It doesn’t happen often, but you may end up in a situation where you or a client has forgotten their WordPress password. For whatever reason, the Lost your password? function of WordPress isn’t working (perhaps the client entered an invalid email address). This guide will teach you how to reset the password manually, using phpMyAdmin or the MySQL console. This tutorial assumes you still have access to your WordPress database.

Generating a New Password Hash

WordPress stores the user passwords as a Hash in a users table. The concept of manually resetting your WordPress password is creating a new hash and overwriting the old value in the database using database tools, rather than WordPress tools.

  1. In a new tab or browser window, load up an online MD5 Hash Generator - MD5Generator works well

  2. Type in a new string (password) and click Generate

  3. MD5Generator produces something like this:

    md5("") = "d41d8cd98f00b204e9800998ecf8427e"

  4. Copy the text between the quotes “” (the random characters, that is the MD5 Hash) or the MD5 Hash generated by your chosen generator.

  5. Follow either the phpMyAdmin method or the MySQL Console method below

phpMyAdmin

  1. Login to phpMyAdmin

  2. Select your WordPress database (click it on the left)

  3. Select users table on the left. It may be prefixed. Default is wp_users (look for a table with users on the end)

  4. Click the pencil next to the user you want to edit.

  5. Replace the value in user_pass with the MD5 value from above

  6. Click Go

MySQL Console

  1. Login to the MySQL console

    mysql -u [username] -p

  2. Enter your mysql password

  3. Select the database

    USE [wordpress_database];

  4. Update the table (replace wp_users table with your users table name)

    UPDATE wp_users SET user_pass='MD5_FROM_ABOVE' WHERE user_login='USER_NAME_OF_USER';

Make sure you replace the values above with the correct ones from your database. If you need to find the tables in your database to determine your user table name, use:

SHOW TABLES;

Conclusion

The password for the WordPress user has now been reset. The user should be able to login again. When the user does login, WordPress will change the hash and it will no longer look like the MD5 hash you generated. This is normal. WordPress also offers several other emergency methods of changing passwords. You can read about them here.