-factor authentication (2FA) on your WordPress site for an extra layer of security.
- Be cautious about sharing your WordPress login credentials with others.
- Monitor your site for any suspicious activity that may indicate a security breach.
