In these days of security vulnerabilities, strong passwords are more important than ever. And resetting your WordPress admin access password regularly is a great idea since WordPress is popular, and hackers are always trying to gain access.
This article will lead you through how to reset your WP password, and how to create a strong password.
Resetting Your WordPress Admin Password
If you have access to your site, you can reset your WordPress admin password using their built-in password reset option. Here are the steps.
Via Your WordPress Dashboard
- Log into your WordPress site and from the lefthand menu, choose Users.
- Select your user profile.
- Click the Edit option.
- Scroll down to Account Management
- Click Set New Password.
- Create a strong password.
- Scroll down to the bottom of the page and click Update Profile
And that’s it! You’ve reset your WordPress admin access password.
But what if you’ve forgotten your password?
Via the WordPress Login Page
If you’ve forgotten your password, obviously the above won’t work. But all is not lost. Just follow these steps.
- Navigate to your-domain.com/wp-login to access the login page.
- Click on the Lost your Password? link.
- Fill in your Username or Email address and click Get New Password
- Check your email and follow the reset link in it. (Don’t see an email? Check your junk or spam folders.)
- You are now back on your Login page. Either use the auto-generated password that’s provided or create your own strong password.
- Save your password somewhere, preferably in a password manager program.
- Log in.
Either of the above methods should work to reset your WordPress admin password, but if they don’t, there are other options. They’re just a bit more complex.
If you can’t access your Admin Dashboard or you no longer have access to the admin email address you used with WordPress, try the following.
phpMyAdmin holds your WordPress database. This database is unique to your site and, for the most part, it contains every bit of information your site contains—including your password.
To access your phpMyAdmin, head to your cPanel—or whatever control panel your host uses—and log in. Please note that any screenshots will be of cPanel, and if you use something different, the layout will be different as well. But the steps will remain the same.
- Log in to phpMyAdmin via your host’s cPanel
- Scroll down to the Databases menu and select phpMyAdmin
- A new tab will open, and you’ll be in your phpMyAdmin
- On the left, you will have a list of all the domains on your server. The correct one will be identified by the database name you created when you originally installed WordPress.
- Click the link to your database.
- On the left, you now have a menu of all your database tables. Select wp_users. (If you or a security plugin has changed your database prefix, the table name might be named something_unique _users)
In the right panel, you now have a list of your WordPress users. Select Edit in the column that matches your user_login.
- Delete the value in the user_pass field and add a new strong password.
- Under the function column, select MD5 from the drop-down menu and then click on the Go button at the bottom of the form.
Via FTP and your functions.php File
One more way to reset your WordPress admin password is via the functions.php file. However, be very careful. Doing something wrong in this file could break your site, so you should create a backup of it before you make any changes. Additionally, this only works if you’re attempting to log into the Administrator account.
You’ll need the FTP login credentials that your host provided when you signed up.
- Connect to your FTP server.
- Navigate to the root folder for your site.
- Find and open your wp-content folder.
- Find and open your wp-content/themes folder.
- Select the folder for the theme your site is currently using.
- Find the functions.php file and make a backup copy.
- Right-click on the file and select Edit. Or just double-click.
- Add wp_set_password(‘password’,1); after the <?php tag as shown below.
- Exit and save the file, but don’t exit your server just yet.
You’re not quite done. There are a few more steps.
- Go to your WP login page and log in using the following credentials.
Username = Your current username or email address
Password = password (the word password!)
- The page will refresh, leaving you with a blank form, but do not try to log in.
- Head back to your functions.php file and remove the line of code you just added. Then exit and save.
- Return to your login page and finish logging in using the above credentials.
- Once you’re logged in, you can use the steps in the first method in this article to change your password to something strong.
How to Create a Strong WordPress Password
Following these guidelines to create a strong password will create additional security for your site.
- A minimum of 12 characters—the more the better
- A random mixture of uppercase and lowercase letters
- A random mixture of letters and numbers
- At least one special character such as ! @ # $ % ^ etc.
Regularly Change Passwords & Monitor Your WordPress Admin
Getting into the practice of regularly changing passwords is a smart idea. Even if you use a strong password, hackers have multiple ways they’ll use to find or break them.
WP Admin Audit allows you to force users to regularly change their passwords.
There are methods and layers when it comes to securing your WordPress site, but one more thing you can do is monitor what’s happening in the backend. Even if you’re the sole user, it still makes sense to have a record of events that could impact site security and usability.
Install WP Admin Audit so you can keep an eye on security-relevant events on your site.