Help! I’m Locked out of WordPress


There’s nothing scarier than trying to log into your WordPress site and realizing you are unable to do so.  Honestly, it happens for one of a few reasons: we forget our password, we’ve given our account to someone else and they’ve forgotten the password, or an unsavory individual has gotten access to your account and has now locked you out.  Any of these examples are possible, and they’ve all happened to every good web administrator at least once.

The first step, as with most things, is not to panic.  Luckily we have a few options that we can fall back on in case the worst case happens and we find ourselves locked out of WordPress.

There are three ways that we can regain access to our site.

Method 1: Password Reset via Email

The first method is very simple, and most of the time will suffice in the majority of cases.  Visiting the log-in screen will show two links under the login box – the first one is a “Lost your Password?” link.

Clicking on that link will take you to a page that will allow you enter your username and reset your password.

Note: UnderstandWP uses WooCommerce, which takes over the default action. The above screenshot is from a site without WooCommerce and shows the default experience.

Doing this will send an email to the address on file and will allow you to click on a – temporary – link to reset your password through the system.

If you have access to the email account, then it’s a fantastic way to reset your password quickly and easily.  However, for more extreme cases, such as lost access to that email account, there are other ways.

Method 2: Have another admin reset the password

If you have another administrator account in your site, the obvious solution would be to have them reset your password for you.  Most administrators don’t realize that they have this power, and may not know how.

Simply have the second administrator head to Users > All Users and click on the username in question.  Scrolling down will bring them to the “New Password” and “Repeat New Password” fields.  Fill them in, and you should be able to log in.

Method 3: Changing the password through MySQL

If you don’t have any other administrators, or don’t have access to the email address that you signed up for the account with, then there is a – more complicated – plan B: going into the database via phpMyAdmin or the command line interface and resetting the password.  It’s a bit convoluted, so let’s walk through the steps.

Setting the password through the Command Line

This one requires a bit of code-fu, but if you’re comfortable doing so, you can actually change the password by logging into your server via SSH and logging into MySQL from the command line:

mysql -u username -p
(enter password)
use database; // this is your WordPress database
select ID, user_login, user_pass FROM wp_users; // if you use a different WordPress prefix, use that instead
UPDATE wp_users SET user_pass = MD5('"(new-password)"') WHERE ID = (id#-of-account-you-are-reseting-password-for) ; // sets the password

The password is encrypted via an MD5 hash and then saved to the database.

Setting the password through phpMyAdmin

  1. Log into phpMyAdmin.
  2. Select the database of your WordPress site on the left.
  3. You should see the tables appear in the left hand column.  You’re looking for the ‘wp_users’ table.  If you don’t see it, look for one with ‘xx_users’ – you may be using a different WordPress prefix.
  4. Click the “Browser” link or icon.
  5. Find your username in the right-hand content area and look for the Edit link or icon (it may be shaped like a pencil).
  6. You’ll see a list of your user information pop up.  Delete all of the text in the “user_pass” area.  Type in what you want your password to be.  The drop down menu next to it will have a lot of options.  Select “MD5” from that list.
  7. Click “Go” on the bottom right.
  8. Verify your new password does indeed work.