Losing access to your WordPress administrator account can feel like a critical emergency, but it is a problem with several reliable solutions. This guide walks through the standard methods to recover admin password, from simple resets to manual database updates, ensuring you regain control quickly.
Understanding WordPress Password Security
WordPress does not store your actual recover admin password in the database for security reasons. Instead, it stores a cryptographic hash, making it impossible to retrieve the original password directly. When you use the standard reset flow, the system generates a new, random string and replaces the old hash, effectively changing the credentials without ever revealing the original.
Using the Lost Password Feature
The most common and recommended method to recover admin password is through the built-in Lost Password feature. This process is designed to verify your identity before granting access to the reset page. Follow these steps to use it effectively.
Step-by-Step Reset via Login Page
Navigate to your WordPress login page, typically yoursite.com/wp-admin. Click on the "Lost your password?" link located beneath the password field. You will be prompted to enter the username or email address associated with the administrator account. After submission, WordPress will send a secure link to the email address on file, allowing you to create a new password instantly.
Accessing WordPress Through phpMyAdmin
If you cannot access the recovery email or the user email on file is outdated, you will need to interact directly with the database. This method requires access to your hosting control panel, such as cPanel, where you can open phpMyAdmin to manually update the password hash.
Manual Password Update via SQL Query
Once inside phpMyAdmin, select the WordPress database from the left sidebar. Locate the wp_users table (the prefix may vary if you changed it during installation). Find your administrator username and click the "Edit" pencil icon. In the user_pass field, delete the existing hash and type your new, strong password. From the dropdown menu in the same row, select MD5, and then click Go. The system will store the new MD5 hash, immediately updating your recover admin password.
Creating a Custom Reset Plugin
For users managing multiple sites or preferring a programmatic approach, creating a small custom plugin is an efficient way to handle a reset without external tools. This method adds a custom endpoint or button to the admin bar, streamlining the process for future incidents.
Code Implementation for Immediate Reset
You can add a function to your theme's functions.php file or a custom plugin that changes the password for a specific user ID. This involves using the wp_set_password() function, which securely hashes and updates the credentials. Ensure you remove this code immediately after use to maintain the security of your installation.
Using FTP to Modify User Data
If database access is restricted and you cannot receive emails, FTP access provides another avenue to force a password reset. By temporarily adding a function to your active theme's functions.php file via file manager, you can trigger a password change the next time you log in normally.
Forced Reset via Theme Functions
Connect to your server using an FTP client, navigate to wp-content/themes/your-active-theme, and download the functions.php file. Add a snippet that checks for a specific URL parameter and updates the password for your admin user ID. Re-upload the file, visit your site with the parameter in the URL to trigger the change, and then remove the snippet to restore normal security.
