Introduction
Strong passwords protect the WordPress Admin against unauthorized access and common security threats, such as brute-force attacks. However, long and complex passwords are not easy to memorize.
Users occasionally forget passwords or compromise website security by storing unencrypted credentials locally or in browsers.
Change the WordPress password immediately if you cannot access the WP Admin or suspect that the credentials have been compromised.
Find out how to change the WordPress password using 8 different methods.
Change WordPress Password
There are several ways to change the WordPress admin password. Deciding which method to use depends on the user's permissions, access, and technical expertise.
The methods are listed from the simplest to the more complex solutions.
Websites that collect sensitive customer information, like ecommerce stores, need to use security plugins and set up two-factor authentication in WordPress.
Method 1: Via "Lost Password" Feature
Administrators that forget their WordPress password can use the "Lost your password" feature to regain access. To use this method, you also need access to the email account associated with the user.
To reset the WordPress password:
1. Select Lost your password? on the WordPress login page.
2. Enter the Username or registered Email Address and click Get New Password.
3. The system delivers an automated email with a link to reset the WordPress password.
4. Use the randomly generated password or enter a custom password in the New password field.
5. Click Reset Password to change the password.
Confirm that the new password works by logging in to the WordPress Admin.
Method 2: Via WordPress Dashboard
The WordPress Dashboard allows admins to change existing user passwords.
To change a password in the WordPress Dashboard:
1. Access the WordPress Admin.
2. Select Users.
3. Go to All Users.
4. Click Edit to access the User Profile page.
5. Select Set New Password in the Account Management section.
6. Use the auto-generated password or enter a custom password in the provided field. Consult the password strength meter to create a strong WordPress password.
7. Click Update Profile to change the password.
Log out and try to log in using the newly created password.
Method 3: Via cPanel
To avoid installing WordPress manually, website owners often use script libraries, like Softaculous or Fantastico, to streamline the installation process. Administrators with access to cPanel can edit the existing installation details, including the WordPress admin password:
1. Access cPanel.
2. Select WordPress Manager. The name and location of the installation software solution in cPanel may vary depending on the hosting provider and script library.
3. Locate the Admin Account section. This section contains the admin user credentials.
4. Enter the new password in the Admin Password field.
5. Click Save Installation Details at the bottom of the page.
Use the new password to access the WordPress admin panel.
Method 4: Via phpMyAdmin
WordPress user credentials are stored in the WordPress database. To access the user database entry and edit the password value via phpMyAdmin:
1. Access phpMyAdmin.
2. Click Databases.
3. Select your WordPress database.
4. Click wp_users in the Table column to access user credentials.
5. The user_login and user_pass columns contain user credentials. Click Edit to change the user password value.
6. Enter a new password in the user_pass Value field. The field is case-sensitive.
7. Select MD5 in the user_pass dropdown menu. The system is going to encrypt and store the password.
8. Click Go at the bottom right corner of the screen.
Visit the WordPress login page and access the Dashboard using the new password.
Method 5: Via FTP
Website owners with access to the WordPress server can change the password by editing the functions.php file.
To change a WordPress password via FTP:
1. Use a preferred FTP client, like WinSCP or FileZilla to establish an SSH connection with the WordPress server.
2. Access the directory of the theme currently active on the website. In this example, the active theme is called Twenty Twenty-One, and the files are located in the \wp-content\themes\twentytwentyone\ directory.
3. Download the existing functions.php file to your local device.
4. Use a text editor, like Notepad++, to add the following code after the initial <?php tag:
wp_set_password( 'yourpassword', 1 );
Replace the <em>yourpassword</em>
value with the new password. The 1
value is the user ID number in the wp_users table. If necessary, change the user ID number to reflect the ID in your wp_users table.
5. Upload the modified functions.php file to the server and overwrite the existing file.
6. Access the WordPress Dashboard and change the password.
7. Remove the code from the functions.php file.
If you do not remove the code from the functions.php file, the system is going to reset the password every time a page loads.
Method 6: Via WP-CLI
WP-CLI is a command-line tool for managing WordPress websites. To change the WordPress password via the WP-CLI tool:
1. Access the WordPress installation directory:
cd var/www/html/
Modify the path to match the location of the WordPress directory on your system.
2. Retrieve a list of WordPress users:
wp user list
The output shows all WordPress users, including their ID numbers.
3. Utilize the user ID number to update the user's password:
wp user update 1 --user_pass=yourpassword
The user ID number in this example is 1.
Method 7: Via MySQL
Website owners can use the MySQL client to change the WordPress admin password. This example shows how to change the WordPress password in Ubuntu:
1. Use the cat command to create a new text file:
cat > wp.txt
2. Press Enter and type the new password.
Press Ctrl+D to exit the file.
3. Confirm that the file was created and check its content.
cat wp.txt
The output confirms that the password is correct.
4. Encrypt the password using MD5:
tr -d '\r\n' < wp.txt | md5sum | tr -d '-'
The system displays the hashed password from the wp.txt file.
Store the hashed password locally.
5. Delete the wp.txt file:
rm -rf wp.txt
This is a security measure. Do not store unencrypted password files.
6. Log in to MySQL:
mysql -u root -p
7. Access the WordPress database and display the database tables:
use wordpress;
show tables;
WordPress users are stored in the wp_users table.
8. Retrieve IDs, usernames, and passwords from the wp_users table:
SELECT ID, user_login, user_pass FROM wp_users;
The system displays existing passwords encrypted using the MD5 algorithm.
9. Change the WordPress admin password in MySQL:
UPDATE wp_users SET user_pass=('236fbdb73fa7989c2aacdbbffe878f6b') WHERE user_login = 'admin';
In this example, the value 236fbdb73fa7989c2aacdbbffe878f6b is the encrypted password for the admin user. Enter the MD5 hashed password.
10. Confirm that the new password has been applied:
SELECT ID, user_login, user_pass FROM wp_users;
Use the new password to access the WordPress Dashboard.
Method 8: Via Emergency Password Reset Script
Administrators that do not have access to their email nor website database can use an Emergency Password Reset Script to change the WordPress admin password.
To change the password via a password reset script:
1. Access the WordPress server using cPanel or a preferred FTP client.
2. Create an emergency.php file in the WordPress root directory.
3. Copy and paste the Emergency Password Script in the emergency.php file and save the file.
4. Open a browser and access the emergency.php script:
http://yourwebsite.com/emercgency.php
5. The script prompts a login screen. Enter the existing admin username and a new password.
6. Visit the WordPress login page and log in using the new credentials.
7. Delete the emergency.php file from the installation directory.
While the emergency.php file is in the folder, anyone can visit the URL and reset the admin password.
Why Change/Reset Your WordPress Password?
Most serviced use passwords as the primary line of defense against unauthorized access. Users forget their credentials all the time, share passwords, or store them in weakly protected areas like emails, browsers, or local devices.
Website owners are especially vulnerable as malicious software, account takeover fraud, and social engineering target administrative users.
The most common reasons for changing WordPress passwords are:
- Forgotten passwords.
- Security concerns. If website security, or associated accounts, like emails, are compromised, changing the WordPress password must be a priority.
- Password policies that require employees to change passwords regularly.
- Temporarily sharing access with other users.
Apply the best website security practices to avoid frequently changing WordPress passwords.
Conclusion
You know how to change the WordPress password using different methods and tools. This guarantees that you can resolve WordPress access issues securely and quickly.
To increase security, ecommerce websites should standardize their password requirements by using a password management solution.