Feature
Post

Category
Publishing


Reset a WordPress Password from phpMyAdmin

If you are managing a WordPress installation and for some reason, maybe a hacker, you no longer have access to your Administration panel using your user name and password, then it might be time to change that information using WordPress’ database.

Even if you don’t have CPanel, you should have access to phpMyAdmin. It is a simple, but powerful, application that allows you control over your databases, and can be easily used to change all kinds of information stored in the MySQL databases it manages.

Step 1: Do You Know Which Database WordPress Uses?

Before we do anything else, we have to assertain which database WordPress is using. If you only have one WordPress publishing system installed, this isn’t a problem. If you have used an automated means of installing WordPress, you probably don’t remember what database you have used.

Even worse, if you are like me and have over a dozen WordPress installations spread on a few different databases, with some using the same database, figuring out which one you need to change can be a nightmare.

The easiest way to figure out which database you are using is to FTP into your hosting, and open the wp-config.php file with a text editor. It will give you the database name, which we will use later in this tutorial.

Step 2: Getting to phpMyAdmin

MySQL Databases Link in CPanelIn a CPanel environment, you will most likely have a button called MySQL Databases. It may or may not look like the image over to the right, but none the less, it should be there somewhere.

Clicking on it will list all of your current databases, as well as other information. Don’t concern yourself with all this right now. Move to the bottom of the page, where there should be a link that says, phpMyAdmin.

Step 3: Finding Your Users

A new window will most likely have opened. It will have two panes. On the left hand side you will have a list of databases. Click on the one related to the WordPress installation we are going to work with.

Look for a table called wp_users in the left hand pane. It is usually the last item in the list.

*Note: If your WordPress table prefix is not wp_ then you will be of course looking for your custom prefix user table. You can find your prefix in the wp-config.php file.

Click on the user table link, and in the right hand pane, the information will change. At the top there should be a few links. Click Browse.

It should then look something like the following image.

phpMyAdmin WordPress User List

Step 4: Editing the Password

You will notice there is a field called user_pass. This is where the password is stored in WordPress. Find the user you want to edit, and click the pencil image next to the red X. This will allow us to edit the entry.

phpMyAdmin WordPress Edit Password

You will notice the password is strange, and not plain text. This is because for security reasons, WordPress stores the passwords as an MD5 hash.

We can’t just enter a normal text password, and should replace the MD5 hash of the password we don’t know with the MD5 hash of a password we do know.

To create an MD5 hash, I usually just search for “online MD5 hash” on Google, and come up with some great online tools for creating the result I need.

Example: Javacript MD5

In such tools, I enter what I want the password to be, click a button to process it, and it spits out the MD5 hash that I want to enter in the user_pass field.

Click Go to save the change, and then log in to WordPress using your new password.

Sidenote

If a hacker was able to change your password, or other information in WordPress, upgrading should also be one of the first things on your mind once you change your password.


  1. By Rommert posted on November 14, 2007 at 3:02 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    You might want to watch out using online MD5 generators. Most of them have a MD5 decryption service available too. When you enter a string to create the MD5 hash, the hash and the string will be stored in their database. When you enter the MD5 hash to decrypt it, it will fetch the matching string from the database, thus revealing your password.

    You could just create a php file on your server which echo’s the MD5 hash to the file using the md5() function.

  2. By Stefano Aglietti posted on November 14, 2007 at 3:08 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Nice article, we will probably will translate it for WordPress Italy project if you don’t mind :)

    But.. when you change the password you don’t need an external MD5 generator, you could simply select MD5 in the Function column and type the pawword in plain text, when you save the record the password will be stored after the MD5 hash algorythm was applied.

    Just my 2 cents of contribution :)

    Greetings

  3. By Rommert posted on November 14, 2007 at 4:45 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Ah, should have thought of that one ;)

  4. By davidcubed posted on November 14, 2007 at 6:23 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Same here! I bow down to you Stef… Feel free to translate the article. Still a good bit of knowledge for anyone working with WordPress to have though. :)

  5. By Planet Lowyat posted on January 3, 2008 at 11:38 am
    Want an avatar? Get a gravatar! • You can link to this comment

    This is worked perfectly. Thanks.

  6. By Shaun posted on June 4, 2008 at 11:49 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Rommert is right, I wouldn’t use just any online md5 hash generator, you never know if they could be storing your passwords (paired with the hash).

    Easiest way is to use phpMyadmin, find the user field, replace the existing hash with a plain text password, then select md5 from the function field, and save.

  7. By Steve posted on July 6, 2008 at 4:23 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    I second Shaun’s Post. Why bother with MD5 Hash generators when phpMyadmin will do it for you on the fly?

  8. By Aaron posted on August 7, 2008 at 11:13 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Or you could just change the email then use the blog’s login form to reset the password it gets sent to your email ;)

    This helps with the new versions of WP which encrypt the password with salts and shit which a normal md5 doesn’t work on.

  9. By Eric posted on September 3, 2008 at 4:58 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    my password generator might help… you type a word in the box then it gives you the word in md5 and crypt encryptions.

    it is very handy when you forget your password or want to password protect directories using apache’s .htaccess file.
    http://eric.torvinen.net/password-generator.php

    I hope it helps…

    I have other pages on the site too… feel free to look around what I have.
    http://eric.torvinen.net

  10. By Jason posted on October 15, 2008 at 12:15 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Thanks everyone for the suggestions. You made it easy and saved me a tonne of time.

    Take it easy.

  11. By Bruce posted on November 21, 2008 at 8:49 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    This was very helpful. It seems someone had hacked my blog and deleted the first of two posts. Ignored the problem for some time. I just went now and followed the instructions to reset the password in phpMyAdmin and can now get to my cpanel.

    But I am bothered by the fact that someone could change my password and evidently steal it and perhaps try to link it other accounts I have across the web. Or am I just being paranoid?

    I would like to translate the password that was in there to see if it was an old one that I had created and forgot, but if it is I don’t want that to get stolen on one of the sites that translates them. Or again, am I just being parnoid.

    Bruce

  12. By Sean posted on January 17, 2009 at 3:32 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Thanks so much for this :) Lost all my data and everything earlier today, and my host blocks the mail() function unless I want to fork out $10 to be able to use it.

  13. By mesanna posted on January 18, 2009 at 1:41 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Very helpful article. Thank you very much!

  14. By D. Brent Arnold posted on January 24, 2009 at 11:21 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    I recently became admin of a website. They wanted me to update their blog, however, the original blog admin left the company. This post saved me a huge hassle! Thank you!!!

  15. By Jaso posted on January 30, 2009 at 10:27 am
    Want an avatar? Get a gravatar! • You can link to this comment

    Wow..this worked perfectly!!! I forgot my password and i was able to rectify the problem within a few minutes!

    Thanks for the solution!

  16. By jbalyo posted on February 13, 2009 at 2:02 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    This doesn’t work at all. Makes sense, but no. There’s a $P$9 at the beginning of all the other passwords in the table, I wonder if that has anything to do with it. I tried adding $P$G to my MD5 string manually but also no. Any other suggestions?

  17. By Associate Pie posted on March 17, 2009 at 5:38 am
    Want an avatar? Get a gravatar! • You can link to this comment

    This was awesome. Worked like a charm. Thanks so much.

  18. By Robert Mahfoud posted on April 23, 2009 at 3:45 am
    Want an avatar? Get a gravatar! • You can link to this comment

    I have the same problem as jbalyo, but I got P$B$ instead. Did anyone figure out the solution?

  19. By Grant Cox posted on May 29, 2009 at 1:26 am
    Want an avatar? Get a gravatar! • You can link to this comment

    For those of you having problems (P$B$ etc), this method will only work with WordPress 2.5 and lower. Newer versions use phpass encryption (not just MD5), so you cannot update your password via wordpress. You’ll have to use the “forgot password” function of your blog instead.

  20. By Grant Cox posted on May 29, 2009 at 1:27 am
    Want an avatar? Get a gravatar! • You can link to this comment

    Eck, “via phpmyadmin”, not “via wordpress”.

  21. By Raja posted on June 3, 2009 at 11:11 am
    Want an avatar? Get a gravatar! • You can link to this comment

    Thanks a Lot David. Was able to reset my password easily

  22. By Wilson Cowden posted on June 12, 2009 at 11:10 am
    Want an avatar? Get a gravatar! • You can link to this comment

    Lots of useful info here but I’ve followed through instruction on changing admin password and still can’t access my dashboard. I had 6 unauthorised users listed in the database so I deleted them all. I tried creating a new account but it won’t give me admin privlidges. Any other suggestions would be much appreciated.
    Thanks
    Wilson

  23. By ronald posted on June 15, 2009 at 11:49 am
    Want an avatar? Get a gravatar! • You can link to this comment

    hi
    i also got P$B$ instead.

    is there any way to crack this password .. can u recommend any site or software which can do it

  24. By Stotti posted on June 30, 2009 at 4:12 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Wilson, Ronald: sorry, the information depicted here is obsolete. WordPress uses the Portable PHP password hashing framework instead of MD5 hashing since version 2.5 (see this ticket) – so you cannot simply MD5 hash a new password and enter the digest into the database anymore. You have to encode it using the framework mentioned above.

    I am planning to release an online encoder doing exactly that real soon. Watch my blog for details. It will accompany the famous online md5 encoder of mine, which by the way never saves the entered data. ;)

    Best regards
    Stotti

  25. By Stotti posted on July 1, 2009 at 8:34 am
    Want an avatar? Get a gravatar! • You can link to this comment

    Hi Everyone,

    as announced i have implemented a WordPress password converter for WP versions of 2.5 and above. You can find it online at http://scriptserver.mainframe8.com/wordpress_password_hasher.php
    I have written about it over at my place – stotti.blog(). There you will find detailled instructions on how to set a new password for your up-to-date WordPress installation soon.

    Best
    Stotti

  26. By tla.designz posted on July 16, 2009 at 8:40 am
    Want an avatar? Get a gravatar! • You can link to this comment

    There’s no external MD5 generator needed: You might as well use the MySQL internal MD5() function within phpMyAdmin.

    Just enter your password in plain text and select ‘MD5′ in the ‘function’ drop down. MySQL will then store the password hashed.

    You will notice a difference in look compared to the other users passwords (all password hashes are starting with ‘$P$B’, at least in my installation) but wordpress will update that on first login.

  27. By Tony Zeoli posted on August 6, 2009 at 4:27 am
    Want an avatar? Get a gravatar! • You can link to this comment

    I tried every way imaginable to change the password, including using the forgot password link. Yes, I can change the password, but my blog keeps returning that “you do not have the proper permissions”. The admin permissions is “10” correct? That’s what I see in the database. Any ideas?

  28. By Darren posted on August 29, 2009 at 12:45 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Thank You for posting this! This helped!

  29. By Alex Parshikov posted on September 4, 2009 at 10:45 am
    Want an avatar? Get a gravatar! • You can link to this comment

    Stotti,

    Your effort is appreciated but the method doesn’t work. Could it be that the password is salted somehow? I noticed that your generator gives a different hash from the one I see in my testing installation – for the same password string. That’s what lead me to think of the salt issue.

    My test installation does have modified strings on following lines:

    define(‘AUTH_KEY’, ‘put your unique phrase here’);
    define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);
    define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’);

    Is that the issue?

    Thanks.
    – Alex

  30. By Stotti posted on September 4, 2009 at 9:16 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Hi Alex,

    you’re absolutely right. The hashing algorithm implemented in WordPress is using a salt. So each hash differs from the other – even if the original message is the same. Coherent my WordPress password generator (http://scriptserver.mainframe8.com/wordpress_password_hasher.php) is generating a different password hash each turn. Don’t worry, every generated hash is valid for your password. :)
    If you have further questions i’ll be happy to answer them. But please ask them over at my blog (http://www.stottmeister.com/blog/2009/06/30/new-wordpress-password-hasher-tool/) where i may recognize it faster. I’ve seen your comment here just by coincidence. Thank you!

    Best regards
    – Stotti

  31. By Antonella posted on September 13, 2009 at 3:19 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Thanks! This page saved me. I tried to figure the password reset using phpMyAdmin from from the help page on the WordPress portal, but I think it’s missing a step, or it wasn’t that clear. With your instructions, I was able to change my password in 1 minute!

  32. By Nero posted on November 26, 2009 at 4:38 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Hi,

    hm i change the pw with this litel code it works just fine.

    Create a new php file with the following code in your wp root.
    #########
    query(“UPDATE “.$table_prefix.”users SET user_pass = ‘”.wp_hash_password($_REQUEST["new_pw"]).”‘ WHERE user_login = ‘”.$_REQUEST["u_name"].”‘”);
    ?>
    #########

    Now you only need to do a request to this file with a browser url like this.

    http://YourDomain/wordpress/newpw.php?new_pw=YourPassword&u_name=YourUser

    But delete the file after your done ^_^

    Sorry for my bad english i tried my best >_<

  33. By Nero posted on November 26, 2009 at 5:12 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Ah sorry i forgot the code tag


    require_once('wp-load.php');
    $wpdb->query("UPDATE ".$table_prefix."users SET user_pass = '".wp_hash_password($_REQUEST["new_pw"])."' WHERE user_login = '".$_REQUEST["u_name"]."'");

  34. By crivion posted on December 21, 2009 at 4:09 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Something new for me is that mysql/phpmyadmin knows how to md5()
    I was using various internet tools to encrypt words into md5 has untill now

  35. By Prasanna Kumar posted on December 22, 2009 at 6:13 am
    Want an avatar? Get a gravatar! • You can link to this comment

    Thanks for the tip.

  36. By Shiv posted on January 15, 2010 at 5:59 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Really Useful post for me, tried and did it successfully.

  37. TrackbackDevlounge | Protect Your WordPress WP-Config So You Don’t Get HackedHTML Editor Reviews » del.icio.us bookmarks for November 11th through November 15thHow to reset a wordpress 2.5 password when you can’t get emails | A software blogResetting Your Password if i forgot the password wordpress | Guide for Blogs and WordpressMerging Two Wordpress Blogs | Oregon PublishingLocked Out Of Wordpress : Wired For Noiseאיך שססמא יכולה לעכב… שחזור ססמא ב-wordpress | ניר אדרResetting Your Password In Wordpress —www.bizichics.comstotti.blog()Geeknoob’s Small Spot » Wordpress + WAMP重设WordPress密码 « Hello Word