Most Popular Tricks to Recover Your Lost WordPress Password

Whether you have a single WordPress site or manage several, there may have been a time or two when you found yourself Googling recover WordPress password. Over the past decade, I’ve probably had about 100 WordPress sites. And even though I use a password manager and keep a spreadsheet with all login and database passwords and usernames, I have found myself in this situation more than once.

I’ve had to reset or recover my WordPress password several times, and each time I need to search out the steps on how to do it. Perhaps writing this out will have a twofold effect. It will help me remember all the steps, and it will give you the info you need as well.

Because face it, that sick feeling we get when we realize we can’t log in to our site’s admin panel is terrible, and the quicker we can deal with it the better.

Thankfully, there are a few solutions to reset or recover WordPress passwords. Some might be more complex than others, but it can be done. So don’t panic! We’ve all done it. This is probably why WordPress has provided a way to recover them.

So follow along and I will provide you with all the details you need to know to change, reset, and recover WordPress passwords. And I’ll probably throw in some other best practices when it comes to passwords as well. Because in this day and age, cybersecurity is more important than ever.

Table of Contents

Recover WordPress Password: Option 1
Option 2: Other Admin Users Can Change Your Password
Option 3. Use phpMyAdmin or MYSQL Database to Reset Password
Option 4. Reset Password in Functions.php using FTP
Follow These Best Practices & Skip the Need to Recover WordPress Passwords
How to Change, Not Recover WordPress Passwords

Recover WordPress Password: Option 1

The quickest and easiest way to get back into your admin isn’t a recover WordPress password option at all. It’s an option to change or reset your password.

It should be pointed out that these methods won’t help you recover a WordPress password, since there isn’t a way to do that. WordPress used to make this very clear when you installed a site, but unfortunately, they’ve removed their warning that keeping your password is important and your responsibility.

Again, the following methods won’t tell you how to recover WordPress passwords. They are steps to reset a password. I’ll reiterate that throughout.

This first option is done on your login page. Once done, WordPress will send an email to your admin address that contains a URL to a password reset page.

WordPress Get New Password Option

Here are the steps.

1. Go to your login page. This can be found at your domain. Simply replace example.com in the following with your domain name instead.  

2. On your login page, below the form, look for the Lost Your Password link. Click on it and you will be redirected to a password reset page. 

3. Now that you have been redirected to the password reset page, you’ll need to enter one of two things. You have the option of using your WordPress username or your admin email address. Enter your info and click the Get New Password button.

4. Assuming you have provided the necessary info, you’ll get a password reset email. Simply follow the given instructions and with your new password, you’ll be able to log back into your site.

Once you have that done your first step should be writing down and saving your new password somewhere and making sure you know where it is. And if you have multiple users—are you using WPBlazer’s user management tool?—be sure the new password is passed on to whoever may need it.

As you can see, this is a quick and easy way to recover WordPress passwords. But it does come with some drawbacks.

• In order for this option to work, you need to know your username and the email address you used when you created the site. Or when you last changed your information. Without this information, you cannot reset your password and get back into your account using this method.
• If you remember what email address you used but you no longer have access to it, this method won’t work.

If you are impacted by either of the two above-mentioned issues, don’t worry. All is not lost.

Option 2: Other Admin Users Can Change Your Password

This option will only work if you have more than one person with administrator rights to your site. If not, move on to option 3.  And again, instead of enabling you to recover WordPress passwords, these steps will help you to reset it.

Contact your associate with administrator status and ask for their assistance. Here are the steps.

1. Ask your other admin user to log into the site and from the WP dashboard, go to Users > All Users. From there, they need to click on the edit link under your username.

2. Once on your profile page, they will need to scroll down to the Account Management section of the page. Get them to click the Set New Password button and it will auto-generate something new. Or you can have them input a password of your choice. If they use the auto-generate option, make sure they copy the password and then get it to you in whatever secure manner you choose.

3. Finally, and this is up to you, but to be totally secure, I would take one more step. Log in with the password your user has provided and then change it again. You may trust your user or employee to have access to your admin now, but you have no guarantee you will in the future. Create and save a new password that only you know.

Option 3. Use phpMyAdmin or MYSQL Database to Reset Password

Note, this is another option to reset your password. This method will not help you recover a WordPress password.

Before you go any further, it is important to have a complete backup of your site, databases, and all. There are several methods to do this, but I recommend the backup feature included in WPBlazer.

1. Locate your database. The examples in this method will use phpMyAdmin.

Go to your host’s cPanel—or whatever panel they use—and scroll down to the Databases section. From there, select phpMyAdmin.

2. Find the correct database. If you’re like me, you’ll have a whole column of databases in a left sidebar. Or you may have just the one. If you have multiple databases, it is imperative that you edit the right one.

If you know your database, you can skip this part and jump to the next. If you don’t, you can find it via FTP or via the File Manager in your cPanel.

Here are the steps to use FTP

Highlight the wp-config.php with your mouse and then right-click. Choose edit and then open with whatever text editor you have installed on your computer.

Once you have the file open, scroll down until you find the following lines.

You will find your database name on the define line, between the single quotes. Note that and close out of the file. If it asks you to save changes, DO NOT save any changes. Nothing should have been changed.

Steps to use File Manager

Open your host’s cPanel or whatever panel they use. In cPanel, you want to look for your Files section. From there, select File Manager.

File Manager will open on a new page. In the left-hand menu, scroll down until you find the directory for the website you need to reset your password for. Click on it, and it will open the directory.

In the right-hand column, scroll down until you find the wp-config.php file. Right-click the file and select View. Once you open it, use the same steps listed above in the FTP walkthrough to find your database name. Close the file when done.

Now you’re ready to reset your password in the correct database.

Click on the + sign beside your database name in the left sidebar column and the directory will inflate. Now scroll down and select the wp_users file. Note that if you have changed your database prefix to tighten your WordPress security, you might have something other than wp_. Just choose whatever you have there.

Next, select Edit.

3. You can reset or change your password here. You’ll see your user_pass on this page, with a long string under the value. Unless you generate really long passwords, you’ll know right away that this isn’t your current password. But if you do, you might think you’re done. All you need to do is copy that down.

Don’t bother. This is not your password. It is an encrypted version of your password. Just forgot about that and follow the steps here. Remember, you cannot recover your WordPress password.

Highlight and delete that long string of letters and numbers, and then create a new password for yourself. Make it a strong password and either write it down or copy/paste it to a text editor for the time being.

4. The final step is to encrypt your new password. To do this, you use the pull-down menu to the left of your password, under the function column. Select MD5.

Now that you’ve entered your new password, click Go at the bottom of the page.

Before you do anything else, save your password wherever and however you save them. I recommend a password manager, which will also save you in the future from misplaced passwords. More on that below.

Now log into your WordPress admin using your new password.

Option 4. Reset Password in Functions.php using FTP

As the name of option 4 suggests, this is another method to reset not recover a WordPress password.

To be able to use this method, you need to know the name of the theme you currently have activated. WordPress comes installed with a few default themes and users typically add several of their own.

You also need to know your user ID. If you are the original admin, and you’ve never changed it, it will be the default 1. But if you have changed it for security purposes, you need to know what number you changed it to.

Make sure you know what theme your site uses and your ID before moving ahead with this method. If you don’t, use one of the other methods to reset or recover your WordPress password.

Your functions.php is one of the core WordPress files. However, there are more than one of these files in the WordPress directory and you don’t want to edit the wrong one. For the purpose of this tutorial, you want to use the functions.php that is found within your theme’s directory.

And yes, before you go any further, I want you to do a backup if you haven’t done so already.

There are a few ways to access this file, including your host’s cPanel, but I’ll use FTP.

1. Log into your server via FTP. Find the directory for your site which will be under your domain name. From there, access the wp-content directory. Then >Themes >Your current theme directory.

You will find your functions.php file in your theme directory. In my case, my current theme is Altitude-Pro.

2. Add the following code to the top of your functions.php.

wp_set_password(‘1a2b3c4d, 1’)

In the above sample, 1a2b3c4d would be your new password and the number 1 is your user ID. Be sure to set a strong password and note it somewhere.

Add it just within your opening

3. Once you have added that line, close and save the file. It should automatically upload to your site, but you may need to wait a few moments. Your FTP software should tell you when the job is done.

4. Now try logging into your site via your admin dashboard at /wp-admin. If all went well, you will be able to log in.

5. Undo the changes you made to your functions.php file. Access it again using the same steps as above and simply delete the line you added in the last step. Once done, again save and upload the file to your server.

So there you have it. I know you came here looking for a way to recover WordPress passwords, but you’ve learned how to reset one instead. But you can still extract yourself from what could have been an emergency.

But what if you’re not worried about how to recover WordPress passwords? What if you’re more concerned about basic best practices for password management? Or maybe WordPress password security.

Since you’re here, let’s dive into those issues too.

And remember, if you follow some of these guidelines, you’ll never be in a position to need to recover your WordPress password in the first place. Maybe. There are no guarantees!

Follow These Best Practices & Skip the Need to Recover WordPress Passwords

They say that experience is the best teacher. If you’ve ever found yourself anxiously trying to find out how to recover WordPress passwords, you know you never want to go through that again. And if you follow these practices with every WordPress site you install and set up—or even when you change your passwords—you hopefully never will.

WordPress developers themselves have a list of best practices they provide in a support article.

Here are the highlights.

First, start with a strong password. Always.

• Your password should be 20 or more characters
• Always use a combination of upper and lower case letters
• Include numbers
• Include special characters. These could be question marks, asterisks, exclamation marks, and more.
• I also never use real words in my password, just jumbled letters

Here is an example of a strong password.

Never include the following in your passwords:

I mentioned above that I never use actual words in my passwords. Some may feel that’s extreme. However, here are some words that someone could easily guess would be part of your password.

• The names of any immediate family members
• The name of your dog, cat, rabbit, snake . . . whatever
• The name of your company
• Your favorite sports team, musician, car . . . Any known favorites
• The year you were born
• Your birthday
• Your street number or street and unit number

An example of bad passwords would be:

Assuming you do want to use words, there are also several generic words you should avoid. Words like:

• Admin
• Administrator
• Pass
• Password
• Black
• Boat
• Car

Basically, any common words should be avoided. Especially if they mean something to you.

Avoid common numerical sequences such as:

• 12345
• 54321
• 2468
• 1379

A combination of a common word and number sequence would also be a very bad idea. Something like the following should be avoided:

If you don’t follow these practices, the least of your worries would be how to recover WordPress passwords. You could be dealing with a hacked site instead.

The next thing you should always do is keep track of everything.

Keep track of your passwords.

The reality is, following all the above guidelines means you have little chance of remembering a 20 plus character string of letters and numbers that have no meaning to you. And therefore, are harder for you to remember. People use easy to remember words and numbers, so they’re never faced with the anxiety of having to recover a WordPress password. Or any password. But this is dangerous.

The best way to keep track of your passwords is by using a password manager. And despite the name, they do more than just manage. Most, if not all of them, will also generate strong passwords for you.

Password managers will also keep your passwords secure. If you jot your passwords down on sticky notes, keep them in a lined pad somewhere in your desk, or even on a spreadsheet, all of these methods are prone to security breaches. And getting lost. And one day you’re desperately trying to find out how to recover a WordPress password.

All passwords are stored behind a complex master password, and depending on how you set your preferences, they can fill in usernames and passwords as soon as you land on the URL that matches them. So much simpler the hunting for your password—and potentially not finding it.

I have used Roboform for years. Here is an example of logging in somewhere I have saved a password. Since there are two options on this page, each with a different login, I’m shown both and asked to choose. If there were only one option on this page, I have it set up to automatically fill in my password and log in.

There are other password managers to choose from, including:

• 1Password
• KeePass
• LastPass

In some cases, you’ll be able to set up a free account for a small number of passwords, but most of us have many passwords.

This leads me to another point. Never, ever, ever use the same password for multiple accounts. That is just asking for trouble. And suddenly your least worry is how to recover your WordPress password. It’s going to be worrying about someone having access to your bank account because some company you do business with got hacked and your password was stolen. The same password you use for some obscure online account and your bank.

Let me repeat this because it is very important.

Do not use the same password for more than one account. Especially if it’s the likes of JohnDoeDodgers.

If you are diligent and follow these best practices, you will never have to concern yourself about how to recover your WordPress password. You will always have it on hand.  

How to Change, Not Recover WordPress Passwords

So what if you’re not in a situation where you need to recover WordPress passwords, you just need or want to change your password?

Actually, you should include this as one of your best practices. Try to change your password at least two or three times a year. And you should probably do this with all of your accounts, not just WordPress.

Simply changing your password is easy. We touched on it above when discussing one of the ways to recover a WordPress password. But this time, you do it yourself, not another admin.

Simply go to your Admin dashboard and go to Users > Profile. Scroll down to the Account Management section and choose Set New Password. This will automatically create and set a new strong password that meets all the criteria mentioned above. Of course, you can override the generated password and create your own strong password if you choose to. When you’re done, scroll down to the end of the page and click Update Profile.

Wrapping Up

Password management and security are critical. And not just because you never want to be in a situation where you need to recover your WordPress password. And as you’ve probably figured out by now, there is no way to recover WordPress passwords.

There are a lot of working parts when it comes to WordPress. Why not use something like WPBlazer to simplify your tasks?