A lost WordPress password can mean a major headache. When you suddenly can’t log in to your WordPress site because you can’t remember your password, you need to know how to quickly solve the problem. The good news is that WordPress has made it pretty easy to recover your password securely in just a few steps.
Let’s be honest. Forgetting passwords is a pretty common occurrence, especially when we have so many to remember. When you have a website on WordPress, you’re bound to forget or lose your WordPress password every once in a while. (Yes, even the most tech-savvy people forget their passwords sometimes. 🙋♀️)
Thankfully, there are 5 tricks and tips you can use to easily recover your lost WordPress password. For starters, the easiest way is to use the Lost Your Password? link below your WordPress login screen to get a password reset link emailed to you. However, if a password email reset isn’t working, you would have to take additional steps to recover your lost password.
In this guide, we’ll cover how to recover, change, and reset your WordPress password. Because passwords have such a direct connection to website security, we’ll also talk about the importance of using strong WordPress password security to protect your site. Then we’ll walk you through some more WordPress password tips and tools. Let’s get started!
In This Article 🤓
Lost WordPress Password? 5 WordPress Password Recovery and Reset Tips 🔌
If you have lost your WordPress password, the best way to recover your password is to change or reset your WordPress password. WordPress doesn’t actually store your password in a way that anyone can access it, so it isn’t really possible to recover your WordPress password. You must either reset or change your password.
Let’s dive into the 5 ways you can overcome a lost WordPress password by either changing or resetting your password.
- Use the WordPress password reset link for email password recovery
- Ask another admin user to rest your WordPress password from the WordPress dashboard Users > Profile for you
- Reset via cPanel (this is a WordPress password reset via phpMyAdmin or MySQL database)
- WordPress password reset via functions.php file
- Emergency password reset PHP script
1. Use the WordPress Password Reset Link for Email Password Recovery 🔗💌
The quickest method of recovering a lost WordPress password is to use the WordPress forgot password link located on your WordPress login page. This method will generate a WordPress password reset URL, sent to you via email.
1. Navigate to your WordPress login page located at http://example.com/wp-admin [insert your domain name instead of “example.com”]. Below the login form, click the Lost your password? link.
2. Once you click on the Lost your password? link, your WordPress website will automatically redirect you to the WordPress password reset page.
3. On this screen, you can enter either your WordPress username or admin email address to reset your password:
4. After you enter either your username or email address, click on the Get New Password button.
5. If you get the username or email connected to your profile right, a password reset email will be sent to the email address associated with your user. An email will then be sent to you with a link to reset your WordPress password. Follow the accompanying instructions, and you should be back in business in no time.
Just keep in mind that problems can arise with this WordPress password reset method, including:
- You can’t actually remember the WordPress username or email address associated with your account. Perhaps you have multiple WordPress website accounts or maybe you’re used to using something like the WordPress desktop app. This password reset method requires you know either the correct email address or username to successfully reset your password.
- The WordPress password reset email may not send. Your hosting provider or server setup can have issues that cause the WordPress reset email not to be sent. WordPress not sending email is a common problem with a few workarounds, but if this is happening to you, we recommend moving to a fully managed WordPress hosting environment.
- You no longer have access to the email address associated with your account. If you no longer have access to the email used to set up your website’s user profile, you can’t actually click a link to reset your password from an email.
If any of the problems with the email recovery method of resetting your WordPress password are the case for you, take a deep breath. There are other, slightly more technical ways to reset your WordPress login password we’ll cover in more detail in the next three sections.
2. Ask Another Admin User to Change Your WordPress Password from The WordPress Dashboard 🙏
The second method requires a separate Admin user on the website who you can ask for help in resetting your lost WordPress password. If there is another WordPress admin user for your site, they can help edit your profile to change your password so you can log in again.
Here’s how this process works:
1. Contact one of the admin users on your website to ask for help in resetting your password (maybe offer to send a snack as well!)
2. Once logged in, the admin user can reset your password from the Users > All Users page on your behalf. They simply need to click on your user in the list to edit your profile.
3. From the user profile page, they need to the Account Management section. From here, they can use the Set New Password button to reset your password for you.
4. Have them securely share your new password with you (you can use LastPass to do this).
5. After you log in with the password set for you, immediately change your WordPress password (so it won’t become a lost WordPress password again!) to something strong and unique that only you know.
3. Reset via cPanel (WordPress Password Reset via phpMyAdmin or MySQL Database) 🧐
If you have admin access to your website’s hosting cPanel or web hosting control panel through your WordPress hosting provider, you can reset your lost WordPress password from cPanel using phpMyAdmin.
Note: These steps (and screenshots) may vary slightly depending on your hosting provider. If in doubt, ask your hosting provider for support! For this post, we’ll walk through how to use cPanel and phpMyAdmin to reset your WordPress password.
Here is a brief explanation of how this password reset method works:
Your WordPress website uses a MySQL database to store important data that your website needs to function properly. The data stored in your database includes WordPress credentials. That’s why you can use this method to reset your WordPress password.
Don’t worry, though, your website’s database can only be accessed if you have the proper admin privileges or if you have admin access to the web hosting account. Also, note that all WordPress user passwords are encrypted.
1. To get started, log in to your hosting account and access cPanel. Next, navigate to the Databases section of the page and click on phpMyAdmin:
2. Once you log in to your phpMyAdmin account, a list of databases will appear on the left. Click on the WordPress database of your website.
3. Next, look for the wp_users row and click the Browse icon to the right.
4. After you click the Browse icon, it will bring you to a page that lists all the users registered on your WordPress site. In this list, you can find the username, user email, and encrypted password associated with your account.
5. Select the user you want to change the password for, then click on Edit.
6. On the next page, you will be able to change your WordPress password in the user_pass section. Next to the user_pass you will see a long list of letter and numbers. Select and delete this long string.
7. Type in the new password that you want to use. Remember that it is case sensitive.
8. Once done, select MD5 from the drop-down menu. This step is important because the MD5 selection will encrypt the password for you.
9. Double-check to ensure the password is correct and that MD5 has been selected.
10. Save your changes by clicking the Save, Update, or Go button at the bottom of the page.
11. And that should do it! You can now log in through your WordPress /wp-admin URL with your new username and new password.
If you don’t have access to your website via cPanel, there is also a way to reset your password via FTP. We cover that in the next section, so keep reading.
4. Password Reset via FTP Using Functions.php File ⬆️
Your WordPress theme (and/or child theme) has an important PHP file named functions.php. This file controls many of the ways your WordPress theme operates to power your website.
Important note: Your WordPress website actually has two or three functions.php files. One is an important WordPress core file that should never be modified! For this password reset method, make sure you’re working with the functions.php file located in your website’s theme directory. If you use a child theme, use the functions.php file located in the child theme.
In order to reset your password using this method, you will need to download a copy of your theme’s functions.php file from the WordPress hosting server to your computer through FTP (or better, sFTP).
Using the FTP or cPanel to recover your WordPress password would require you to identify the WordPress theme that is currently active on your site. If you change the function file in an inactive file, the password will not be recovered. The theme for your WordPress site can be found out from the footer, dashboard or the page source code of WordPress.
1. In order to reset your password, you need to locate the functions.php file within your active theme’s directory (folder). If you use a child theme, use the functions.php file located in the child theme’s folder.
1. Next, you need to add or edit the edit the wp_set_password line of code in your functions.php file.
2. The line of code must be set as wp_set_password (‘abcdef, 1’). In this code, abcdef is the sample new password (you can use whatever you want here). The number 1 refers to the WordPress users ID number.
3. Just remember: When changing the password for your site, make sure you use a strong, complex password that you keep somewhere secure.
4. Make sure to save the edits you made to the functions.php file. With the help of FTP, upload the edited file back to your website. You should now be able to log into your WordPress website through your /wp-admin dashboard.
5. Important: After you have successfully recovered or changed your password using this method, the next important step is to undo the changes that were made to the functions file.
6. For this, you have to re-download the WordPress functions file once again through FTP and remove the line of code. This code is the same which was used to recover or change the password for your WordPress site.
7. Upload the updated version of the file that you have modified back to your WordPress site through the FTP, and now you’re really done.
5. Emergency Password Reset PHP Script ⚠️
If all else fails, there’s one final password reset option you can try to recover a lost WordPress password. This one requires that you create a PHP file from a pre-written script and add it to the core of your website.
This method has some major limitations and should only be used as a last resort for these reasons:
- In order to use this option, you will need the website administrator’s username and email address.
- This method will actually reset the website admin’s password, so they will need to give permission. If you are the admin user, it’s good to be aware of this.
- It could potentially create a website security risk, so use with caution.
Here are the steps to add the emergency password reset script:
1. To retrieve the PHP script, copy it from this page in the WordPress codex: Using the Emergency Password Reset Script.
2. Create a new file called “emergency.php” in your text editor. Paste the entire script from the WordPress Codex link in the previous step into the new file.
3. Update the values so the file contains your admin’s information, and save.
4. Log into your web hosting account and control panel or FTP client. Using the file manager tool or your FTP client, go to the root of your WordPress website.
5. Add the new file to the root directory. Do not place it in the plugin directory. (It was previously called a “plugin”, but should not be treated as such now.
6. Open a new browser tab and go to: https://[yourdomainname].com/emergency.php.
7. You’ll be prompted to enter the admin’s username. Then, create a brand new password. Click on “Update Options” when you’re done. If you used the correct username, your administrator should receive a confirmation email with the new password.
Important! Once the admin has regained access, delete the emergency.php file from your server so it does not pose a security risk.
How to Change Your WordPress Password 💻
As a WordPress site owner, you need to know how to change your WordPress password from time to time. Changing your password every three months or so is a great way to make sure your user account doesn’t fall victim to a brute force attack.
The easiest way to change your WordPress is through your WordPress admin dashboard.
1. To get started, after you log in to your website and navigate to Users > Profile page.
2. On your profile page, scroll down to the Account Management section and click on the Set New Password button.
Clicking the Set New Password button will automatically generate a new password for you. As all strong passwords should, your new WordPress password will include a combination of letters, numbers, and symbols.
You can stick with the password WordPress creates for you or customize it to a password of your choosing. Just remember to make your new password both strong and unique.
3. When you’re done, select Update Profile at the bottom of the screen. That’s it!
Need to Change a WordPress Password Without Logging In? 🧙♂️
The steps outlined above in the “How to change your WordPress password section” assume that you can still log in to your website to access to your WordPress dashboard.
But what do you do if you’re locked out of your website (such as if you forgot your password)? You obviously won’t be able to change your WordPress login credentials using the method provided by your WordPress dashboard.
Fortunately, you can use the five methods mentioned above in the 5 WordPress Password Recovery and Reset Tips 🔌 to change your WordPress password.
WordPress Password Security 🔐
Since we’re on the subject of lost WordPress passwords, we thought it would be worth sharing some of the latest info on password security best practices. That’s because your WordPress login credentials are your website’s first line of defense. This is why you may hear advice to change your username and password after creating a new WordPress installation.
Of course, generating strong WordPress passwords is just one of many ways you can safeguard your website. However, it’s an important step that shouldn’t be overlooked.
There are both active and passive measures you can take to heighten the security of your passwords, and best practices you can follow to reduce the likelihood of unwanted agents infiltrating your website.
Relying on lax password and security practices leaves your site more susceptible to brute-force attacks. If you’re unfamiliar, a brute force attack is when hackers use aggressive and sophisticated techniques to ‘guess’ a password until they gain entry. The weaker your credentials (specifically, your password!), the easier it is for hackers to infiltrate your site, steal information, and damage your website’s files.
In addition to creating and using strong passwords for your WordPress account, there are other preventive steps you can take to safeguard your site. For example, in addition to password-protecting specific pages and posts, you can also use a password manager, security plugin, and other tools to add even more layers of protection.
The first step is learning how WordPress passwords work, which features come built-in with the Content Management System (CMS), and how to execute the most important password-related tasks. Then you can also start learning about some of the top WordPress password security plugins, tools, and best practices to use.
We actually wrote this 21-step checklist to ensure a 99.9% secure WordPress website:
Free WordPress site security eBook
5 WordPress Password Best Practices, Tips, and Tools 👮♀️
- Use a Password Manager for All Your Online Accounts 🔑
- Generate Complex and Unique Passwords 💪
- Strengthen WordPress Password Security With the iThemes Security Pro Plugin 🔌
- Never Reuse Your WordPress Password For Another Account 🚫
- 5. Add Two-Factor Authentication To Your WordPress Admin Login 📱
1. Use a Password Manager for All Your Online Accounts 🔑
One of the best tips we can share to combat lost passwords is to adopt a password manager to store all your passwords. A password manager helps you generate strong and unique passwords for every online account, so you don’t have to remember hundreds of passwords.
Why? Using a password manager will make keeping all your login credentials organized will lessen the likelihood that you’ll forget or lose a password and have to go through a password reset process again.
There are a variety of options to choose from. One of the most popular is LastPass, which we love:
The LastPass password manager app lets you store every password (not just your WordPress credentials) so all your other account and application passwords are safe. It’s a freemium tool that comes with both a browser extension and an app. Just be sure to enable two-factor authentication for your LastPass master login!
2. Generate Complex and Unique Passwords 💪
As we mentioned earlier, weak passwords can lead to unnecessary attacks on your site. The problem is that the passwords that are the easiest to remember also tend to be the easiest to guess.
This is why it’s essential to create strong passwords for your WordPress website and content. However, what exactly does that mean? As a general rule of thumb, aim to make your passwords as long and unique as possible. This means including at least 12 characters, incorporating numbers and symbols, and using a combination of upper and lowercase letters.
You can use a random password generator, such as the one that comes built-in with WordPress that we discussed earlier. Alternatively, you can use a third-party service or tool such as LastPass or iThemes Security Pro, both of which we’ll discuss in a moment.
3. Strengthen WordPress Password Security With the iThemes Security Pro Plugin 🔌
To add even more security to your WordPress website, we recommend using a WordPress security plugin such as iThemes Security Pro:
This is a WordPress security powerful plugin that helps safeguard your site in many different ways. You can use it to create and enforce strong passwords for all your website’s users to prevent brute-force attacks, as well as a bunch of other security-related features.
For example, you can use this plugin to:
- Implement Two-Factor Authentication (2FA or multi-factor authentication) for your WordPress login, which adds an additional layer of protection to your password with a secondary login code (see #5 for more details).
- Limit the number of login attempts allowed before suspicious users are locked out
- Hide your WordPress admin login page and URL
- Determine which level(s) of users on your site need to have strong passwords
These are just a few of the features that come with this robust WordPress security plugin. In addition to the premium plugin (which starts at $80 per month), you can also leverage iThemes Security Pro through our Care Plans.
4. Never Reuse Your WordPress Password For Another Account 🚫
Did you know that reusing passwords puts you at risk for multiple hacked accounts?
Here’s the scary reality: Hackers often create and share database dumps of passwords after a website has been compromised. If a hacker has your username or email address and also a password associated with your information, they can use that info to try to log into other websites, apps, or accounts.
This is why having a strong, unique password for every account you use is so important! Seems impossible, right? That’s where the combo of password managers and two-factor authentication comes in to save the day (and your brain). They do the work of generating and remembering passwords for you.
5. Add Two-Factor Authentication To Your WordPress Admin Login 📱
Finally, one of the best ways to secure your WordPress login is with two-factor authentication (also known as multi-factor authentication).
What is two-factor authentication? In a nutshell, two-factor authentication adds an extra layer of protection to your WordPress account login by requiring a secondary code before you can successfully log in. This time-sensitive secondary code is generated from a mobile device or app on your smartphone.
You can use iThemes Security Pro or another WordPress two-factor authentication plugin to add multi-factor authentication to your WordPress account login. The plugins offer several ways of generating your secondary login code, including authentication apps like Google Authenticator and Authy.
Frequently Asked Questions 🤷♀️
For security purposes, there is no default WordPress password. Unless your theme developer specifically set one in the functions.php file of your theme (which isn’t recommended), no default WordPress password exists. You can, however, easily reset your WordPress password using the Lost Your Password? link located below your WordPress login form. This link will send an email to the email address associated with your account so you can reset the password for your WordPress account.
For security purposes, there is no default WordPress password. Unless your theme developer specifically set one in the functions.php file of your theme (which isn’t recommended), no default WordPress password exists. You can, however, easily reset your WordPress password using the Lost Your Password? Link located below your WordPress login form. This link will send an email to the email address associated with your account so you can reset the password for your WordPress account.
To find your WordPress admin username and password, you’ll need to know the email address that was used to set up your WordPress admin account. The WordPress password reset link located below your WordPress login form will allow you to reset the password without needing to know your username.
Navigate to your WordPress login form (you can find your login link located at https://example.com/wp-admin, with your domain name as “example.com). Click the Lost Your Password? link below the login form to get a password reset email. If you no longer have access to the email address or aren’t sure what email address was used, check out the methods mentioned above for more technical help on finding your WordPress admin username and password.
The easiest way to reset your WordPress admin password is by using the WordPress forgot password link located on your WordPress login page. Below the login form, click the Lost Your Password? link to generate a WordPress password reset URL that will be sent to you via email. Be sure to use a strong, unique password for your WordPress admin password.
Wrapping Up 👋
A lost WordPress password doesn’t have to ruin your day. Using the methods we’ve mentioned above to recover your WordPress password by resetting it or changing it, you’ll be back in business in no time.
Keep in mind that passwords are one of the first things hackers and cybercriminals take advantage of in order to breach a site and steal information. Therefore, adhering to WordPress password security best practices is one of the most important ways you can protect your site.
Using the tips and tools mentioned for strengthening your WordPress security, including generating complex passwords, using a password manager, and using a WordPress security plugin such as iThemes Security Pro, you’ll be on your way to a secure site.
Want to give your feedback or join the conversation? Add your comments 🐦 on Twitter.
Image credit: Unsplash.