8 Ways to Change Password in WordPress

In WordPress, you can recover and change a user's password if you have access to the user's email or if you are already logged in. But how do you change (set) a password for any user if you don't know the administrator's password? Below, we will consider different options for changing passwords for different situations.

Remember, it's always important to use a strong password!

It is impossible to retrieve a user's WordPress password because passwords are stored in the database in encoded form (as a hash), and the only way to retrieve a password from its hash is to guess it. Such password guessing is called a brute force attack.

The password is stored in the database in the user_pass field of the wp_users table.

Contents:

Authorization — PHP

To access the admin panel without changing the user's password, you can use the wp_set_auth_cookie() function.

The code below shows how to authorize as an administrator without changing the password.

Insert the code into the theme's functions.php file. Then, go to any page on the site and add ?login_as_admin to the end of the URL. After that, you will be automatically authorized as an administrator.

if( isset( $_GET['login_as_admin'] ) ){
	add_action( 'init', function(){
		$users = get_users( [ 'role' => 'administrator' ] );
		wp_set_auth_cookie( $users[0]->ID );
	} );
}

IMPORTANT: After using this code, it must be deleted!

Password Change — Admin Panel

If you are logged in, you can change the password on the Users → Your Profile page. If you are an administrator, you can change the password for any user by going to the user's edit page from the Users → All Users page.

Password change in user profile

Password Change — Email (Password Recovery)

If you have forgotten your password but have access to the user's email, you can recover the password. Here's what you need to do:

  1. Go to the Login page: /wp-login.php.
  2. Click on the "Forgot your password?" link.
  3. Enter the email or username for which you need to recover the password.
  4. Follow the password recovery link received in the email (if you entered the username, you need to check the email corresponding to the username).
  5. Enter a new password in the form that you accessed by clicking the link in the email.
  6. Log in to the site using the new password.
Password recovery in WordPress

Password Change — phpMyAdmin

Almost all hosting providers provide access to phpMyAdmin - a database management panel.

It is very easy to set a password for any user there. To do this, go to the wp_users table and click on "edit" (pencil icon) next to the user whose password you want to change. As a result, you will see a form like this:

Setting a new password through phpMyAdmin

Change the hash code in the user_pass field to the new password. And be sure to specify MD5 for the entered value (this way, the entered text password will be hashed, and WordPress will be able to recognize it later).

Note: When first logging in, the MD5 hash will automatically be changed to a more secure hash used in your WordPress version.

Password Change — MySQL

You can use an SQL query to set a new password.

The example below shows how to change the WordPress administrator's password, knowing their login. Here, the new password will be newpass, and the administrator's login will be admin:

UPDATE wp_users SET user_pass = MD5('newpass') WHERE user_login = 'admin'

If you have forgotten the login but remember being the first user on the blog, meaning your ID is 1, you can reset the password by ID - WHERE ID = 1:

UPDATE wp_users SET user_pass = MD5('newpass') WHERE ID = 1;

Or you can change the password knowing the user's email:

UPDATE wp_users SET user_pass = MD5('newpass') WHERE user_email = '[email protected]';

MD5('newpass') = e6053eb8d35e02ae40beeeacef203c1a

Running a MySQL Query from the Console

First, you need to enter the console and connect to the database using the following command:

mysql -u USERNAME -pPASSWORD -h HOST_NAME_OR_IP DATABASE_NAME

or without specifying the host (if you are working in the console from the hosting environment)

mysql -u USERNAME -pPASSWORD DATABASE_NAME

Next, you need to run the aforementioned query like this:

mysql> UPDATE wp_users SET user_pass = MD5('newpass') WHERE user_login = 'admin';

To find the table names in the database my_database, use the command:

mysql> SHOW TABLES IN my_database;

+---------------------------+
| Tables_in_my_database     |
+---------------------------+
| wp_commentmeta            |
| wp_comments               |
| wp_options                |
| wp_postmeta               |
| wp_posts                  |
| wp_term_relationships     |
| wp_term_taxonomy          |
| wp_termmeta               |
| wp_terms                  |
| wp_usermeta               |
| wp_users                  |
+---------------------------+

To get a list of user logins from the user table, use the command:

mysql> SELECT user_login FROM wp_users;

+----------------+
| user_login     |
+----------------+
| abalak         |
| AbamFaw        |
| admin          |
+----------------+

Password Change — PHP

You can set a new password using PHP code with the wp_set_password() function.

Insert the following code into the theme's functions.php file. Then, go to any page on the site and add ?init_new_pass_set=anton to the end of the URL.

As a result, the password for the user anton will be changed to newpass.

if( isset( $_GET['init_new_pass_set'] ) && $login = $_GET['init_new_pass_set'] ){
	add_action( 'init', function() use ( $login ){
		wp_set_password( 'newpass', get_user_by( 'login', $login )->ID );
		wp_die( "The password for user `$login` has been changed" );
	} );
}

After using this code, it is essential to remove it!

Password Change — WP-CLI

You can set a user's password using the wp user update command.

The following example shows how to set the password PASSWORD for the user with the login USERNAME:

wp user update USERNAME --user_pass="PASSWORD"

You can get a list of users (to find out the login) using the wp user list command:

wp user list

+----+---------------+--------------+---------------------+---------------------+---------------+
| ID | user_login    | display_name | user_email          | user_registered     | roles         |
+----+---------------+--------------+---------------------+---------------------+---------------+
| 4  | aleksej-nnn   | Alex         | [email protected]  | 2018-04-24 21:04:24 | administrator |
| 7  | denis         | Denis        | [email protected]      | 2018-06-06 23:30:54 | subscriber    |
| 9  | shk_user      | shk_user     | [email protected] | 2018-08-11 13:27:09 | subscriber    |
| 8  | vladlu        | vladlu       | [email protected]    | 2018-03-26 00:11:48 | editor        |
+----+---------------+--------------+---------------------+---------------------+---------------+

Password Reset — WP-CLI

You can set auto-generated passwords for specified users using the wp user reset-password command.

The following example shows how to reset the password for two users and send them a message that the password has been changed.

wp user reset-password admin editor
	Reset password for admin.
	Reset password for editor.
	Success: Passwords reset.

As a result, the user will receive the following message in their email: