If you’ve gotten locked out of your WordPress instance, you can always reset your password by manually editing the table that it uses to store passwords in, provided you have access to the MySQL database.
Reset the Password from MySQL
WordPress runs on PHP, and uses MySQL to store data about posts, configuration, and everything else, including passwords. It stores passwords using the PHPass PHP library (though you can change this with plugins). But, because of backwards compatibility, it will still accept an MD5 hash, which is easy to generate (and definitely not secure). You can manually replace your current password with a new MD5 hash.
You’ll need to have access to MySQL to perform these steps. If you have command line access to the server, you can log in to MySQL with:
mysql -u root -p
And select the WordPress database (the name is usually defined in
wp-config.php; otherwise, you can use the
show databases command):
If you don’t have command line access (as is the case with shared hosting), you might have phpMyAdmin installed; if so, you can use that web interface to perform the same commands without SSH access.
Enter the following command, replacing
'new_password' with the password you’d like to set and replacing
'admin' with the username of the account you’re editing (which may very well be ‘admin’):
UPDATE `wp_users` SET `user_pass` = MD5( 'new_password' ) WHERE `wp_users`.`user_login` = "admin";
Your table may be named something different; if so, you can list all tables with the
show tables command.
Exit MySQL with Control+D, and verify that the password change worked by attempting to log in.
When you log in again, your password will match the newly created MD5 hash and WordPress should let you log in. WordPress will also go ahead and rehash your password using the default hashing algorithm, and update the database accordingly.
If You Don’t Have MySQL Access
If you have FTP access and the ability to modify WordPress’s files, you can reset the password this way. There should be a file called
functions.php in your active theme’s files (under
wp-content/themes/theme-name/). Download this file, and add the following line after
wp_set_password( 'password', 1 );
This will reset the password for the user with ID “1.” This resets on every page load, so you’ll want to remove it once you can regain access.
Reset with a Email Link
This does require you to have a command line mail agent like Postfix set up and working, or else WordPress won’t be able to send any emails.
On the WordPress login page, there’s a link at the bottom to trigger an email password reset. Click this, enter your email, then reset your password using the link given to you.
You can use this method to trigger password resets for other users, too; just enter their email instead, which will send them the link to reset their own password.