How to Reset your Admin Password When You’re Locked Out

Padlocks

You may have simply forgotten your password, or you may have been doing some mods in a haphazard fashion. The reason doesn’t matter much; the fact is, you’re locked out and you just want to access your site again, right?

Gaining access to your site again isn’t too hard, so long as you’ve got access to your hosting account.

Log in to your database

Once you’ve logged into cPanel (or you host’s equivalent control panel, if you don’t have an awesome host like HostGator), find the phpMyAdmin icon so that you can make changes to your database and log in to phpMyAdmin.

Once you’re logged in, find the users table. If you haven’t changed your table prefix, the table will be wp_users, though I’ll take this opportunity to recommend that you change it now. If you have changed the prefix, it will be yourcustomprefix_users.

Once you browse the table, you’ll see one or more rows, each one representing a user on your site. You should be able to identify your row by the user_login column, which will include the login that you normally use to log into WordPress.

Reset your password

Edit WordPress User in phpMyAdmin

Click on the Edit link on the row for the user you’re trying to reset the password for. The next screen will enable you to change all of the raw data for that user, including their email address, display name and most importantly, their password.

At first glance, you might realise that the value in user_pass (the password field) doesn’t look like the password that you thought it was. That’s because it’s encrypted, so that it can’t easily be stolen, by someone who might have gained access to your database for instance. As such, it’s not quite as simple as writing your new password in that field; you need to encrypt your new password first.

Encrypt your password

There are tools all over the place that will allow you to encrypt your password. You’ll want to find a tool that encrypts data using MD5 encryption. This password encryptor does the job nicely. Once you’ve received the encrypted password, which should be a very long, random mix of letters, numbers and symbols, you can then paste that into the user_pass field in phpMyAdmin and save the row.

Reset WordPress Password in phpMyAdmin

Your password is now reset and you should be able to log back in to WordPress. Now, be a little more careful in future!

14 thoughts on “How to Reset your Admin Password When You’re Locked Out”

  1. Paul Salmon says:

    I have had to go this route for a blog I was working on. It is frustrating to forget a password, but I’m glad that I had admin access to the blog and host to be able to make the necessary changes.

    I now store my passwords in a password management tool so I won’t have to go through these steps again.

  2. Steve says:

    Useful post, but you can just type the new password in the password field. No need to encrypt it first: just select MD5 from the dropdown next to the password field.

    1. Ahhh, that’s a really useful tip! I’ll be sure to update the tutorial to reflect that.

  3. Lee Rickler says:

    There’s an easier way to do this without touching the DB.
    Add this to your theme functions.php:
    wp_set_password(‘NewPassword’,1);

    ‘NewPassword’ = the new password you choose
    ‘1’ = The user ID

    You can then log in and change the password in ‘your profile’ if need be.

    1. Appreciate the pointer Lee. I suppose that should anyone decide to do this, the important thing to beware of is to remove the function after you’ve regained access to your account.

  4. Lee Rickler says:

    Dave – Definitely!

  5. ines says:

    I followed these instructions but still can’t manage to login to my admin account. I tried with other users and had the same luck. Registrations appear to be closed all of a sudden. Any idea of what might have happened? Don’t recall making any special adjustments lately :S

    1. If you made all these changes successfully, there’s no reason that it shouldn’t work. And registration being closed should have no impact. Are you trying to reset your password for WordPress? Were you able to log in to phpMyAdmin?

      1. ines says:

        I did everything from phpMyAdmin, as I can’t access wordpress from my admin account :S I believe it could have something to do with the s2member plugin I’m using that includes Brute Force IP/Login Restriction. But the restriction time has been fulfilled and the new password doesn’t work either. I guess I will have to ask them directly. By the way, thanks for the article, it’s always good to learn something new :)

      2. ines says:

        I don’t want to spam, but I have just solved my problem, and it definitely had to do with the plugin. Thanks a lot for taking time to answer :D

        1. Ahhh, I had this issue with a client of mine. I think we temporarily solved it by duplicating the admin user’s row in wp_users and changing it to a different username and password (creating a new admin user essentially). Then we went in and modified the S2Member tables later. Is that what you did?

          1. ines says:

            I did two things, but not sure which one solved the issue: I ran two queries from the mysql db that removed all IP restrictions, and then changed the password once again (I kept trying to preserve the old one before, so this time I tried with a different one and worked). Not sure what caused the whole problem though, that remains a mystery to me

  6. Wow, this is cool to know Dave. I had one of my admin names get locked out when I was testing my list submission form. Who knows why WP didn’t like what I did, but it locked me out! (I have a lockout plugin running, so maybe that was the agent of change.) Luckily, I had another name with admin rights, got in, and unlocked the other name. Knowing your tip I can be even more careless. :)

  7. Bill says:

    I also use S2member. I first noticed I was blocked when I went to use a “test” member account I set up that I use to view the site after I make changes to it. It wouldn’t allow me to log on so I quickly went to my admin account and tried to log on to the admin panel and was blocked. I am quite sure I used the correct passwords for BOTH accounts. It kept failing and then… “too many failed attempts… this IP is blocked for 24 hours ect”

    So I found your info here and went to phpmyadmin on my control panel and followed your instructions and it still wont work. My question is… Is that because I am still within the punishment time window?

    I read IENS’s comments about s2member and don’t understand what he did and now it seems I can’t even log in to the wordpress-s2member help forums. For some strange reason its not taking my user-password so I am stuck!

Leave a Reply