Have you ever lost your WordPress admin password and not been able to recover it? This has happened to me once or twice in the past. It happened again today, I just completely forgot the password. Trying to recover it using my email address didn’t work either.
So naturally I went snooping around the database of the site to find my password. (Oh, it’s probably important to mention that this solution only works if you have access to the databases of the site you are trying to log in to…).
I found what I was looking for very quickly. WordPress stores user information in the “users” table. Below is a screenshot of the table when viewed in phpMyAdmin:
The information (password) is stored in the “user_pass” field. As you can see the information in that field is just a mix of letters and characters. That is because WordPress encodes your password in MD5 Hash before saving it. This is to make your password more secure.
So recovering your actual password isn’t really possible. There are a few M5 Hash “reversal” tools that i came across on Google, but none of these proved to be successful.
What you can however do is change the password. To do this, you need to think of a new password, encode it to MD5 hash, and then overwrite the old MD5 Hash in the users table with the new one.
Let’s take an example: Suppose you want to change your password to “guy23″. You can use the MD5 Hash generator to convert your new password to MD5 hash. Once you converted the password, log in to your phpmyAdmin and open the users table for editing. Now edit the table, overwriting the current data in the user_pass field with the new MD5 Hash you just generated (Make sure you edit the correct user!). Update/save the table data.
And that’s it. You can now log into your WordPress account using the “guy23″ password you created.
I have this happening to me all the time.
another method is to save something like this in a file, upload it to the root of your wordpress install and then just call the url:
include ‘wp-config.php’;
include ‘wp-includes/registration.php’;
wp_update_user (array (‘ID’ => 1, ‘user_pass’ => ‘foobar’));
saves you the trouble of having to generate an md5 hash
@Jeffrey: Thanks! Never thought of that…Its definitely a quicker way of doing it.
Would it work to have something like this:
wp_update_user (array (’user_login’ => ‘admin’, ‘user_pass’ => ‘foobar’)); ??
Then you don’t even have to know the ID for the user..
Will give this a try next time I forget a password
I use Roboform to remember all my passwords and it works great. Plus Firefox remembers them too so I get double luv…
Another trick is to use a weird username that no one could figure out and an easy to remember password, then, use the same user/pass combination for all your Wordpress sites…
@cobus That won’t work, wordpress will create a new user using that username. You could do something like this though:
$id = username_exists ($user);
if (!is_null($id))
wp_update_user (array (‘ID’ => $id, ‘user_pass’ => $password));
@Jeffry: Thanks, yeah that makes sense, will give it a try sometime!
I’m just an ordinary guy not techinical..
My son made himself Administrator n me a limited user but has forgotten his password.
How do I (can I) get my Administrative rights back and unlock his password please?
My pc is running XP Pro Service Pack 2.
TIA
@Davie: Only the administator can change user rights. Your best bet would be to follow this article.
I found you by googling the problem…
Background: I hired someone to make these sites and they have disappeared with my wp-blog password and now I would like to get into the sites to add Blogs…
I can get into the cpanel for the sites… but what to do next???
I’m not a techie — I need a starting point from the c-panel or someone to do it for me..
Thanks,
Taylore
Hi Cobus,dont I need to be the administrator to access this?This is what I’m attempting to get back,my administrative rights but as I’m a “user” not admin I cant get in to change me back
@Davie: No, you do not need to be administrator to do this. This is not done inside WordPress, but through phpMyAdmin, which is a database manager.
You’ll find phpMyAdmin in your hosting package’s control panel.
Make sense?
Hi Cobus,I dont have a clue as to what to do,I need a step by step formula.
Can u help pls?
@Davie: Did you get the email i sent you?
Hi, Cobus, there are some letters like “Q, G” in the “user_pass” field. But if it is the MD5 Hash encryption, the “Q, G” or some else should not be generated.
There is my plan: Set up a new account, use a simple password like “111″. And you can use the phpMyAdmin to find this account’s “user_pass” field’s value. And copy this value to your forgotten account’s “user_pass” field. The conclusion is your forgotten account’s password will be reset to the same as the new one.
By the way, your web is an awesome job! It is beautiful!
I found an answer on why there are some “Q, G” in the “user_pass” field.
When we logon once, it will translate to MD5 code to it..
Thank you – had a client forget their p/w – this was a life saver!
That save me from trouble
Oh God.. You’re a lifesaver.. I accidently forgot my password, it’s still wordpress installation default password. Unfortunately I can’t retreive it cause I’m still in development phase in localhost. I’m wasting my time for hours trying to setup the smtp mail function with no luck before finding your post.. Your solution only takes me less than a minute, and finally i’m able to logging in.. Thanks mate.. so much appreciate it..
Thanx for the post, it works great!!!