December 5, 2019
December 5, 2019
Everyone needs to reset one of their passwords from time to time. WordPress makes it easy to change your password if needed, but to do that, you’ll need to have access to the email you used when you created your site. If you don’t, things can get tricky. Fortunately, there are a few workarounds to that problem.
In this article, we’ll teach you how to:
Before we get to the technical part, let’s talk about why resetting your password may become necessary in the first place!
Get 90% OFF for all web hosting packages.
Changing any of your passwords shouldn’t be a big deal. In fact, it’s often one of the smartest things you can do from a security perspective. Especially if you re-use passwords across multiple platforms, periodic updates reduce your chances of someone else accessing your accounts.
You should, of course, avoid re-using passwords, but not a lot of people follow that advice. Plus, even if you use unique passwords for each website, security breaches can still happen. In those cases, you’ll want to change your password as soon as possible.
Aside from those security concerns, here are a few additional reasons you might need to change your WordPress password:
If you end up in one of these situations, it’s pretty easy to just tell WordPress to reset your admin password. In fact, these days most platforms make it so that changing your password is a quick and painless process. After all, it’s also in their best interests for you to keep your account secure since otherwise, you might not want to continue using that site.
With all of this in mind, let’s talk about how resetting your password actually works within WordPress.
In the following sections, we’re going to cover three methods to reset a WordPress lost password. The first one requires you to have access to the email that’s associated with your WordPress account. Alternately, the second method will work as long as you’re already logged into your dashboard, even if you don’t have access to your email.
Finally, we’ll teach you how to reset your WordPress password in the database, which works if you can’t access your email or your dashboard. Without further ado, let’s jump right in!
Every WordPress website has its own login screen, even if you’re the only registered user for the entire site. Here’s what it looks like, without any customizations:
There are two fields, one for your username or email address, and another for your password. Since you’re reading this, chances are you’ve lost that password, so your first move should be to click on the Lost your password? link right below the login fields.
Next, WordPress will ask you to enter either your username or the email associated with your account. Go ahead and do that, then click on the Get New Password button:
The platform will send you an email informing you that someone requested to reset your WordPress password. If you get one of these messages unexpectedly, someone might be trying to break into your site. In that situation, it’s a smart idea to change both your WordPress and email passwords:
For now, click on the single link the password reset email contains, and a new page will open. Here, you can change your WordPress lost password to anything you want. WordPress takes the liberty of generating a strong option for you, however, which we recommend that you use:
You can use any password you want instead, of course. However, if your main worry about using a password like the one pictured above is that you might not remember it, there are tools that can help you out. Password managers are an excellent option if you want to generate secure credentials for every site and not have to remember them each time you log in.
Either way, once you choose a password you’ll need to select the Reset Password button. Then, you’ll see a confirmation message like this one if everything went smoothly:
The entire process should only take you a couple of minutes, unless you spent a lot of time coming up with a new password. Next up, let’s talk about another way you can reset your WordPress password.
If you can log into your WordPress dashboard, then you can change your password from within, without having to use your email. This method is useful if you don’t currently have access to your email account, but your WordPress login session hasn’t expired yet. Plus, it takes less time than it does to change your WordPress password via the login screen.
To do this, go to your dashboard and navigate to the Users › Your Profile tab. This section includes all the information associated with your account, from your full name to your username, email, and even your profile picture:
More importantly, there’s also a section called Account Management, where you can change your WordPress password even if you don’t remember the current one. All you have to do is click on the button labeled Generate Password:
When you do that, WordPress will create a secure password for you. However, you can delete that password and type in whatever you want. Keep in mind that if WordPress thinks your password is too weak, it will make you confirm that you want to use it anyway:
You should, of course, use a unique and secure password. Once you enter it into the field, click on the Update Profile at the bottom of the page, and you’re good to go.
Using this method won’t even log you out of your account. The same tab will reload, and you’ll see a simple message that says Profile updated at the top of the screen:
Some people miss that message, and end up changing their password again because they think it didn’t work the first time. If you want to triple check to make sure the process succeeded, just log out of your account. Use your new password when you log back in, and you’ll see for yourself if it worked (which it should have!).
If for some reason you can’t access your site, you can always check out the previous method, which covers how to reset your WordPress password via email.
In this final section, we’re going to cover how to reset your WordPress password directly in your site’s database. This method is quite different from the first two, and should only be used if you can’t access both your email and your dashboard.
Whenever you make a change in WordPress, the platform stores that information in your site’s database. Within that database, you can find every single value on your site, including the passwords for your account and everyone else’s. Of course, WordPress also encrypts that information. So even if someone else gets access to your database, they shouldn’t be able to do much damage.
Editing a WordPress database is a sensitive process. If you change the wrong value, you can do some real damage to your site. With that in mind, we’re going to teach you how to access yours safely, and explain how to create a backup first.
In most cases, your web hosting provider will provide access to your database through your control panel. For example, if you log into your Hostinger control panel, you’ll see a section called Databases. There are several options related to databases here, but the one we care about is phpMyAdmin:
phpMyAdmin is a powerful tool that enables you to view your databases and interact with them using a simple interface. When you access it, you’ll see a list of all your databases on the left side of the screen:
In the example above, we’re using a single hosting account for multiple WordPress sites, which is why you see so many items on that list. In most cases, there should only be one database on that list, which you’ll want to select.
On the next screen, you’ll see all the tables that make up your database to the right. For example, there are tables for your site’s comments, posts, and even users:
We’ll come back to this tab later. For now, check out the top of the screen and click on the tab called Export. There, you can export your database’s contents as a single SQL file. To do this, click on the Quick option and hit the Go button:
Now, phpMyAdmin will download a file to your computer. Store it somewhere safe where you won’t forget about it, since that backup can save your life if you edit the wrong value when making changes to your database.
With that out of the way, let’s return to the Structure tab at the top of the screen. You’ll see all your database’s tables laid out again. The one you’re looking for now should be called something like wp_users:
In the example above, you’ll notice that our Users table has a slightly different name from the one we just mentioned. That’s a precaution some hosts take when setting up your database so that it’s more difficult for attackers to crack it.
In any case, you’ll see a list of all your site’s registered users on the next screen:
We’re using a test website, so there’s only one account here. That single row contains all its associated information, including the username, password, and email.
Your account’s password will show up under the user_pass column. However, the values you see here are encrypted, so someone can’t just break into your database and copy them. In other words, the value you see in the screenshot above isn’t our real password, but an encrypted value.
However, that doesn’t mean you can’t change the real password. To do that, click on the Edit button to the left of the row for the user whose password you want to alter. On the next screen, there will be fields for all the values you saw earlier, including one for user_pass:
To change your WordPress password, you need to replace the contents of the Value column in the user_pass row.
Then, you’ll need to encrypt your new password. Click on the Function drop-down menu to the left of where you typed in your new password, and choose the MD5 option:
MD5 is the algorithm WordPress uses to encrypt your passwords. Once you’re ready, click on the Go button to the lower right corner of the screen, and your changes will be saved.
If you check your database’s wp_users table again, you’ll see that there’s a new encrypted value under the user_pass column for your user. That’s it – you just learned how to change your WordPress password in phpMyAdmin!
Before you go, keep in mind that you can also use this method to change the passwords for other accounts on your website. However, there are very few reasons you’d ever need to forcibly change another user’s password. In a nutshell, you should only ever do that if a user loses access to their account, and they have no way to recover it.
For more in-depth WordPress tips and tutorials, make sure to read:
P.S. If you’re searching for a reliable and secure place to host your site, check out our custom-tailored WordPress hosting.
30-days money-back guarantee, instant setup, and 24/7 live support awaits you!
Resetting your password should always be easy. However, the process often requires you to have access to the email you used when signing up. If you don’t, things can get complicated. The good news is that, as we’ve seen, WordPress enables you to change your password through your database. That way, you can reset your WordPress password no matter what happens.
Do you have any questions about how to reset your WordPress password, using any of the methods we’ve introduced? Let’s talk about them in the comments section below!
June 17 2019
The phpMyAdmin method will NOT work. WordPress no longer accepts MD5 hashes for passwords.
Replied on September 26 2019
Hey Mike, I think you are confusing something. WordPress still supports MD5: https://wordpress.org/support/article/resetting-your-password/
July 31 2019
thank you so much very helpful
February 07 2020
Thank U. This worked nicely!