As with most software, your WordPress login credentials should be at the top of your list of things to keep safe and secure. Sometimes, even when you take the best measures to protect yourself, you can lose passwords. Or some malware compromises them. Either way, you will need to change or reset them in WordPress. You might even notice that a user other than yourself has been compromised and needs a password change or reset. We want to walk you through how to both change and reset WordPress passwords to keep your site running smooth as silk and safe as a locked house.
The Difference in Changing and Resetting Passwords
One point we want to clarify before getting started is that we’re going to refer to changing passwords and resetting passwords in this article. While they are synonyms, they are not the same thing.
When we refer to resetting passwords, that will indicate going through a process such as using a forgot your password feature or something similar. WordPress will handle the reset from a series of scripts or functions.
When we talk about changing a WordPress password, we mean manually swapping one password for another. You will type in and swap one password for another, such as in a fillable form under a user profile or in a database find and replace.
Subscribe To Our Youtube Channel
1. How to Change Your WordPress Password through the Dashboard
The easiest way to change your WP password is by logging into your WordPress dashboard as normal. Then, navigate to to Users – Profile (1) in the left admin panel.
Scroll down until you find the New Password (2) option under Account Management and set what you want your new password to be. WordPress will indicate if your new password is weak, medium, or strong (while offering a “strong” password by default). If you choose to enter your own and WordPress is considers it “weak,” then you will need to verify you want to use a weak password. Then just press Update Profile (3). And you will have changed your password.
1a. Changing or Resetting Other Users’ Passwords
You can also follow these same steps if you have Administrator privileges on the site. Navigate to the Users – All Users (4) page, and then select Edit User (5).
In the same way you did above, find Account Management (6) and click Set New Password. Go through the same steps, and the password will be changed.
Additionally, you can send an automated password reset to the user. WordPress does warn you that this method does not force a change in credentials, so if you absolutely need this user’s access altered, it must be done manually through this page.
2. How Reset a WordPress Password via Email
If you don’t have access to your current password, but do have access to the registered email, you can use the Lost Your Password? link on the WordPress login page. New WordPress sites use /wp-login as the default page, but yours might have been changed for security reasons. Regardless, wherever you login, you should see a Lost Your Password? link.
At this point, the site will redirect you to input the username or email you want to reset. Either will work. However, if neither exists in the sytem, you will be told as much.
When you click Reset Password (2), check the email address associated with that account. In most cases, it will send immediately.
You will just need to click the link in the email that says something along the lines of Click Here to Reset Your Password (3).
Just fill in the fields for the new password, click Save (4), and you can then login with your new credentials.
3. How to Change WordPress Passwords in phpMyAdmin
Many WordPress users will never dig deep into their site’s PHP files, much less their core WP database. However, if you lose access to your site for some reason (which may be why you need a new password) or you’re having email issues or your server is down…you might need to dig into the database to reset that WordPress password.
And the easiest way to do that is using phpMyAdmin. You should be able to access this tool through your host’s dashboard, regardless of if you use cPanel or their own special one. It’s should be located under tools or something similar. In SiteGround, it’s under Site (1) – mySQL (2) – phpMyAdmin (3) – Access phpMyAdmin (4).
Once inside phpMyAdmin, you can look to the left-side of the screen and find your database (5). It will be named similarly to something_wp00, and you can click inside it to load the contents and see all the tables. Find one called wp_users (6).
Inside this table, you will find a list of every user that has registered on your site. The user_login is generally the one you will use to find the user you’re changing the password for. But nearly all the columns have identifying information, so you shouldn’t be lost at all. You are looking for the Edit (7) button in the left-most column, and you will also see the user_pass column (8).
The passwords are encrypted in this list. You will not have to do that yourself, just select from a dropdown on the next screen. Don’t worry.
You will want to find the user_pass row, select MD5 as an encryption method, and then type the new password (in plain text!) in the field to the right. Then press Go (10), and the new password will be in effect.
Some of you might wonder why we are using an older encryption method like MD5 for passwords, and that’s because while WordPress has since moved on beyond MD5 for encryption, it is still supported. The WP software will use the most up-to-date method it has to encrypt, but using MD5 is a security measure to ensure that even older, out-of-date versions aren’t left vulnerable with plain-text passwords.
No matter what you set the password to, the table will show a different encrypted string in the user_pass (11) column than before, which shows you that the password change is in effect. If the encrypted string does not change, then the password didn’t change. The chances of the encrypted string remaining the same are so infinitesimally small that it’s effectively impossible.
4. How to Change the WordPress Admin Password with functions.php
If all else fails, but you still have access to your site’s file system, you can connect by FTP or through your host’s dashboard to change your password. This is not the best way to do it, but it’s possible. You want to navigate to /public_html/wp-content/themes/current-theme-folder/ (1) and find the functions.php (2) file.
Then, you will need to download a copy of functions.php. Any time you touch a required PHP file, you want to back it up. After that, open it up in your favorite editor. Or the in-browser one if your host supports it.
At this point, you need to add the following line into your functions.php file. (You can read more on this function on WordPress.org)
wp_set_password( 'you_new_password', 1 );
Where the variable ‘your_new_password’ is replaced by your new password. The 1 in the string indicates the primary site administrator as the user. Using this method is the safest bet to regaining access to your site. If you happen to know a different user ID number, that’s also possible. But 1 will always be the site admin. So 1 will always grant you access.
Remember this method will reset the WordPress password in plain text (non-encrypted). So this is a quick fix that you will disable ASAP. Once you’re logged in, go back into the file and delete that line immediately. Because it’s part of the theme’s functions.php file, it will reset that password whenever that line is called…which is on any page load.
Work quickly and work safely with this. But you’re pretty much guaranteed access this way.
Wrapping Up
Losing access to your WordPress site is one of the most terrifying things that can happen to you. As a user and as an administrator. Luckily, you have options no matter from which level you access the site. Getting back in can be as simple as clicking a lost your password link. Or maybe you need to manually dig into the database or alter PHP. Regardless of your reason or method of recovery, you shouldn’t be locked out of your WordPress site for long.
Why have you had to change or reset your WordPress passwords in the past?
Article featured image by Chaliya / shutterstock.com
Thanks for this complete guide.
Just use a rememberable password with 1 upper case character, a special character and a number inside to make it stronger. That’s it.
Another type that I use for things I need really secure are pass phrases, where I will use a string of words and spaces if the service takes its. Such as “the dog rolled some dice and came out a winner”. That sort of thing is a lot harder to break than even an alpha numeric pass, apparently.