WordPress is currently the most popular blogging system being used on the web. The good thing about WordPress is the huge selection of free plugins and themes that allow any users to extend the features and change the look without knowing a thing about web programming. One of the most common problems that a webmaster will face is the owner of a website forgets or loses the admin password to gain access to the WP-ADMIN area.
Obviously the easiest way to regain access to the admin area is by using the email recovery method built-in to WordPress. A link “Lost your password?” will be shown after a failed login. All you need to do is either enter the username or email and a link will be sent to the user’s email to change the password. Do take note that there is no way to recover the original password because the one-way encryption being used cannot be decrypted.
If you are reading this article, most likely the email recovery method doesn’t work and a few reasons can cause this. It can be due to the server not being configured to use the PHP mail() function, or a hacker has managed to gain access to the wp-admin area and simply changed the email address of the admin user, or you simply do not have access to the email. So here we have a couple of different methods that you can use to change or reset the admin password and regain access to the wp-admin area.
Softaculous is an auto web application installer system that can be found in web hosting control panels such as cPanel, DirectAdmin, Plesk and etc. If you’ve installed WordPress using Softaculous, there is a function that allows you to easily reset the admin password.
1. First login to your web host control panel and access Softaculous.
2. At the top right bar, click on the “All Installations” icon to list all the websites that are running WordPress.
3. Click the Edit Details icon for the website running WordPress.
4. At the “Admin Account area, enter the username followed by the new password, and click “Save Installation Details” button.
You should get the message “The installation details were edited successfully” to confirm the modification. You can now login to the wp-admin area using the new password. If your web host does not have Softaculous or if you did not install WordPress using Softaculous, you can try the different methods to reset WordPress admin password as shown below.
Since WordPress version 2.5, a function wp_set_password is available to update a user password with a new encrypted one. In order to use this function, you will have to specify the password and the user ID which is usually 1 for the first default admin account. To use the wp_set_password function, there are instructions found on the Internet to embed the code in a theme’s function.php file, but we prefer to embed it into the wp-login.php file because sometimes we don’t know which theme is being used.
All you need to do is edit the wp-login.php file either by downloading it to your computer, edit and upload it back, or you can directly edit it from your FTP client program or file manager in control panel. Add the following code at the END of the file.
The code above will update the password of the userid 1 to yournewpassword. You can make the changes accordingly. You will need to access the wp-admin page or the wp-login.php file on your website for this code to take effect. Make sure to remove the code from wp-login.php file after you are able to access the wp-admin area with the new password.
3. WordPress Emergency Password Reset Script
If your web host control panel does not have Softaculous and you do not know how to edit the wp-login.php file correctly, another simple way to reset an admin password for a WordPress website is by uploading a special emergency.php script to the folder where WordPress is installed. After uploading the file, open the emergency.php file on your web browser.
You must enter a valid username that exist in your WordPress installation followed by the new password. Make sure to delete the emergency.php file after changing the password.
4. Yoast User Manager
Yoast User Manager is similar to the above WordPress Emergency Password Reset Script but has additional options and is more secure. First of all, it requires the password of the database that is used to install WordPress which automatically prevents anyone from using the script if the file is accidentally left online. You can also add new users and conveniently update any user password from the drop down menu that shows a list of available users. You will need to download the script and upload to the folder where WordPress is installed. Then open the PHP script using your web browser.
You can obtain the database password by downloading the wp-config.php file located at the root of where WordPress is being installed. Open the file with a text editor and check the value for DB_PASSWORD.
After entering the correct database password, you will be able to fully edit the user including changing the role, first name, last name, display name, nickname, URL and new password. It is required to enter the database password again for security reasons.
This method should probably be your last resort if for some unknown reasons you’re unable to reset your WordPress admin user with the above methods. This step involves directly editing the WordPress database to change the user’s password using phpMyAdmin that is found in your web host control panel. Run phpMyAdmin, select the database that is used for your website running WordPress, click on wp_users and you should see a list of users. Click the Edit link for the user that you want to change the password.
At the user_pass column, enter your desired password in the value box, click on the Function drop down menu and select MD5. Click the Go button to save the changes. Do take note that WordPress will automatically rehash the MD5 with the new form and re-save it to the database.