Running a WordPress site is all fun and games, until you’re locked out. Whether you forgot your login credentials or want to improve security, learning how to change WordPress passwords is essential. Fortunately, resetting or changing your password is easier than you think. In this guide, we’ll walk you through every possible method to change WordPress passwords, from beginner-friendly dashboard clicks to developer-level database commands, so you’re never stuck again.
Why Password Security Matters in WordPress
Think of your WordPress password as the front door key to your digital home. If it’s weak, reused, or exposed, you’re inviting hackers to dinner. Regularly updating your password helps:
- Prevent brute-force attacks
- Protect your data and content
- Keep your users and visitors safe
When You Might Need to Reset Your Password
- You forgot it (hey, it happens).
- Your site got hacked.
- You gave it to someone and want to revoke access.
- You’re performing a security sweep.
Method 1: Reset via WordPress Login Page
Step-by-Step Guide to Reset Password
- Go to your website’s login URL. It usually looks like this yourdomain.com/wp-login.php
Replace yourdomain.com with your actual domain name. - Just below the login form, click the “Lost your password?” link. This will take you to the password reset page.
- You’ll be asked to enter your WordPress username or the email address associated with your account.
- If you’re not sure about the exact username, use your email address.
- Make sure it’s the one linked to your WordPress user profile.
- WordPress will now send a password reset link to your registered email address.
- Look for an email Password Reset”.
- If you don’t see it within a few minutes, check your Spam or Junk folder.
- Open the email and click on the password reset link. It will take you to a secure password reset page on your website.
- Enter a strong new password in the provided field and click “Reset Password”.
- Use a mix of uppercase, lowercase, numbers, and special characters.
- WordPress will show you if your password is strong or weak.
- Once your password is successfully reset, you’ll see a confirmation message.
- Go back to your login page: yourdomain.com/wp-login.php
- Enter your username and new password to log into your WordPress dashboard.
Common Issues and Fixes
- Didn’t get the email? Check spam or use another method.
- Email not linked? Then phpMyAdmin or WP-CLI is your best bet.
Method 2: Change Password from Admin Dashboard
- Log into your WordPress dashboard
- Navigate to Users > Profile
- Scroll down to Account Management
Setting a Strong New Password
- Click on “Set New Password.”
- Use a mix of uppercase, lowercase, numbers, and symbols
- Hit “Update Profile”
Pro tip: Use tools like Bitwarden or 1Password to save it.
Method 3: Reset via Email Link
What to Do If You Can’t Access Email
- Navigate to your hosting provider to update your WordPress email
- Use phpMyAdmin to change admin email directly in the database
Tips to Ensure Recovery Email is Always Accessible
- Avoid using temporary or business emails you might lose
- Set up a backup email address linked to the same account
Method 4: Use phpMyAdmin to Reset Password
If you’re locked out of your WordPress site and can’t use email recovery, another method is to reset your password directly in the database using phpMyAdmin. This tool is commonly available through your hosting control panel and allows you to manage your WordPress database.
Step-by-Step Guide
Step 1: Access phpMyAdmin via Your Hosting Panel
- Log in to your hosting account
- This is usually done through ServerAvatar, cPanel, Plesk, or your hosting provider’s dashboard (e.g., Bluehost, Hostinger, SiteGround).
- This is usually done through ServerAvatar, cPanel, Plesk, or your hosting provider’s dashboard (e.g., Bluehost, Hostinger, SiteGround).
- Open phpMyAdmin
- Look for a section labeled Databases and click on phpMyAdmin.
- Look for a section labeled Databases and click on phpMyAdmin.
- Select your WordPress database
- On the left-hand sidebar, you’ll see a list of databases. Click the one associated with your WordPress site.
Not sure which one it is? Open your wp-config.php file in File Manager and check the line:
define( 'DB_NAME', 'your_database_name' );
Step 2: Locate the wp_users Table
- In the list of tables, find and click on wp_users.
- Note: Some installations may prefix the table name differently, like wp123_users.
- You’ll now see a list of all WordPress users.
Step 3: Edit the User’s Password
- Find your username (usually the admin user) and click the Edit link next to that row.
- Look for the user_pass field.
- This is where WordPress stores the password (in a hashed format).
- This is where WordPress stores the password (in a hashed format).
- Change the value:
- In the Function dropdown next to user_pass, select MD5.
- In the Value field, enter your new password (e.g., MyNewSecurePassword!).
4. Click “Go” at the bottom of the page to save the changes.
Important Notes
- WordPress no longer uses MD5 hashing for password storage in newer versions. However, setting the password as an MD5 hash allows you to log in temporarily.
- Once you log in using the new password, WordPress will automatically re-hash your password using its latest secure algorithm.
- This means you should log in as soon as possible after making this change and consider updating your password again from the WordPress dashboard.
After Logging In
Once you regain access:
- Go to your WordPress dashboard.
- Navigate to Users → Profile (or Users → All Users, then select your user).
- Scroll down and choose Set New Password.
- Set a new, strong password and save.
By following these steps carefully, you can safely reset your WordPress admin password through phpMyAdmin and regain access to your site. Just remember—editing your database directly should be done with caution, and you should always back it up beforehand if possible
Method 5: Change WordPress Password via WP-CLI
WP-CLI (WordPress Command Line Interface) is a powerful tool that allows you to manage your WordPress site using the command line, without needing to log in to the WordPress admin dashboard. If you have SSH access to your server and WP-CLI is installed, this is one of the quickest and most secure ways to reset a WordPress user password.
Connect to Your Server via SSH
Open your terminal (Mac/Linux) or an SSH client like PuTTY (Windows), and connect to your server:
ssh username@yourserver.comNavigate to Your WordPress Directory
Move into the root directory where your WordPress site is installed:
cd /path/to/your/wordpress/installationReplace /path/to/your/wordpress/installation with the actual path on your server.
Run the Password Update Command
Use the following WP-CLI command to change your WordPress user password:
wp user update USERNAME --user_pass="NewStrongPassword"- Replace USERNAME with the actual WordPress username you want to change the password for.
- Replace NewStrongPassword with a secure, complex password.
Example:
wp user update admin --user_pass="MySecur3P@ssw0rd!"Done!
If the command runs successfully, your password has been updated. You can now log in to your WordPress dashboard with your new credentials.
Method 6: Change WordPress Passwords via FTP
Here, I used ServerAvatar‘s File Manager
1. Log in to ServerAvatar Dashboard
2. Select your WordPress Application
3. Navigate to this Path :- wp-content/themes/your-theme-name/functions.php
4. Open your theme’s functions.php file
You’ll find this file inside your active theme folder, usually located at:
wp-content/themes/your-theme-name/functions.php
Right after the opening <?php tag, add this line of code:
wp_set_password( 'yournewsecurepassword', 1 );- Replace ‘yournewsecurepassword’ with a strong, secure password.
- The number 1 refers to the user ID. By default, user ID 1 is the main admin account.
Save the file
If you’re editing it locally, upload it back to your site via FTP or File Manager in your hosting panel, and overwrite the existing file.
Log in to your WordPress dashboard
Use the new password you just set to access your admin account.
Important: Remove the line you added
After logging in, go back to the functions.php file and delete the line you added:
wp_set_password( 'yournewsecurepassword', 1 );Leaving this code in place would reset your password every time a page is loaded, which can cause security issues and lock you out again.
Enabling Two-Factor Authentication
Add an extra layer of protection using plugins like:
- WP 2FA
- Google Authenticator
How to Prevent Future Lockouts
Backup Access Options
- Keep an extra admin user with a secure email
- Write down your recovery steps somewhere safe
Create a Maintenance User Account
- Limited access
- Use when working with developers or freelancers
Conclusion
There’s nothing worse than staring at a locked login screen. But now you know every possible way to reset or change your WordPress password quickly—whether you’re a complete beginner or a command-line ninja. Regularly updating your password is one of the easiest ways to stay secure online. Don’t wait for a hack—take action today!
FAQs
1. How often should I change my WordPress password?
Every 3–6 months is a good rule of thumb, especially if you’re running an active site.
2. What if I don’t receive the password reset email?
Check spam. If it’s not there, reset it through phpMyAdmin or ask your hosting support.
3. Can I use the same password again?
Technically yes, but it’s not recommended for security reasons.
4. Are password reset plugins safe?
Only if you use well-reviewed and regularly updated ones from trusted developers.
5. Is there a way to reset passwords for multiple users?
Yes, using WP-CLI or plugins like Bulk User Management can help with that.