As with most software, your WordPress login credentials should be at the top of your list of things to keep safe and secure. Sometimes, even when you take the best measures to protect yourself, you can lose passwords. Or some malware compromises them. Either way, you will need to change or reset them in WordPress. You might even notice that a user other than yourself has been compromised and needs a password change or reset. We want to walk you through how to both change and reset WordPress passwords to keep your site running smooth as silk and safe as a locked house.
The Difference in Changing and ResettingΒ Passwords
One point we want to clarify before getting started is that weβre going to refer toΒ changing passwords andΒ resetting passwords in this article. While they are synonyms, they are not the same thing.
When we refer toΒ resetting passwords, that will indicate going through a process such as using aΒ forgot your password feature or something similar. WordPress will handle the reset from a series of scripts or functions.
When we talk aboutΒ changingΒ a WordPress password, we mean manually swapping one password for another. You will type in and swap one password for another, such as in a fillable form under a user profile or in a database find and replace.
Subscribe To Our Youtube Channel
1. How to Change Your WordPress Password through the Dashboard
The easiest way to change your WP password is by logging into your WordPress dashboard as normal. Then, navigate to to Users β Profile (1) in the left admin panel.
Scroll down until you find theΒ New Password (2) option underΒ Account Management and set what you want your new password to be. WordPress will indicate if your new password is weak, medium, or strong (while offering a βstrongβ password by default). If you choose to enter your own and WordPress is considers it βweak,β then you will need to verify you want to use a weak password. Then just press Update Profile (3). And you will have changed your password.
1a. Changing or Resetting Other Usersβ Passwords
You can also follow these same steps if you have Administrator privileges on the site. Navigate to theΒ Users β All Users (4) page, and then selectΒ Edit User (5).
In the same way you did above, findΒ Account Management (6) and clickΒ Set New Password. Go through the same steps, and the password will be changed.
Additionally, you can send an automated password reset to the user. WordPress does warn you that this method does not force a change in credentials, so if you absolutely need this userβs access altered, it must be done manually through this page.
2. How Reset a WordPress Password via Email
If you donβt have access to your current password, but do have access to the registered email, you can use theΒ Lost Your Password? link on the WordPress login page. New WordPress sites use /wp-login as the default page, but yours might have been changed for security reasons. Regardless, wherever you login, you should see aΒ Lost Your Password? link.
At this point, the site will redirect you to input the username or email you want to reset. Either will work. However, if neither exists in the sytem, you will be told as much.
When you clickΒ Reset Password (2), check the email address associated with that account. In most cases, it will send immediately.
You will just need to click the link in the email that says something along the lines ofΒ Click Here to Reset Your Password (3).
Just fill in the fields for the new password, clickΒ Save (4), and you can then login with your new credentials.
3. How to Change WordPress Passwords in phpMyAdmin
Many WordPress users will never dig deep into their siteβs PHP files, much less their core WP database. However, if you lose access to your site for some reason (which may be why you need a new password) or youβre having email issues or your server is downβ¦you might need to dig into the database to reset that WordPress password.
And the easiest way to do that is using phpMyAdmin. You should be able to access this tool through your hostβs dashboard, regardless of if you use cPanel or their own special one. Itβs should be located under tools or something similar. In SiteGround, itβs underΒ Site (1) β mySQL (2) β phpMyAdmin (3) β Access phpMyAdmin (4).
Once inside phpMyAdmin, you can look to the left-side of the screen and find your database (5). It will be named similarly to something_wp00, and you can click inside it to load the contents and see all the tables. Find one calledΒ wp_users (6).
Inside this table, you will find a list of every user that has registered on your site. TheΒ user_login is generally the one you will use to find the user youβre changing the password for. But nearly all the columns have identifying information, so you shouldnβt be lost at all. You are looking for theΒ Edit (7) button in the left-most column, and you will also see the user_pass column (8).
The passwords are encrypted in this list. You will not have to do that yourself, just select from a dropdown on the next screen. Donβt worry.
You will want to find the user_pass row, select MD5 as an encryption method, and then type the new password (in plain text!) in the field to the right. Then pressΒ Go (10), and the new password will be in effect.
Some of you might wonder why we are using an older encryption method like MD5 for passwords, and thatβs because while WordPress has since moved on beyond MD5 for encryption, it is still supported. The WP software will use the most up-to-date method it has to encrypt, but using MD5 is a security measure to ensure that even older, out-of-date versions arenβt left vulnerable with plain-text passwords.
No matter what you set the password to, the table will show a different encrypted string in theΒ user_passΒ (11) column than before, which shows you that the password change is in effect. If the encrypted string doesΒ not change, then the password didnβt change. The chances of the encrypted string remaining the same are so infinitesimally small that itβs effectively impossible.
4. How to Change the WordPress Admin Password with functions.php
If all else fails, but you still have access to your siteβs file system, you can connect by FTP or through your hostβs dashboard to change your password. This is not the best way to do it, but itβs possible. You want to navigate toΒ /public_html/wp-content/themes/current-theme-folder/Β (1)Β and find theΒ functions.php (2) file.
Then, you will need to download a copy ofΒ functions.php. Any time you touch a required PHP file, you want to back it up. After that, open it up in your favorite editor. Or the in-browser one if your host supports it.
At this point, you need to add the following line into yourΒ functions.php file. (You can read more on this function on WordPress.org)
wp_set_password( 'you_new_password', 1 );
Where the variableΒ βyour_new_passwordβ is replaced by your new password. TheΒ 1 in the string indicates the primary site administrator as the user. Using this method is the safest bet to regaining access to your site. If you happen toΒ know a different user ID number, thatβs also possible. But 1 will always be the site admin. So 1 will always grant you access.
Remember this method will reset the WordPress password in plain text (non-encrypted). So this is a quick fix that you will disable ASAP. Once youβre logged in, go back into the file and delete that lineΒ immediately. Because itβs part of the themeβsΒ functions.php file, it will reset that password whenever that line is calledβ¦which is on any page load.
Work quickly and work safely with this. But youβre pretty much guaranteed access this way.
Wrapping Up
Losing access to your WordPress site is one of the most terrifying things that can happen to you. As a user and as an administrator. Luckily, you have options no matter from which level you access the site. Getting back in can be as simple as clicking a lost your password link. Or maybe you need to manually dig into the database or alter PHP. Regardless of your reason or method of recovery, you shouldnβt be locked out of your WordPress site for long.
Why have you had to change or reset your WordPress passwords in the past?
Article featured image by Chaliya / shutterstock.com
Thanks for this complete guide.
Just use a rememberable password with 1 upper case character, a special character and a number inside to make it stronger. That’s it.
Another type that I use for things I need really secure are pass phrases, where I will use a string of words and spaces if the service takes its. Such as “the dog rolled some dice and came out a winner”. That sort of thing is a lot harder to break than even an alpha numeric pass, apparently.