How to Change or Reset a WordPress Password: 6 Methods

Sometimes, you might find yourself locked out from your WordPress account because you forgot or lost your password. Usually, changing or resetting your password in WordPress is easy if you have access to your webmail address and the WordPress website isn’t facing any email deliverability-related issues.

What happens if you are unable to access your email or your website is unable to deliver emails? You can still reset or change your WordPress password in six different ways. We will discuss them all in this tutorial.

WordPress website owners who find themselves locked out of their website should find these password reset methods helpful.

How WordPress authentication and passwords work

Before we dive in to learn how to reset WordPress passwords, it is a good idea to get familiar with the basics of WordPress authentication.

WordPress websites where visitors can create an account will require them to provide a username, email address, and password. Not all WordPress websites allow visitors to create user accounts. This feature has to be enabled by a WordPress admin.

Almost all the information about your WordPress website is stored in a database. This WordPress database has several tables to store all kinds of relevant data such as blog posts, post metadata, user comments, user list, user metadata, comment metadata, etc.

WordPress stores the login credentials of different users in a table in its database. This table is named wp_users by default. However, you might find some other prefix instead of wp_ appended to your database table names. The prefix depends on the configuration settings you or someone else provided when installing the website.

WordPress uses a one-way hashing algorithm to store user passwords in the users table in a safe manner. In this context, a hashing algorithm is basically a set of instructions that convert the original password into a new character sequence. This makes sure that the exact user password isn’t leaked, even if there is a security breach.

When a visitor tries to log in, WordPress will check the credentials provided by the visitor against those stored in the database. The password isn’t compared directly. A hashed and salted version of the input password is compared to the hashed and salted value of the password that the user entered while creating the account.

You might want to read how WordPress salts work to better understand the process. These salts play an essential role in the security of a WordPress site.

Users are only let in if their account credentials saved in the WordPress database match the credentials they entered while trying to log in.

Now that we have a basic idea of how WordPress authenticates users and stores passwords, it will be easier for us to understand different WordPress password reset methods better.

The usual way of resetting passwords in WordPress

If you simply forgot or lost your password, you can request a password reset link by clicking the Lost your password? button on the login page. This method only works if you can receive the password reset link in your email address. That won’t be the case if you no longer have access to the email address or the website is facing email deliverability issues.

You can also change your password if you have access to the WordPress dashboard. Navigate to Users > Profile> New Password from the dashboard. Click the Set New Password button, and WordPress will generate a strong, secure password for you. You also have the option to provide your own new password. Click on the Update Profile button to update the password.

It is a good idea to use strong passwords to improve the security of WordPress accounts. One way to ensure that would be to enforce strong password policies. Melapress Login Security provides an easy way for you to do that. It also offers many more valuable features, such as the ability to change the WordPress login URL, limit failed login attempts, automatically lock inactive users, and more.

Let’s now see how you can change or reset your WordPress password if these two methods are not feasible for you.

Reset WordPress password using FTP

This method requires that you can access the website control panel to open its file manager or login to the FTP account to transfer files. This should not be an issue for you as the website administrator.

Locate or create the functions.php file

We will use an FTP (File Transfer Protocol) program such as FileZilla to download and upload the functions.php file for the currently active WordPress theme to the server. You can use this PHP file to execute code that controls the website functionality. We highly recommend that you use the SFTP protocol when connecting to your server to transfer files. This is because SFTP provides secure file transfer.

You might not always find a functions.php file in the directory of the currently active WordPress theme. Please allow us to explain.

There are two types of themes that you can install on your WordPress website — classic themes and block themes. The classic themes require a functions.php file. On the other hand, block themes have no such requirement. Some theme developers might use this file to provide additional functionality. You can add an empty functions.php file to the root directory of a block theme yourself if it doesn’t already exist.

Download the functions.php file

Log in to your web server via FTP to download the functions.php file (if it is present in the active theme). There are a variety of applications (such as FileZilla) available that you can use to download the functions.php file from the server. You can also download the file through the File Manager option in cPanel and other control panels.

Edit the functions.php file

The functions.php file contains code in plain text. This means that you will also be able to edit it using a plain text editor such as Notepad. We recommend that you use Notepad++ or Visual Studio Code. These editors offer some useful features such as syntax highlighting, auto-completion, etc. These features will help you write accurate code quickly.

You should not edit this file using rich text editors such as Wordpad or Microsoft Word. They are likely to cause formatting issues in the files along with some other problems, such as encoding incompatibility.

Once you open the functions.php file for editing, you will notice that it has the <?php character sequence in the first line or at the top. This character sequence indicates the beginning of PHP code. Move to the next line in the file and enter the following code:

wp_set_password( 'NEW_PASSWORD', 1 );

If your website is using a block theme that doesn’t have the functions.php file, you should create a local file with the name functions.php.

Open the functions.php file in a code editor and add <?php at the top. On the next line, add:

wp_set_password( 'NEW_PASSWORD', 1 );

This line invokes a WordPress function called wp_set_password(). This function accepts two parameters. The first parameter is the new password that you want to use to log in to your account. The second parameter is the user ID for which you want to update the password.

This means that the above code will set the new password for a user with ID 1 to be NEW_PASSWORD. 1 is the ID of the default admin account on a WordPress website.

You might also want to make sure that the ID of the admin account whose WordPress password you want to reset is indeed 1. If that’s not the case, you should replace 1 with the actual user ID value. You should replace NEW_PASSWORD with the password that you actually want to use.

There is no need to worry if you are not sure about the ID of the user whose password you want to change. You can simply add the following line to the functions.php file right below <?php. Make sure you replace username_here with the actual username.

echo get_user_by('login', 'username_here')->ID;

Now, load the homepage of the website, and it should show you the ID of the user at the top. Use this ID in the call to the wp_set_password() function, as we discussed earlier. This will help you reset the password for that specific user.

Change the admin password by loading a webpage

Save the file once you have added the wp_set_password line and used appropriate values for the NEW_PASSWORD and user ID. Now, upload the file back to the server in the root directory of the current active theme.

The code inside the functions.php file executes whenever you load a webpage. This means that the new password for the admin user will be set the first time you load any page of the website.

You could load the homepage in your browser once after uploading the functions.php file on the server. This will complete the password reset process.

Try visiting the login page of your website now and enter the new WordPress password. You should be able to access the WordPress admin dashboard now.

As a matter of best practice, we would also advise you to change your password once you log in.

Once you can log in to your account, it is advisable that you remove this line from the functions.php file and upload the file again on the server. Otherwise, the code will keep resetting the password on every page load.

Reset WordPress password using phpMyAdmin

This method is available to people who have phpMyAdmin access to edit the WordPress website’s database. We advise you to be very careful if you use this method. This is because we will be making changes directly to the database.

As we mentioned earlier, WordPress stores almost all of its site-related information in a database with multiple tables. This also includes information about different user accounts.

The credentials of a user, along with some other information, are usually stored in a table called wp_users. You might have a users table where the prefix wp_ is replaced with something else in your database. The prefix depends on the configuration options provided at the time of installing WordPress.

Locate the phpMyAdmin link in your hosting control panel

You will first need to access phpMyAdmin to change your WordPress password by directly editing the database. This option is available under the Databases section in the cPanel control panel. Something similar should also exist in other hosting control panels.

You can also access phpMyAdmin directly through your web browser if you know the URL.

Find and select the website database

Once you log in, you should see a list of databases (if there are more than one). Select the database that stores the information for your WordPress website. The name of the database is something that you provide when installing WordPress.
There is no need to worry if you are having trouble remembering the database name. You can also find it by opening the wp-config.php file. This file is present in the root directory of your WordPress site. Download the file from the server using an FTP program or through the File Manager in your hosting control panel. Open the file in a text editor. You should now look for a line similar to the one below:

define('DB_NAME', 'NAME_OF_THE_DATABASE');

The above line is invoking the WordPress define() function. The second parameter for this function is the name of the database where WordPress stores all information, including a user’s password.

Whatever is written in the place of NAME_OF_THE_DATABASE in your file is the name of the WordPress database. Search for a database with this particular name in the list of databases that phpMyAdmin shows to you.

Find and open the users table

Click on the database name, and you should see a list of tables that are part of this database. If no such list is visible, try clicking on the Structure tab as shown below.

Look for a table called wp_users in the list. Please keep in mind that wp_users is the default name of the users table. The table might also have some other prefixes like oKPc_, as the image above illustrates. This happens because you might have provided a different prefix for the tables during the installation process.

Find the user whose password you want to change

This table will have a list of all registered WordPress users.

Click the Browse button next to the table name. You should see a list of rows. Each of these rows contains information such as the user’s username, email address, and the hashed version of the current password.

Look for the username for which you want to change the password under the user_login column.

Click on the Edit button (usually located at the beginning) for the row that contains the username whose password you want to change.

Change the existing password

You should see a random string of characters as the value of the user_pass column for this particular user. This random string is the hashed and salted password for that WordPress user account. Delete this encrypted password and replace it with the password that you want to use.

We are setting the new password to new_password to illustrate where the new password should go. Make sure you use something more complex. Otherwise, the user’s account for which you are setting the password might fall victim to brute-force attacks.

Now select MD5 from the dropdown in the Function column. The function column helps us execute a function that will take the provided value as input and give back some output.

The MD5 function creates a hash of our actual password. This is important because we don’t want to store the password in plain text format.

Scroll down a bit, and click the Go button to save an MD5-hashed version of the password in the database.

If you have set a new password for an account that you own, try visiting the WordPress login screen now and enter your credentials. You should be able to access your WordPress account.

Reset WordPress password using MySQL

Our previous method of resetting an admin or any other user’s password with phpMyAdmin had multiple steps that we had to execute manually. As we have mentioned, WordPress stores almost all information related to your website in a MySQL database. This means that we can execute an SQL statement from the command line terminal to make changes to the database. If your web host doesn’t provide cPanel, you could also execute these commands by connecting to the server through an SSH client.

We can execute SQL statements to add, delete, or modify the information stored in a MySQL database. The SQL statement we are writing in this section will help us quickly change an existing password and set a new one for us to log in.

The first step is navigating to the terminal from your cPanel dashboard. The terminal is available under the Advanced section. If you do not have cPanel access, there are many other ways to connect to MySQL.

Once the terminal is open, you need to login to MySQL using the following command:

mysql -u database_user -p

You should keep in mind that the databse_user is different from the username of your WordPress login. You can find information about the database name, database user, and database password from the wp-config.php file in WordPress.

Once you execute the above command, the terminal will prompt you for a password. Use the password from the wp-config.php file to authenticate yourself.

Now, execute the following command to select the database you want to change:

USE database_name

The database_name you provide here should match the database name in the wp-config.php file. This is the database that stores all the information about your WordPress website, including the user login information.

Finally, you can execute the following command to change the password:

UPDATE wp_users SET user_pass = MD5('new_password') WHERE wp_users.user_login = ‘username’;

Let’s break down the statement into its components to understand what it is doing before executing it. We will also explain what you need to change in the statement at the same time.

The first part, UPDATE wp_users, tells the system that it should update a table named wp_users. You should keep in mind that the users table in your WordPress database might not be named wp_users. This is just the default name for the table.

Make sure that the table name you use here is the one that stores the user data for your WordPress website. It could have some other prefix instead of wp_. You or someone who installed the website might have provided a different prefix to create the database tables. The prefix will be the same for all WordPress tables in your installation, so it should be easy to identify.

The second part, SET user_pass = MD5( ‘new_password’ ), specifies that we want to update the column user_pass and set its value to an MD5 hash of the string new_password. The MD5() around new_password indicates that we want to execute the MD5() function on new_password.

You might remember that this is what we did manually in our previous method. We selected the MD5 function from the dropdown under the Functions column to calculate the hash.
We would advise you to change the string new_password to some other value that you actually want to use as your new password.

The third part, WHERE ‘wp_users’.’user_login’ = ‘username’ helps the system determine which row should be updated when executing this query. In this case, we want to update the row for which the value of the user_login column matches the specified username. This could be an administrator’s username, or it could be some other user on your website.

Again, you should replace wp_users with the name of the users table in your installation. Also, make sure that you replace the username string with an actual existing username whose password you want to reset.

Reset WordPress password using cPanel

Some web hosting providers install cPanel to let their clients manage their websites. People who have the option to use cPanel could try out this method to reset their administrator password. Using this method has two benefits.

• You don’t need to write any code or download/upload any PHP file
• You don’t need to edit the database directly

It is also important to remember that you can only change the password of the admin user with this method.

Find the WP Toolkit link in your cPanel dashboard

Login to your cPanel dashboard to get started. Scroll down a bit, and you should find a menu option called WP Toolkit under Domains, as shown in the image below:

WP Toolkit provides you with a range of features that you can use to install WordPress on new websites, manage the update and backup of existing websites, etc.

Select the website whose admin password you want to change

Click on the WP Toolkit button in the cPanel dashboard. It will take you to a new screen where you can manage your WordPress websites. Select the website you want to manage. It will show you a bunch of options.

Click on the Setup button. A pop should slide in after a few moments. It will contain the login URL, admin username, and the option to set a new password, as well as the administrator’s email if you want.

You also have the option to click the Generate button if you want the WP Toolkit to automatically generate a strong random password. Press the Change button to save the changes.

You should now be able to log in to WordPress with the new password that you have set for your admin account.

Reset WordPress password using WP-CLI

We will now discuss how you can reset the admin password or the password of any other WordPress user with the help of WP-CLI.

WP-CLI is the official command-line tool for WordPress. A command-line tool or interface is a way of interacting with a computer system or program with the help of text commands instead of a graphical user interface.

WP-CLI allows you to do a lot of WordPress-related tasks, such as updating plugins, managing users, installing themes, etc. Here, we will use WP-CLI to reset your WordPress password.

We will assume that you have already installed WP-CLI on your hosting account. You might want to read the official WP-CLI installation guide if that’s not the case.

The next section in this tutorial assumes that you have WP-CLI installed.

Open the terminal

To use WP-CLI, you need to connect to the server terminal, available in the cPanel dashboard under the Advanced section. You can also connect directly via SSH using PuTTY or a similar application.

We first need to change the working directory to the WordPress installation directory. The working directory, in our case, is srv/www/wordpress. You should replace this with your own installation directory in this command.

cd /srv/www/wordpress

Find the correct user ID and update your password

Now, execute the following command in the terminal:

wp user list

It will print a list of all registered users on your WordPress site.

The next command that we have to execute will require us to know the ID of the user whose WordPress password we want to update. You should go through the user list generated by the previous command to find the username and the corresponding ID to reset the password.

Usually, the default admin user of a WordPress site has 1 as their user ID. If you want to do a WordPress password reset for that account, you could run the following command. You might want to double-check the user ID if this is for some other admin.

wp user update 1 --user_pass=new_password

Executing the above command will change the admin password to new_password. You should use a more complicated password when executing this command on your terminal.

Reset WordPress password using a PHP script

Yet another method to reset your WordPress password involves using an emergency password reset script. There are a few important things you should know before using this method.

It requires you to know the admin username for the WordPress website for which you want to update the password.

It also tries to send an email to the administrator’s email address after updating the admin password. Even if you do not receive the email, as might happen if you’re experiencing WordPress email deliverability issues, the script would still have changed the password.

The file has to go into the root directory of your WordPress installation.

We strongly advise you to delete this file from the server after a successful password change. Leaving it on the server will enable other people to potentially change your WordPress admin password.

Let’s discuss the steps to reset the password now. Begin by creating a file called emergency.php.

Open this file in a plain text editor such as Notepad. You won’t need to write new code or modify existing code. Therefore, it isn’t necessary to use code editors.

Copy the emergency password reset script code from the WordPress codex page. Paste this code into the open emergency.php file.

Upload this file to the root directory of your WordPress website either by using an FTP client or through the file manager in your hosting control panel.

Visit https://your-website.com/emergency.php in your browser after the file has been uploaded successfully. Make sure that you replace your-website.com with the actual domain name for your website.

After the URL loads, you should do something similar to the image below.

Enter the WordPress admin username. This is generally admin. However, you might have set the username to something else.

Enter the new password that you would like to use to log in. Click on the Update Options button to reset the password.

Please remember that you can use this method to reset the password for an administrator account.

Check that you can log in using the new password. After that, make sure you delete the emergency.php file from your server. As mentioned earlier, keeping this PHP script on the server will allow other people to change the admin password.

Tips on how to improve the security of your WordPress login

Throughout this tutorial, we have mentioned that it is a good idea to use a strong and unique password for your WordPress accounts for increased security. Strong passwords make it hard for bad actors to crack your passwords using brute-force attacks. Unique passwords mean that a breach in one place won’t compromise your other accounts.

There are a few more tips that might help you better secure your WordPress login.

1. You can implement and enforce strong password security policies for all users on your website using the Melapress Login Security plugin. Other useful features of this plugin include the ability to lock inactive users, one-click password reset, etc automatically.
2. You might also want to limit the number of failed login attempts by a bad actor trying to use a brute-force attack to gain access. This is actually a feature in the Melapress Login Security plugin.
3. You should also consider changing the WordPress login page URL. This will also help improve the security a bit. The MelaPress security plugin also offers this feature.
4. We highly recommend integrating two-factor authentication into your website’s login process. This provides several benefits, such as protection against a security breach, protection against vulnerable passwords, protection against phishing attacks, etc.

The WP 2FA plugin allows you to implement 2FA in WordPress with ease. It also offers several other benefits, such as adding trusted devices for a better user experience without compromising security. You can also use the 2FA plugin to configure different 2FA policies for different user roles.

It is also important to remember that improving the security of your WordPress login is only one part of improving overall WordPress website security. You should also spend some time hardening the WordPress core, updating your themes and plugins, etc., to make your website more secure.

Conclusion

In this tutorial, we discussed six different methods of resetting passwords in WordPress. You can use some of these methods to change or reset your own password as well as the password of other users.

Irrespective of the method that you use to reset the password for your WordPress account, it is important to make sure that you are only using strong passwords. There are many other best practices for WordPress password protection that you can follow to keep your account secure.

FAQs