WordPress logo.

If you’ve gotten locked out of your WordPress instance, you can always reset your password by manually editing the table that it uses to store passwords in, provided you have access to the MySQL database.

Reset the Password from MySQL

WordPress runs on PHP, and uses MySQL to store data about posts, configuration, and everything else, including passwords. It stores passwords using the PHPass PHP library (though you can change this with plugins). But, because of backward compatibility, it will still accept an MD5 hash, which is easy to generate (and definitely not secure). You can manually replace your current password with a new MD5 hash.

You’ll need to have access to MySQL to perform these steps. If you have command line access to the server, you can log in to MySQL with:

mysql -u root -p

And select the WordPress database (the name is usually defined in wp-config.php; otherwise, you can use the show databases command):

select database1_wp123

If you don’t have command line access (as is the case with shared hosting), you might have phpMyAdmin installed; if so, you can use that web interface to perform the same commands without SSH access.

Enter the following command, replacing 'new_password' with the password you’d like to set and replacing 'admin' with the username of the account you’re editing (which may very well be ‘admin’):

UPDATE `wp_users` SET `user_pass` = MD5( 'new_password' ) WHERE `wp_users`.`user_login` = "admin";

Your table may be named something different; if so, you can list all tables with the show tables command.

Exit MySQL with Control+D, and verify that the password change worked by attempting to log in.

When you log in again, your password will match the newly created MD5 hash and WordPress should let you log in. WordPress will also go ahead and rehash your password using the default hashing algorithm, and update the database accordingly.

If You Don’t Have MySQL Access

If you have FTP access and the ability to modify WordPress’s files, you can reset the password this way. There should be a file called functions.php in your active theme’s files (under wp-content/themes/theme-name/). Download this file, and add the following line after <?php:

wp_set_password( 'password', 1 );

This will reset the password for the user with ID “1.” This resets on every page load, so you’ll want to remove it once you can regain access.

Reset with an Email Link

This does require you to have a command line mail agent like Postfix set up and working, or else WordPress won’t be able to send any emails.

On the WordPress login page, there’s a link at the bottom to trigger an email password reset. Click this, enter your email, then reset your password using the link given to you.

Link at the bottom to trigger an email password reset.

You can use this method to trigger password resets for other users, too; just enter their email instead, which will send them the link to reset their own password.

Profile Photo for Anthony Heddings Anthony Heddings
Anthony Heddings is the resident cloud engineer for LifeSavvy Media, a technical writer, programmer, and an expert at Amazon's AWS platform. He's written hundreds of articles for How-To Geek and CloudSavvy IT that have been read millions of times.
Read Full Bio »