Resetting Your WordPress Password
In WordPress, there is more than one way to set your WordPress Password. In normal circumstances, you can do it through the WordPress interface. If you forget your WordPress Password, WordPress has a built-in recovery mechanism that uses email. But on some hosts, especially when email isn’t working right, sometimes you have to take different steps to reset your WordPress Password. Here’s a list of different ways to reset a password. Any one of them will work, and you only need one to succeed. Which method you will use depends on what type of access you still have on your website.
To Change Your Password
To change your WordPress Password in current versions:
- In the Administration Screen, menu, go to Users > All Users.
- Click on your username in the list to edit
- In the Edit User screen, scroll down to the New Password section and click Generate Password button.
- If you want to change the automatically generated password, overwrite it in a new password in the box provided. The strength box will show how good (strong) your password is.
- Click the Update User button.
- Your new WordPress Password takes effect immediately.
Through the automatic emailer
If you know your username or the email account in your profile, you can use the “lost password” feature of WordPress.
- Go to your WordPress Login page (something like http://yoursite.com/wordpress/wp-login.php)
- Click on the Lost your password? link
- You will be taken to a page to put in some details. Enter your username or the email address on file for that account.
- Wait happily as your new password is emailed to you.
- Once you get your new password, login and change it to something you can remember on your profile page.
Through MySQL/MariaDB Command Line
- Get an MD5 hash of your password.
- Visit md5 Hash Generator, or…
- Create a key with Python. or…
- On Unix/Linux:
- Create file wp.txt with the new password in it (and *nothing* else)
- tr -d '\r\n' < wp.txt | md5sum | tr -d ' -'
- rm wp.txt
- On Mac OS X:
- Create file wp.txt with the new password in it (and *nothing* else), then enter either of the lines below
- md5 -q ./wp.txt; rm ./wp.txt (If you want the MD5 hash printed out)
- md5 -q ./wp.txt | pbcopy; rm ./wp.txt (If you want the MD5 hash copied to the clipboard)
- Note that nano and vi add a line break which changes the MD5 hash. This works as well:
- echo -n [yourpassword] | md5
- “mysql -u root -p” (log in to MySQL/MariaDB)
- enter your mysql password
- “use (name-of-database)” (select WordPress database)
- “show tables;” (you’re looking for a table name with “users” at the end)
- “SELECT ID, user_login, user_pass FROM (name-of-table-you-found);” (this gives you an idea of what’s going on inside)
- “UPDATE (name-of-table-you-found) SET user_pass="(MD5-string-you-made)" WHERE ID = (id#-of-account-you-are-reseting-password-for);” (actually changes the password)
- “SELECT ID, user_login, user_pass FROM (name-of-table-you-found);” (confirm that it was changed)
- (type Control-D, to exit mysql client)
Note if you have a recent version of MySQL (version 5.x?) or any version of MariaDB, you can have MySQL/MariaDB compute the MD5 hash for you.
- Skip step 1. above.
- Do the following for step 7. instead.
- “UPDATE (name-of-table-you-found) SET user_pass = MD5('(new-password)') WHERE ID = (id#-of-account-you-are-reseting-password-for);” (actually changes the password)
Note that even if the passwords are salted, meaning they look like $P$BLDJMdyBwegaCLE0GeDiGtC/mqXLzB0, you can still replace the WordPress Password with an MD5 hash, and WordPress will let you log in.
This article is for those who have phpMyAdmin access to their database. Note: use phpMyAdmin at your own risk. If you doubt your ability to use it, seek further advice. WordPress is not responsible for a loss of data.
1. Begin by logging into phpMyAdmin and clicking databases.
2. A list of databases will appear. Click on your WordPress database.
3. All the tables in your database will appear. If not, click Structure.
4. Look for wp_users in the Table column.
5. Click on the icon for browse.
6. Locate your Username under user_login
7. Click edit (may look like a pencil icon in some versions of phpMyAdmin)
8. Your user_id will be shown, click on Edit
9. Next to the user_pass is a long list of numbers and letters.
10. Select and delete these and type in your new password.
11. Type in the password you want to use. Just type it in normally, but remember, it is case-sensitive.
12. In this example, the new password will be ‘rabbitseatcarrots’
13. Once you have done that, click the drop-down menu indicated, and select MD5 from the menu.
14. Check that your WordPress Password is actually correct, and that MD5 is in the box.
15. Click the ‘Go’ button to the bottom right.
16. Test the new password on the login screen. If it doesn’t work, check that you’ve followed these instructions exactly.
There is also an easy way to reset your WordPress Password via FTP, if you’re using the admin user.
1. Login to your site via FTP and download your active theme’s functions.php file.
2. Edit the file and add this code to it, right at the beginning, after the first <?php:
wp_set_password( 'password', 1 );
Put in your own new WordPress Password for the main admin user. The “1” is the user ID number in the wp_users table.
3. Upload the modified file back to your site.
4. After you then are able to log in, make sure to go back and remove that code. It will reset your WordPress Password on every page load until you do.
Through WP CLI
WP CLI is a command line tool for managing your WordPress installation.
1. Move into the /wordpress directory and type
$ wp user list
to see all users. Find the ID of the user you’d like to update.
2. Then, update the user
$ wp user update 1 --user_pass=$UP3RstrongP4$$w0rd
replacing “1” with the id of the user you want to update.
More on wp cli
Using the Emergency Password Reset Script
If the other solutions listed above won’t work, then try the Emergency Password Reset Script. It is not a Plugin. It is a PHP script.
- Requires you know the administrator username.
- It updates the administrator WordPress Password and sends an email to the administrator’s email address.
- If you don’t receive the email, the password is still changed.
- You do not need to be logged in to use it. If you could login, you wouldn’t need the script.
- Place this in the root of your WordPress installation. Do not upload this to your WordPress Plugins directory.
- Delete the script when you are done for security reasons.
- Directions for use
- Copy the emergency script from Emergency Password Script and put into a file called emergency.php in the root of your WordPress installation (the same directory that contains wp-config.php).
- In your browser, open http://example.com/emergency.php.
- As instructed, enter the administrator username (usually admin) and the new WordPress Password, then click Update Options. A message is displayed noting the changed password. An email is sent to the blog administrator with the changed password information.
- Delete emergency.php from your server when you are done. Do not leave it on your server as someone else could use it to change your password.