There are a few reasons you might want to change your WordPress password. Maybe you simply forgot it. Maybe you shared the password with other users and now you want to limit access to your dashboard to those who no longer need (or should have) access to your WordPress website. Maybe you’ve left your account logged in at a public computer. Maybe you’ve been hacked, or want to change it for another security reason.

Grow Your Business With HubSpot's Tools for WordPress Websites

Whatever the reason, there are a few ways you can change your password safely. We'll start with the easiest options and work our way to the more difficult ones. Or, you can click on any of the links below to jump to that section:

If you would rather follow along with a video, here's a handy walkthrough brought to you by Compete Themes:

How to Change WordPress Password from Login Page

Let’s say you forgot your password but know the username or email associated with the account. In that case, the simplest way to change your WordPress password is using the lost password feature. Let’s walk through the process below.

Lost your password feature on a WordPress login page

  • You’ll be redirected to a page instructing you to enter the username or email address on file for your account. Once you do, click Get New Password.

Form prompting user to enter username or email address to reset password

  • Check your inbox for an email from WordPress with a password reset link, and click on it.
  • You’ll be redirected to a page that instructs you to enter a new password.
  • You can enter whatever password you want, or use the one that WordPress has automatically generated for you, and click Reset Password.
Once you see a confirmation message that your password has been reset, you can log in using your new credentials.

How to Change WordPress Password in Dashboard

If you remember your password but would like to change it or would like to change the password of another user, then you can do so in your WordPress dashboard. Follow the steps below.

  • Log in to your dashboard.
  • Click Users > All Users.

Site admin clicking users > all users in WordPress dashboard to change password

  • Hover over the user whose password you want to change and click Edit.

Site admin clicking Edit below username to change their WordPress password

  • Scroll down to the Account Management section and click the Set New Password button.

Site admin scrolingl down to the Account Management section of a user profile to set new password

  • WordPress will automatically generate a strong password for you. You can keep it, or overwrite it by typing another password in the input field.

WordPress auto-generates a strong passwrod after clicking set new password in user profile

  • When you’re done, click Update Profile at the bottom of the screen.

The page will reload and you’ll see a confirmation message that the user profile has been updated.

There’s no need to log out and log back into your account using this method. But you can if you want to double check that the password has been reset successfully.

How to Change WordPress Password in phpMyAdmin

Let’s say you can’t access your email or your dashboard. In that case, you can change your password directly using phpMyAdmin.

phpMyAdmin is a PHP script designed so administrators can manage their MySQL databases. They can optimize and repair their tables, back up information, and execute other database management commands in the event that WordPress is not working.

Before we dive into the steps below, a note of caution: There is no “undo” button when using phpMyAdmin. So be careful when editing or doing anything in your database.

  • Log into phpMyAdmin. If you don’t have it, download and install phpMyAdmin from the main project page.
  • Click Databases.
  • A list of databases will appear. Select your WordPress database.
  • All the tables in your WordPress database should appear. If they don’t, click Structure.
  • Find wp_users in the column labelled “Tables.”

wp_users table in phpMyAdmin will enable you to change your WordPress password

Image Source

  • Click on the browse icon.
  • Find user_login and your username.
  • Click Edit or the pencil icon.
  • Your user_id will appear. Click Edit.
  • Find user_pass in the column labelled “Field.”
  • Select and delete the string of numbers and letters in the user_pass row and under the column labelled “Value.” Type in your new password.
  • Click the dropdown menu under the column labelled “Functions” and select MD5 from the menu.

User_pass row set to MD5 and new value to change WordPress Password

Image Source

  • When you’re ready, click the Go button in the bottom right corner of the screen.

You can now go to your login page and sign in using your new password.

How to Change WordPress Password in cPanel

Most WordPress hosting providers will have phpMyAdmin pre-installed in their control panels. In that case, you can essentially follow the process outlined above to change your WordPress password. Let’s look at the steps below to change your password in one of the most popular file managers: cPanel.

  • Log into your hosting account’s cPanel.
  • Scroll down to the Databases section.
  • Select phpMyAdmin.
  • Repeat steps 2-16 from the section above.

How to Change WordPress Admin Password

The steps below will only work if you’re using the admin user and want to change the admin password specifically. There’s two approaches you can take. We’ll start with using FTP and then move onto the emergency password reset script, which should only be used as a last resort.

Using FTP

If you want to change the admin password, then you need to have the admin username as well an FTP client installed on your computer. Short for File Transfer Protocol, FTP allows you to transfer your files and password from your computer to your website hosting account over a secured connection. Below, we’ll look at the process of changing your WordPress password using FileZilla.

  • Login to your site via FileZilla.
  • On the left side of the screen, click the public_html folder.
  • Open your wp-content folder.
  • Open your themes folder and the folder labelled with your active theme’s name.
  • Locate the functions.php file and download it.

Edit function.php file using FTP to copy and paste wp_set_password function to change wordpress password

Image Source

  • Copy and paste the following line of code right at the beginning of the file, after the first <?php tag:
 
      wp_set_password( 'password', 1 );

  • Replace “password” in the parentheses with your new admin password. Leave the “1” as is. It represents the user ID number in the wp_users table in your MySQL database.
  • Upload the modified file back to your site.
  • Log in to your site with your new password.

Once you’ve done so successfully, make sure to go back and remove that line of code from your functions.php file. Otherwise, your password will reset on every page load.

Using the Emergency Password Reset Script

If you know the admin username and are unable to access your database, then you can use the Emergency Password Reset Script to change the admin password. You should only use this PHP script if all other alternatives have been exhausted. Follow the steps below.

  • Log in to your hosting account’s cPanel.
  • Open File Manager.
  • On the left side of the screen, click the public_html folder.
  • Click the New File button in the top menu.
  • Name the file “emergency.php” and click the Create New File button.
  • You will now see your new file listed. Right-click to edit the file.
  • Copy and paste the Emergency Password Script into the file and save it. Here's the code below:

 
<?php
/*
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/

require './wp-blog-header.php';

function meh() {
global $wpdb;

if ( isset( $_POST['update'] ) ) {
$user_login = ( empty( $_POST['e-name'] ) ? '' : sanitize_user( $_POST['e-name'] ) );
$user_pass = ( empty( $_POST[ 'e-pass' ] ) ? '' : $_POST['e-pass'] );
$answer = ( empty( $user_login ) ? '<div id="message" class="updated fade"><p><strong>The user name field is empty.</strong></p></div>' : '' );
$answer .= ( empty( $user_pass ) ? '<div id="message" class="updated fade"><p><strong>The password field is empty.</strong></p></div>' : '' );
if ( $user_login != $wpdb->get_var( "SELECT user_login FROM $wpdb->users WHERE ID = '1' LIMIT 1" ) ) {
$answer .="<div id='message' class='updated fade'><p><strong>That is not the correct administrator username.</strong></p></div>";
}
if ( empty( $answer ) ) {
$wpdb->query( "UPDATE $wpdb->users SET user_pass = MD5('$user_pass'), user_activation_key = '' WHERE user_login = '$user_login'" );
$plaintext_pass = $user_pass;
$message = __( 'Someone, hopefully you, has reset the Administrator password for your WordPress blog. Details follow:' ). "\r\n";
$message .= sprintf( __( 'Username: %s' ), $user_login ) . "\r\n";
$message .= sprintf( __( 'Password: %s' ), $plaintext_pass ) . "\r\n";
@wp_mail( get_option( 'admin_email' ), sprintf( __( '[%s] Your WordPress administrator password has been changed!' ), get_option( 'blogname' ) ), $message );
$answer="<div id='message' class='updated fade'><p><strong>Your password has been successfully changed</strong></p><p><strong>An e-mail with this information has been dispatched to the WordPress blog administrator</strong></p><p><strong>You should now delete this file off your server. DO NOT LEAVE IT UP FOR SOMEONE ELSE TO FIND!</strong></p></div>";
}
}

return empty( $answer ) ? false : $answer;
}

$answer = meh();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>WordPress Emergency PassWord Reset</title>
<meta http-equiv="Content-Type" content="<?php bloginfo( 'html_type' ); ?>; charset=<?php bloginfo( 'charset' ); ?>" />
<link rel="stylesheet" rel="noopener" target="_blank" href="<?php bloginfo( 'wpurl' ); ?>/wp-admin/wp-admin.css?version=<?php bloginfo( 'version' ); ?>" type="text/css" />
</head>
<body>
<div class="wrap">
<form method="post" action="">
<h2>WordPress Emergency PassWord Reset</h2>
<p><strong>Your use of this script is at your sole risk. All code is provided "as -is", without any warranty, whether express or implied, of its accuracy, completeness. Further, I shall not be liable for any damages you may sustain by using this script, whether direct, indirect, special, incidental or consequential.</strong></p>
<p>This script is intended to be used as <strong>a last resort</strong> by WordPress administrators that are unable to access the database.
Usage of this script requires that you know the Administrator's user name for the WordPress install. (For most installs, that is going to be "admin" without the quotes.)</p>
<?php
echo $answer;
?>
<p class="submit"><input type="submit" name="update" value="Update Options" /></p>

<fieldset class="options">
<legend>WordPress Administrator</legend>
<label><?php _e( 'Enter Username:' ) ?><br />
<input type="text" name="e-name" id="e-name" class="input" value="<?php echo attribute_escape( stripslashes( $_POST['e-name'] ) ); ?>" size="20" tabindex="10" /></label>
</fieldset>
<fieldset class="options">
<legend>Password</legend>
<label><?php _e( 'Enter New Password:' ) ?><br />
<input type="text" name="e-pass" id="e-pass" class="input" value="<?php echo attribute_escape( stripslashes( $_POST['e-pass'] ) ); ?>" size="25" tabindex="20" /></label>
</fieldset>

<p class="submit"><input type="submit" name="update" value="Update Options" /></p>
</form>
</div>
</body>
</html>
<?php exit; ?>

  • Now open your browser and type in the file path to access the emergency.php file. It will look something like: http://example.com/emergency.php
  • A login screen should appear. You can enter your existing admin username and a new password of your choice.
  • Now go to your WordPress login page and log in using your new credentials.

An email should be sent to the administrator’s email address with their new password details. However, the password will still be changed even if you don’t receive the email.

Once you’ve logged into your site using your new admin password, go back and delete the emergency.php file from your root installation. Otherwise, anyone can visit your site’s URL with the emergency.php file path and reset your admin password.

Changing Your WordPress Password

Whether you forgot your password or want to reset it to keep your WordPress website secure, there are a number of ways you can change your password in WordPress. Some require you to remember the username and existing password, others require you to edit some core files. You can select one of the methods above that best suits your situation or technical experience.

Use HubSpot tools on your WordPress website and connect the two platforms  without dealing with code. Click here to learn more.

 Use HubSpot tools on your WordPress website and connect the two platforms  without dealing with code. Click here to learn more.

Originally published Feb 11, 2021 7:00:00 AM, updated September 30 2021

Topics:

WordPress Website