WordPress is vastly popular, well-loved, and a high yield target for every hacker on the planet. And even though the platform itself is perfectly secure, the website security depends in huge part on the site-owners and admins. And although strong passwords are the first lesson in every security textbook, it’s a pain to remember all of them. So if you were operating without a trusty password manager and manage to lose your passwords, you have but two options: recover them somehow or be locked out of your own admin dashboard for all eternity.
In this post, we take a look at 5 different ways you can recover your lost wp-admin password. No, we’re not going to waste time talking about email: we’re assuming the worst case scenario (hacker) and one of these ways can be used to recover your password without relying on a comforting, obvious solution like email.
1. Installation Script
Web application installer systems like Softaculous are popular with various web hosts and their control panels (cPanel, DirectAdmin, what have you). In our case, this is extremely fortuitous.
If you installed WordPress using a system like Softaculous, you can use one of its functions to reset the password. Just login to your server’s control panel and open Softaculous. Go to WordPress installation, click ‘Edit Details’ for the website in question. You’ll see an ‘Admin Account’ area, where you can enter your username and a new password. Click Save details, receive the message “Installation details edited successfully”, and you’re done.
Go to wp-admin of the website and login using the newly set password.
If Softaculous (or other installation scripts) are out of the question, use…
2. wp_set_password
This function allows users to update their password with a stronger one (complete with encryption). You’ll need access to your installation directory, specifically the functions.php file of your theme or the wp-login.php file in general (your call).
It’s super easy. Open the wp-login.php file (in FTP or file manager) and add the following bit of code at the end of it:
wp_set_password (‘Your_NEW_Password’, 1);
The one denotes your user ID as ‘admin’ and you can replace ‘Your_NEW_Password’ with, well, your new password. The code will update login password of user ID = 1 to the anything you want.
Now try to login with this new password. Once you’ve gained access to admin, remember to remove this piece of code from your wp-login.php file.
3. Emergency Password Reset
Drastic times call for drastic measures.
This method involves uploading an emergency password reset script (not a plugin anymore) to your WordPress installation directory. You can find the code here. Create a new file in Notepad++, paste the code there, and save it as emergency.php. Then move the file to the exact same folder that contains wp-config.php.
Once that’s done, visit your homepage URL and add /emergency.php after it, press Enter.
This will take you to a password-reset screen. Enter your admin username and the new password, click Update options, and wait for confirmation. Now login with the updated credentials and immediately delete the emergency.php script from your installation directory.
Note that deleting the script (after you’ve successfully logged in) is paramount. In the future: Do not reveal your admin username to anyone and don’t use admin account to post content on your website/blog either.
4. phpMyAdmin
If nothing else works, this is where we wind up. Oh well…
You’ll obviously need access to your server’s phpMyAdmin file (usually found in the server control panel). Open this file, select the currently locked website database, and open the wp-users table.
This is the table which, as per its name, houses all user information on WordPress. You’ll need to edit the information for userID = 1.
Click Edit and update the value in user_pass column. Then click on the downward arrow and select MD5 from the drop down menu. Save the changes and exit the database.
Note that this method can obviously be used to change passwords for any user on your website. You’ll also have to pay special attention to database prefixes in case you changed them previously for security or other reasons.
Endnote
So now that you’ve recovered your password, make a pact with your website to never pull this again. Use a password manager tool (there are hundreds of them out there), keep your workstation secure, and don’t be afraid of long, strong passwords.
About The Author:
Tracey Jones is an enthusiast blogger and front-end developer for HireWPGeeks Ltd, a reliable company which provides PSD to WordPress services in cost-effective manner to our global clients. Instead of these, she also has deep interest in creative arts, technical writing and being happy.