Blog

Changing a lost WordPress password

Posted on July 14, 2008 in WordPress

Have you ever lost your WordPress admin password and not been able to recover it? This has happened to me once or twice in the past. It happened again today, I just completely forgot the password. Trying to recover it using my email address didn’t work either.

So naturally I went snooping around the database of the site to find my password. (Oh, it’s probably important to mention that this solution only works if you have access to the databases of the site you are trying to log in to…).

I found what I was looking for very quickly. WordPress stores user information in the “users” table. Below is a screenshot of the table when viewed in phpMyAdmin:

WordPress database - users

The information (password) is stored in the “user_pass” field. As you can see the information in that field is just a mix of letters and characters. That is because WordPress encodes your password in MD5 Hash before saving it. This is to make your password more secure.

So recovering your actual password isn’t really possible. There are a few M5 Hash “reversal” tools that i came across on Google, but none of these proved to be successful.

What you can however do is change the password. To do this, you need to think of a new password, encode it to MD5 hash, and then overwrite the old MD5 Hash in the users table with the new one.

Let’s take an example: Suppose you want to change your password to “guy23″. You can use the MD5 Hash generator to convert your new password to MD5 hash. Once you converted the password, log in to your phpmyAdmin and open the users table for editing. Now edit the table, overwriting the current data in the user_pass field with the new MD5 Hash you just generated (Make sure you edit the correct user!). Update/save the table data.

And that’s it. You can now log into your WordPress account using the “guy23″ password you created.

Share:
  • Digg
  • del.icio.us
  • MisterWong
  • Reddit
  • StumbleUpon
  • NewsVine
  • Technorati

Trackback URL

12 Comments:

  1. Jeffry Degrande

    Jeffry Degrande

    15-07-2008 at 1:24 am // Permalink

    I have this happening to me all the time.

    another method is to save something like this in a file, upload it to the root of your wordpress install and then just call the url:

    include ‘wp-config.php’;
    include ‘wp-includes/registration.php’;

    wp_update_user (array (’ID’ => 1, ‘user_pass’ => ‘foobar’));

    saves you the trouble of having to generate an md5 hash

  2. Cobus

    Cobus // AUTHOR

    15-07-2008 at 8:57 am // Permalink

    : Thanks! Never thought of that…Its definitely a quicker way of doing it.

    Would it work to have something like this:

    wp_update_user (array (’user_login’ => ‘admin’, ‘user_pass’ => ‘foobar’)); ??

    Then you don’t even have to know the ID for the user..
    Will give this a try next time I forget a password :)

  3. Victor Julian

    Victor Julian

    17-07-2008 at 2:04 pm // Permalink

    I use Roboform to remember all my passwords and it works great. Plus Firefox remembers them too so I get double luv…

    Another trick is to use a weird username that no one could figure out and an easy to remember password, then, use the same user/pass combination for all your Wordpress sites…

  4. Jeffry Degrande

    Jeffry Degrande

    17-07-2008 at 8:00 pm // Permalink

    That won’t work, wordpress will create a new user using that username. You could do something like this though:

    $id = username_exists ($user);
    if (!is_null($id))
    wp_update_user (array (’ID’ => $id, ‘user_pass’ => $password));

  5. Cobus

    Cobus // AUTHOR

    17-07-2008 at 10:45 pm // Permalink

    : Thanks, yeah that makes sense, will give it a try sometime! :)

  6. Davie

    Davie

    23-10-2008 at 2:06 am // Permalink

    I’m just an ordinary guy not techinical..
    My son made himself Administrator n me a limited user but has forgotten his password.
    How do I (can I) get my Administrative rights back and unlock his password please?
    My pc is running XP Pro Service Pack 2.
    TIA

  7. Cobus

    Cobus // AUTHOR

    23-10-2008 at 10:11 am // Permalink

    : Only the administator can change user rights. Your best bet would be to follow this article.

  8. Taylore Vance

    Taylore Vance

    05-11-2008 at 5:01 am // Permalink

    I found you by googling the problem…

    Background: I hired someone to make these sites and they have disappeared with my wp-blog password and now I would like to get into the sites to add Blogs…

    I can get into the cpanel for the sites… but what to do next???

    I’m not a techie — I need a starting point from the c-panel or someone to do it for me..
    Thanks,
    Taylore

  9. Davie

    Davie

    05-11-2008 at 1:28 pm // Permalink

    Hi Cobus,dont I need to be the administrator to access this?This is what I’m attempting to get back,my administrative rights but as I’m a “user” not admin I cant get in to change me back

  10. Cobus

    Cobus // AUTHOR

    05-11-2008 at 2:20 pm // Permalink

    : No, you do not need to be administrator to do this. This is not done inside WordPress, but through phpMyAdmin, which is a database manager.
    You’ll find phpMyAdmin in your hosting package’s control panel.

    Make sense?

  11. Davie

    Davie

    07-11-2008 at 6:45 pm // Permalink

    Hi Cobus,I dont have a clue as to what to do,I need a step by step formula.
    Can u help pls?

  12. Cobus

    Cobus // AUTHOR

    10-11-2008 at 11:08 pm // Permalink

    : Did you get the email i sent you?

Hi Stranger, leave a comment: