Join Jeff Starr for an in-depth discussion in this video Change and recover passwords, part of WordPress: Developing Secure Sites .
- [Instructor] If you ever lose your password, that's okay, don't panic. There are several effective ways to retrieve and reset lost passwords. In this video, we'll show you three quick methods for recovering forgotten WordPress passwords. In general, there are three ways to reset the password for any WordPress user. Method one, change the password via the User Profile page. Method two, change the password via the Lost Password page, or method three, change the password directly via the WordPress database.
Let's go through each of these methods beginning with the simplest. Method one, change your password via the User Profile page. The first and easiest way to change your password is to login to the admin area and visit the User Profile page. For example, to change the password for WordPress User, we click on the Edit link, scroll down and click to generate a new password. This works great, but what if you can't login to the admin area? If you forget your password, it's going to be pretty hard to login and change it, so let's try method two.
Method two, change your password via the Lost Password page. If you forget your WordPress password and are unable to login to change it, simply navigate to the Lost Your Password screen which by default is located at this URL. An easy way to get there is by clicking the Lost Your Password link from the login page. Here on the password reset screen, enter your username or e-mail address, and click Get New Password. Then check your e-mail for a link to reset your password.
If you don't see the e-mail immediately, check your spam folder. If you're not seeing the e-mail in your spam folder, or if you no longer have access to the registered e-mail address, it's gonna be impossible to change your password using this method. In that case, it's time to bring out the big guns with method three. Method three, change your password via the WordPress database. The third way to change a password is to modify the database directly, so it's a surefire solution. All that's needed is a way to interact with the database.
Here we'll be using the incredibly useful phpMyAdmin, which is readily available on most servers. To change your password, click on the users table. Then locate the user and click on the Edit link. Then go to the user_pass field. Notice this long string of random looking text? That's the MD5 encrypted version of your current password. You know, the one you forgot. To change it, enter the plain text version of your new password.
Then in the drop-down menu, select the MD5 option. This option instructs the software to encrypt your new password with some fresh MD5 hash. Finally, we click the Go button to make it so, and that's all there is to it. Our new password is now ready to use. Just return to the login page, and login using the new password. We've successfully changed our password directly via the database which will definitely save the day when all else fails.
In this video, we've seen three quick and efficient methods for changing user passwords. These techniques will help you regain control if someone should hijack your site and change your password, or if you just want to change your password on any occasion.
- Backing up and restoring your site
- Setting up strong passwords
- Understanding users and roles
- Choosing trusted plugins and themes
- Changing and recovering passwords
- Configuring authentication keys
- Securing the login page
- Fighting spam in the comments
- Blocking access and detecting hacks
- Building a firewall for WordPress
- Detecting and blocking bots
- Auditing your WordPress security