UPDATED: February 2011
Please note that this post is rather outdated and might not work anymore.
If you, like me has one blog too many and some of them haven’t been touched for months, chances are you would have forgotten your WordPress Admin login password. The ideal solution, of course is to send an email to WordPress and have them send you a replacement password, but in my case last night, I can’t even recall the email address I used for that particular blog. What can you do in situations like this?
You can replace your password manually using the PHPmyadmin panel in your cPanel.
Log in to your cPanel, click on the PHPmyadmin icon to open phpMyAdmin. On your left panel you will see all you blogs database. If you have more than one, choose the one that you want the password replaced. You will then be presented with all the your database tables for your blog. It looks something like this. `
Click on wp-users and the right pane will open this table.
The bunch of letters and numbers under the user_pass column is your original WordPress Login password. Unfortunately it has been encrypted and stored by WordPress in something called MD5 hash for security reasons so you can’t see the real value.
Obviously, to replace your login password, you will have to replace that bunch of cryptic codes. The catch is, you too will have to encrypt your new password in the same MD5 hash format or else it will not be recognized.
There are may sites that has this encrypting script which you can use. All you have to do is to Google for the words, MD5 hash and you should find them. I used this site called, Javascript MD5. Type in your new password then hit the MD5 button. It will generate the cryptic codes for you. Copy those codes to your clipboard.
Return to your phpMYadmin – wp_users panel. Click on the pencil icon. In the table on your right, in the user_pass column, highlight the original cryptic password codes, then paste in the new codes. Hit the GO button to save.
You will now be able to log in to your WordPress Admin with your new password. When you think about it, you will shudder at the thought of how easy it is for a hacker to replace your password and play havoc with your blog. It is something beyond our control and the only solution is to choose a reliable web host.
Speaking about changing passwords, change your default admin name as well.
Where Costa has pointed out to open wp-users, while you edit the file, change admin to whatever you desire.
This way random cracking bots, and “hackers” trying to find your logging with the default admin name, would be outta luck
Good additional tip Mitco.
Are you sure present WordPress using MD5? From my understanding, only WordPress 2.7.x used MD5.
I used it for the latest WP 2.9.2
Emm…from my understanding, the basic MD5 shouldn’t come with $ and / sign.
A testing done, I’ll reset the password to “password” (without quote)
Result from WordPress User password form. -> $P$BAzXvegTAIl47cFn/24UW3/pQpTHFw1
Result from “Javascript MD5″ as suggested -> 5f4dcc3b5aa765d61d8327deb882cf99
Yes WordPress using new method now but still you can use md5 too.
Oh really? Good to hear that..
no it is not working
Hi I have been hacked and am in the process of removing the hackers password and email from my sql database in WP3.0. I am using a MD5 generator but the password is not being recognized. On another WP installation the password in the wp_config for opening the database and the MD5 generated password do not match nor does the password in the wp_config and the database currently. It looks like one method is used to encrypt the password in the database and another is used to create an encrypted password for use in the wp_config file but neither of those match the MD5 encrypted version. Any suggestions?
Sorry to hear that. It sucks when that kind of things happens.
However, sorry again as I really do not have any viable suggestions other than getting your web host for help. MD5 seems to work for some and not for others. With WP 3, I wonder if it works at all anymore.
Hope you find some workable solutions to your problems.
Just tried this without success, thanks for posting it!
Thought that perhaps ASKAPACHE PASSPRO security in htaccess file was locking me out, after commenting out htacess I STILL am locked out, fortunately this blog is not needed, only made it for a single use, but what if I DID really need it? Ideas anyone??
Google found this blog comment if anyone else has this problem:
There is an easier way. If you can’t login, but you can access your site via FTP, then just edit the theme’s functions.php file and add this code to it, right at the top after the first <?php bit:
wp_set_password(‘password’,1);
Put in your own new password for the main admin user. The “1″ is the user ID number in the wp_users table. After you then login, make sure to go back and remove that code. Don’t leave it there by any means. Simple.
Just in case anyone else runs in to this same thing, Askapache password protect plugin was the culprit. Only way in was to rename TWO htaccess files (one was in a folder). Not sure if I will EVER fool around with plugin again. Wasted an hour with the stupid thing! Dealing with the hackers might be easier than what I had to do!
Hi RevuGuy,
Thanks for all the feedback. This is a rather old post so I am really not sure the tip works anymore. I’ll update it with a note for new readers.
Thanks again.