How to Change/Reset the WordPress Password

October 28, 2021

Introduction

Strong passwords protect the WordPress Admin against unauthorized access and common security threats, such as brute-force attacks. However, long and complex passwords are not easy to memorize.

Users occasionally forget passwords or compromise website security by storing unencrypted credentials locally or in browsers.

Change the WordPress password immediately if you cannot access the WP Admin or suspect that the credentials have been compromised.

Find out how to change the WordPress password using 8 different methods.

Changing or resetting password in WordPress.

Change WordPress Password

There are several ways to change the WordPress admin password. Deciding which method to use depends on the user's permissions, access, and technical expertise.

The methods are listed from the simplest to the more complex solutions.

Websites that collect sensitive customer information, like ecommerce stores, need to use security plugins and set up two-factor authentication in WordPress.

Method 1: Via "Lost Password" Feature

Administrators that forget their WordPress password can use the "Lost your password" feature to regain access. To use this method, you also need access to the email account associated with the user.

To reset the WordPress password:

1. Select Lost your password? on the WordPress login page.

The Lost your password feature in WordPress.

2. Enter the Username or registered Email Address and click Get New Password.

Enter new WordPress password using the Lost your password feature.

3. The system delivers an automated email with a link to reset the WordPress password.

WordPress password reset email.

4. Use the randomly generated password or enter a custom password in the New password field.

5. Click Reset Password to change the password.

Enter new WordPress password on password reset screen.

Confirm that the new password works by logging in to the WordPress Admin.

Method 2: Via WordPress Dashboard

The WordPress Dashboard allows admins to change existing user passwords.

To change a password in the WordPress Dashboard:

1. Access the WordPress Admin.

2. Select Users.

3. Go to All Users.

4. Click Edit to access the User Profile page.

Edit User Profile in WordPress Dashboard.

5. Select Set New Password in the Account Management section.

6. Use the auto-generated password or enter a custom password in the provided field. Consult the password strength meter to create a strong WordPress password.

7. Click Update Profile to change the password.

Change WordPress password in the Dashboard.

Log out and try to log in using the newly created password.

Method 3: Via cPanel

To avoid installing WordPress manually, website owners often use script libraries, like Softaculous or Fantastico, to streamline the installation process. Administrators with access to cPanel can edit the existing installation details, including the WordPress admin password:

1. Access cPanel.

2. Select WordPress Manager. The name and location of the installation software solution in cPanel may vary depending on the hosting provider and script library.

WordPress Manager app in cPanel.

3. Locate the Admin Account section. This section contains the admin user credentials.

4. Enter the new password in the Admin Password field.

Change WordPress password from cPanel.

5. Click Save Installation Details at the bottom of the page.

Save WordPress installation details in cPanel.

Use the new password to access the WordPress admin panel.

Method 4: Via phpMyAdmin

WordPress user credentials are stored in the WordPress database. To access the user database entry and edit the password value via phpMyAdmin:

1. Access phpMyAdmin.

2. Click Databases.

3. Select your WordPress database.

Access WordPress database using phpMyAdmin.

4. Click wp_users in the Table column to access user credentials.

The wp user table in phpMyAdmin.

5. The user_login and user_pass columns contain user credentials. Click Edit to change the user password value.

Edit WordPress credentials in phpMyAdmin.

6. Enter a new password in the user_pass Value field. The field is case-sensitive.

7. Select MD5 in the user_pass dropdown menu. The system is going to encrypt and store the password.

Change WordPress user password in phpMyAdmin.

8. Click Go at the bottom right corner of the screen.

Encrypt and store WordPress user password in phpMyAdmin.

Visit the WordPress login page and access the Dashboard using the new password.

Method 5: Via FTP

Website owners with access to the WordPress server can change the password by editing the functions.php file.

To change a WordPress password via FTP:

1. Use a preferred FTP client, like WinSCP or FileZilla to establish an SSH connection with the WordPress server.

2. Access the directory of the theme currently active on the website. In this example, the active theme is called Twenty Twenty-One, and the files are located in the \wp-content\themes\twentytwentyone\ directory.

3. Download the existing functions.php file to your local device.

The functions.php file in the WordPress theme directory.

4. Use a text editor, like Notepad++, to add the following code after the initial <?php tag:

wp_set_password( 'yourpassword', 1 );

Replace the <em>yourpassword</em> value with the new password. The 1 value is the user ID number in the wp_users table. If necessary, change the user ID number to reflect the ID in your wp_users table.

Edit the functions.php file in WordPress.

5. Upload the modified functions.php file to the server and overwrite the existing file.

6. Access the WordPress Dashboard and change the password.

7. Remove the code from the functions.php file.

If you do not remove the code from the functions.php file, the system is going to reset the password every time a page loads.

Method 6: Via WP-CLI

WP-CLI is a command-line tool for managing WordPress websites. To change the WordPress password via the WP-CLI tool:

1. Access the WordPress installation directory:

cd var/www/html/

Modify the path to match the location of the WordPress directory on your system.

2. Retrieve a list of WordPress users:

wp user list

The output shows all WordPress users, including their ID numbers.

3. Utilize the user ID number to update the user's password:

wp user update 1 --user_pass=yourpassword

The user ID number in this example is 1.

Method 7: Via MySQL

Website owners can use the MySQL client to change the WordPress admin password. This example shows how to change the WordPress password in Ubuntu:

1. Use the cat command to create a new text file:

cat > wp.txt

2. Press Enter and type the new password.

Create text file with WordPress password.

Press Ctrl+D to exit the file.

3. Confirm that the file was created and check its content.

cat wp.txt

The output confirms that the password is correct.

New WordPress password in text file.

4. Encrypt the password using MD5:

tr -d '\r\n' < wp.txt | md5sum | tr -d '-'

The system displays the hashed password from the wp.txt file.

Hashed WordPress password in Ubuntu.

Store the hashed password locally.

5. Delete the wp.txt file:

rm -rf wp.txt

This is a security measure. Do not store unencrypted password files.

6. Log in to MySQL:

mysql -u root -p

7. Access the WordPress database and display the database tables:

use wordpress;
show tables;

WordPress users are stored in the wp_users table.

8. Retrieve IDs, usernames, and passwords from the wp_users table:

SELECT ID, user_login, user_pass FROM wp_users;

The system displays existing passwords encrypted using the MD5 algorithm.

9. Change the WordPress admin password in MySQL:

UPDATE wp_users SET user_pass=('236fbdb73fa7989c2aacdbbffe878f6b') WHERE user_login = 'admin';

In this example, the value 236fbdb73fa7989c2aacdbbffe878f6b is the encrypted password for the admin user. Enter the MD5 hashed password.

10. Confirm that the new password has been applied:

SELECT ID, user_login, user_pass FROM wp_users;

Use the new password to access the WordPress Dashboard.

Method 8: Via Emergency Password Reset Script

Administrators that do not have access to their email nor website database can use an Emergency Password Reset Script to change the WordPress admin password.

To change the password via a password reset script:

1. Access the WordPress server using cPanel or a preferred FTP client.

2. Create an emergency.php file in the WordPress root directory.

Creating an emergency.php file in WordPress.

3. Copy and paste the Emergency Password Script in the emergency.php file and save the file.

4. Open a browser and access the emergency.php script:

http://yourwebsite.com/emercgency.php

5. The script prompts a login screen. Enter the existing admin username and a new password.

6. Visit the WordPress login page and log in using the new credentials.

7. Delete the emergency.php file from the installation directory.

While the emergency.php file is in the folder, anyone can visit the URL and reset the admin password.

Why Change/Reset Your WordPress Password?

Most serviced use passwords as the primary line of defense against unauthorized access. Users forget their credentials all the time, share passwords, or store them in weakly protected areas like emails, browsers, or local devices.

Website owners are especially vulnerable as malicious software, account takeover fraud, and social engineering target administrative users.

The most common reasons for changing WordPress passwords are:

  • Forgotten passwords.
  • Security concerns. If website security, or associated accounts, like emails, are compromised, changing the WordPress password must be a priority.
  • Password policies that require employees to change passwords regularly.
  • Temporarily sharing access with other users.

Apply the best website security practices to avoid frequently changing WordPress passwords.

Conclusion

You know how to change the WordPress password using different methods and tools. This guarantees that you can resolve WordPress access issues securely and quickly.

To increase security, ecommerce websites should standardize their password requirements by using a password management solution.

About the author
Vladimir Kaplarevic
Vladimir is a resident Tech Writer at CCBill. He has more than 8 years of experience in implementing e-commerce and online payment solutions with various global IT services providers. His engaging writing style provides practical advice and aims to spark curiosity for innovative technologies.
Talk to a Merchant Support Specialist