Have you ever lost your WordPress admin password and not been able to recover it? This has happened to me once or twice in the past. It happened again today, I just completely forgot the password. Trying to recover it using my email address didn’t work either.
So naturally I went snooping around the database of the site to find my password. (Oh, it’s probably important to mention that this solution only works if you have access to the databases of the site you are trying to log in to…).
I found what I was looking for very quickly. WordPress stores user information in the “users” table. Below is a screenshot of the table when viewed in phpMyAdmin:
The information (password) is stored in the “user_pass” field. As you can see the information in that field is just a mix of letters and characters. That is because WordPress encodes your password in MD5 Hash before saving it. This is to make your password more secure.
So recovering your actual password isn’t really possible. There are a few M5 Hash “reversal” tools that i came across on Google, but none of these proved to be successful.
What you can however do is change the password. To do this, you need to think of a new password, encode it to MD5 hash, and then overwrite the old MD5 Hash in the users table with the new one.
Let’s take an example: Suppose you want to change your password to “guy23″. You can use the MD5 Hash generator to convert your new password to MD5 hash. Once you converted the password, log in to your phpmyAdmin and open the users table for editing. Now edit the table, overwriting the current data in the user_pass field with the new MD5 Hash you just generated (Make sure you edit the correct user!). Update/save the table data.
And that’s it. You can now log into your WordPress account using the “guy23″ password you created.
Jeffry Degrande
15-07-2008 at 1:24 am // PermalinkI have this happening to me all the time.
another method is to save something like this in a file, upload it to the root of your wordpress install and then just call the url:
include ‘wp-config.php’;
include ‘wp-includes/registration.php’;
wp_update_user (array (’ID’ => 1, ‘user_pass’ => ‘foobar’));
saves you the trouble of having to generate an md5 hash
Cobus // AUTHOR
15-07-2008 at 8:57 am // Permalink: Thanks! Never thought of that…Its definitely a quicker way of doing it.
Would it work to have something like this:
wp_update_user (array (’user_login’ => ‘admin’, ‘user_pass’ => ‘foobar’)); ??
Then you don’t even have to know the ID for the user..
Will give this a try next time I forget a password
Victor Julian
17-07-2008 at 2:04 pm // PermalinkI use Roboform to remember all my passwords and it works great. Plus Firefox remembers them too so I get double luv…
Another trick is to use a weird username that no one could figure out and an easy to remember password, then, use the same user/pass combination for all your Wordpress sites…
Jeffry Degrande
17-07-2008 at 8:00 pm // PermalinkThat won’t work, wordpress will create a new user using that username. You could do something like this though:
$id = username_exists ($user);
if (!is_null($id))
wp_update_user (array (’ID’ => $id, ‘user_pass’ => $password));
Cobus // AUTHOR
17-07-2008 at 10:45 pm // Permalink: Thanks, yeah that makes sense, will give it a try sometime!
Davie
23-10-2008 at 2:06 am // PermalinkI’m just an ordinary guy not techinical..
My son made himself Administrator n me a limited user but has forgotten his password.
How do I (can I) get my Administrative rights back and unlock his password please?
My pc is running XP Pro Service Pack 2.
TIA
Cobus // AUTHOR
23-10-2008 at 10:11 am // Permalink: Only the administator can change user rights. Your best bet would be to follow this article.
Taylore Vance
05-11-2008 at 5:01 am // PermalinkI found you by googling the problem…
Background: I hired someone to make these sites and they have disappeared with my wp-blog password and now I would like to get into the sites to add Blogs…
I can get into the cpanel for the sites… but what to do next???
I’m not a techie — I need a starting point from the c-panel or someone to do it for me..
Thanks,
Taylore
Davie
05-11-2008 at 1:28 pm // PermalinkHi Cobus,dont I need to be the administrator to access this?This is what I’m attempting to get back,my administrative rights but as I’m a “user” not admin I cant get in to change me back
Cobus // AUTHOR
05-11-2008 at 2:20 pm // Permalink: No, you do not need to be administrator to do this. This is not done inside WordPress, but through phpMyAdmin, which is a database manager.
You’ll find phpMyAdmin in your hosting package’s control panel.
Make sense?
Davie
07-11-2008 at 6:45 pm // PermalinkHi Cobus,I dont have a clue as to what to do,I need a step by step formula.
Can u help pls?
Cobus // AUTHOR
10-11-2008 at 11:08 pm // Permalink: Did you get the email i sent you?