In some situations, either due to a forgotten password or account compromise, the administrator can lose access to the WordPress dashboard.
Fortunately, there are reliable ways to reset the password, either with WP-CLI or directly through the database.
Using WP-CLI
If WP-CLI is installed on the server, password reset is quick and simple. If it is not installed yet, check the official documentation first.
List existing users:
php wp user listIdentify the user ID and run:
php wp user update USER_ID --user_pass="NEW_PASSWORD"Done. The user can now log in to wp-admin with the new password.
Using the database
If WP-CLI is unavailable, you can reset the password directly in the WordPress database.
Find the database name in your config:
grep DB wp-config.phpConnect to MySQL/MariaDB:
mysql -u DB_USER -pDB_USER: database username configured in WordPress.
After entering the password, if login succeeds you should see:
MariaDB [(none)]>Select the correct database:
use DATABASE_NAME;List tables to identify your prefix:
show tables;Example with wp_ prefix:
| wp_users |
| wp_posts |
| wp_options |
...Find the admin user:
select user_login from wp_users WHERE ID = '1';Warning: In non-hardened installations, ID 1 is often the admin user.
Expected output:
+-------------+
| user_login |
+-------------+
| username |
+-------------+
1 row in set (0.001 sec)Set a new password (using MD5 for emergency recovery convenience):
UPDATE wp_users SET user_pass = MD5('newPassword123') WHERE user_login = 'username';If successful:
Query OK, 1 row affected (0.001 sec)
Rows matched: 1 Changed: 1 Warnings: 0You can now log in to the WordPress admin panel with the updated password.
Warning: After database reset, change the password again from the WordPress dashboard so WordPress can store it using a stronger modern hash.
This post is licensed under CC BY-NC.
Comments
Join the discussion below.
Comments are not configured yet. Add Cusdis settings in /assets/json/config/blog-comments-config.json.