As WordPress developers ourselves, we've encountered various scenarios where we've had to reset or change a WordPress password.
In this comprehensive guide, we'll cover various methods for managing your WordPress password. As a bonus, we'll also show you an unconventional method to reset your password via WordPress theme edits.
Let's get started!
Update an existing WordPress password
If you're already logged into your WordPress dashboard, updating your password is a straightforward process. In the left-hand menu, locate and click on "Users". If you have multiple users on your site, select "Your Profile".
On the profile editing page, scroll down until you find the "Account Management" section. Within this section, you'll see a field labeled "New Password".
Click on the "Generate Password" button, and WordPress will automatically generate a strong password for you. If you want to use your password, you can delete the generated one and enter your new password manually.
Once you've entered the new password, scroll down further on the page to the "Update Profile" button and click it. This will save your changes, including your new password.
Reset your WordPress password via email
If you have access to the email address associated with your WordPress admin account, click on the "Lost your password?" link on the login page.
On the next screen, enter the email address associated with your WordPress account. If everything checks out, WordPress will send you a password reset link to your email.
Reset a WordPress password through phpMyAdmin
If you do not know the email address of the account but have access to the database, then you can edit the password stored in the database directly.
Note: In this method, we will be using phpMyAdmin to execute the SQL queries. If you are comfortable in working with the CLI, you can execute SQL queries directly in your terminal.
- Access your hosting control panel and open phpMyAdmin.
- Locate your WordPress database in the left-hand sidebar.
- Find the table called wp_users (the prefix may vary) and click on it.
- This will show you a list of all the users on your server. Locate the row corresponding to your user and click the "Edit" button on that row.
- This will open a new page where you can edit all of the fields. In the user_pass field, replace the existing value with a new password. Be sure to select "MD5" as the function.
- Scroll down to the bottom of the page and click “Go” to execute the SQL query. This will save the changes, and you can now log in with the new password.
Reset a WordPress password using the command line
If you have command-line access to your WordPress server, you can use WP-CLI to reset the password.
Log in to your server via SSH and navigate to the root of your WordPress installation. Once you are in the correct folder, execute the following commands in your terminal:
wp user list
wp user update "username" --user_pass="newpassword"
The first command will show you a list of all the registered users. If you already know the username of your account then you can skip this command. Next, you can execute the ‘user update’ command to reset the password of the specified username. Make sure to replace ”username” with the username of your account, and “newpassword” with your desired password.
Reset a password by editing the WordPress theme
There is a lesser-known way to reset your WordPress password using the wp_set_password() function. This is not the best method to reset your password and the solutions mentioned above should work for most people.
We have included this method because we want to demonstrate how executing arbitrary PHP code can be dangerous. If you want to learn more about the topic, read our blog post on blocking PHP code execution in WordPress directories.
Using this method requires you to know the theme that is being used by the website, and have a way to edit that theme.
Start by connecting to your server using FTP/SSH and navigate to your WordPress theme folder (usually
Edit the functions.php file and add the following code at the end:
In the above code snippet, replace the new_password with your desired password, and 1 with the user ID of the account.
By default, the user ID of the administrator is 1, so if you want to reset the password for the admin account, you can leave that as it is.
Save the file and access your site once; this will cause the WordPress engine to execute the above command and reset your password. You can now log in with the new password and then remove the code from the functions.php file.
Final thoughts: elevating your WordPress security!
You now have several methods to keep your website secure and your digital world a safer place. Whether you're a casual user or a seasoned developer, you will have now gained valuable insights into resetting and updating your WordPress password effortlessly.
In addition to investing in your website's security, we recommend diving deeper into WordPress security with the following articles:
- Learn how to automate your WordPress security by using vpatching.
- Explore how you can use the auto-update feature to automatically update vulnerable plugins on your WordPress site.
- Understand the importance of blocking login attempts and whether it's the right strategy for your site's security.
But, security is an ever-evolving challenge, and we encourage you to take your website's protection to the next level. The easiest way to do this is by using Patchstack, a robust security tool designed to fortify your WordPress site against evolving threats. Start using Patchstack today and monitor up to 10 websites for FREE!