Security & Maintenance

How to Change WordPress Password

WordPress basics for beginners

Photo of Editorial Staff Editorial StaffOctober 1, 2025
505 6 minutes read
Laptop display with a large padlock, shield with a checkmark, and a key, symbolizing secure WordPress password changes.
Visually representing the importance of security when changing your WordPress password.
If you manage a site long term, you will eventually need to Change WordPress Password for yourself or another user. Whether you forgot your login, suspect a hack, or simply want a stronger password, WordPress gives you several safe ways to update it.

In this tutorial, you will learn how to change your password directly in the dashboard, recover a lost password by email, reset it in the database through phpMyAdmin for emergencies, and even update it with WP-CLI. By the end, you will have a hardened login that keeps attackers out and still lets you back in easily.

What You Need Before Changing Your WordPress Password

  • Administrator access to your WordPress site or at least access to your own user account.
  • Access to the email address linked to your WordPress user for password reset emails.
  • Hosting control panel access such as cPanel or a similar dashboard for phpMyAdmin, if you plan to use the database method.
  • Basic familiarity with logging in to the WordPress dashboard at /wp-admin or /wp-login.php.
  • Optional but recommended: a recent backup of your database before editing it directly.
If you are not sure how to back up your site first, follow your host’s backup tool or a dedicated WordPress backup plugin before touching the database.

Step 1: Choose the Best Method to Change Your Password

Different situations call for different ways to change a WordPress password. The table below helps you decide which method you should follow first.

Method Where You Use It Main Purpose
Change Password from Profile WordPress dashboard » Users » Profile / All Users Safely update your own or another user’s password when you can already log in to the WordPress dashboard.
Reset Forgotten Password by Email WordPress login page » “Lost your password?” link Recover access when you forgot your password but still have access to the email address linked to your WordPress account.
Reset Password in Database (phpMyAdmin) Hosting control panel » phpMyAdmin » wp_users table Emergency method for changing a password directly in the database when email resets fail and you’re locked out of the site.
Change Password with WP-CLI SSH terminal with WP-CLI installed Fast, scriptable password updates for developers or power users managing multiple sites or user accounts from the command line.
Secure Account After Password Change WordPress dashboard » Profile & Security/2FA plugin settings Add two-factor authentication, log out other sessions, and clean up user roles so your new password and login stay secure long term.

Once you know which method fits your situation, follow the detailed steps below.

Step 2: Change WordPress Password from Your Profile

When you can already log in to your WordPress dashboard, this is the safest and most user friendly way to change your own password or update another user’s password as an administrator.

  1. Log in to your WordPress dashboard by visiting yourdomain.com/wp-admin and entering your current username and password.
WordPress admin login screen showing the 'You are now logged out' message, username, and password fields to help you log in.
The WordPress admin login screen with pre-filled username and password fields, ready for site access.
  1. In the left sidebar, navigate to Users » Profile (for your own account).
    If you are an administrator changing someone else’s password, go to Users » All Users and click the username you want to edit.
WordPress dashboard 'Users' page displaying the administrator user list for managing accounts and security settings.
The WordPress dashboard’s Users page provides an overview of all registered users on your site, including their roles.
  1. Scroll down to the Account Management section. Click the Set New Password button under the password field.
WordPress Profile screen for changing passwords, showing the 'New Password' field with a strong generated password.
The WordPress profile screen allows users to change their account password and manage sessions.
  1. WordPress will generate a strong password automatically. Either keep it or type your own strong password. Aim for at least 12 characters with a mix of upper and lower case letters, numbers, and symbols.
  2. Copy the new password to a secure password manager, then scroll to the bottom and click Update Profile to save the change.
Do not reuse passwords from other websites. If one site is breached, attackers can try the same password on your WordPress login and gain full control.

Confirm this step is complete by logging out using the top right Log Out link and logging back in with your new password. If the login works, your change was successful.

Step 3: Reset a Forgotten Password by Email

Use this method when you cannot remember your current password but still have access to the email address attached to your WordPress user account.

  1. Visit your login page at yourdomain.com/wp-login.php.
  2. Click the Lost your password link below the login form.
WordPress password reset form, showing the input field for username or email and the 'Get New Password' button.
The WordPress password reset form allows users to regain access to their admin dashboard by entering their username or email.
  1. On the password reset form, enter your Username or Email Address associated with the account, then click Get New Password.
  2. Check your inbox for a password reset email from WordPress. If you do not see it, look in your spam or junk folder and confirm that your site can send emails correctly.
  3. Next, click the reset link in the email. On the reset page, either accept the generated strong password or type a new one, then click Save Password.
WordPress password reset screen showing a strong password entered into the 'New password' field, emphasizing secure WordPress login practices.
A strong password being set on the WordPress password reset screen.

After saving, return to the login page and sign in with your username and the new password. If you can log in, your reset worked.

Should the reset email never arrive, you may have an issue with email deliverability or SMTP settings. In that case, move on to the phpMyAdmin or WP-CLI methods so you can still change the password.

Step 4: Reset WordPress Password in the Database with phpMyAdmin

When password reset emails fail and you are locked out, you can change your password directly in the database using phpMyAdmin. This approach is more technical, so take your time and work carefully.

Always back up your database before editing it directly. A wrong change can break your site or lock out all users. If possible, test the process on a staging site first.
  1. Log in to your hosting control panel such as cPanel, Plesk, or your host’s custom dashboard.
  2. Open phpMyAdmin from the database section of your control panel.
cPanel interface with phpMyAdmin highlighted in the Databases section, illustrating how to access it for a WordPress password change.
Locate phpMyAdmin under the Databases section in cPanel, a crucial step for manually changing your WordPress password.
  1. In phpMyAdmin, select your WordPress database from the left sidebar. Look for the table ending in _users (often wp_users unless you changed the prefix), then click it.
  2. Find the row for the user whose password you want to reset and click Edit for that row.
  3. In the user_pass field, select MD5 from the function drop-down if available. Enter your new password in plain text in the value box.
  4. Scroll down and click Go to save the changes.

Now go back to your WordPress login page and try signing in with the same username and the new password you entered. On first login, WordPress will rehash the MD5 value with its current password hashing method, improving security automatically.

For easier recovery next time, consider enabling reliable email sending or setting up regular backups after you regain access.

Step 5: Change WordPress Password with WP-CLI

If your host provides SSH access and WP-CLI, you can change passwords quickly from the command line. This is ideal for developers and power users who manage many sites or user accounts.

  1. Connect to your server using an SSH client and log in with your hosting account credentials.
  2. Navigate to your WordPress installation directory where wp-config.php is located.
  3. Run a WP-CLI command to update the password, replacing the username and password with your own values: 
    wp user update admin --user_pass="StrongNewPassword123!"
  4. If you are not sure which username to use, list all users first with: 
    wp user list
  5. After running the update command, open your site’s login page in the browser and log in with the updated password.

WP-CLI is fast, scriptable, and does not require opening phpMyAdmin. Just remember to keep SSH access secure and never share commands that contain real passwords in public tickets or chats.

Step 6: Secure Your Account After Changing the Password

Changing your password is only the first step. Locking down your login and cleaning up old access will reduce the risk of future compromises.

  1. Enable two factor authentication on your account using a reputable security or login plugin. Most tools let you use an authenticator app or SMS code in addition to your password.
  2. Log out of all other sessions. In your Profile screen, look for the Sessions or Log Out Everywhere Else option and click it to invalidate old logins.
  3. Review the Users » All Users list and remove or downgrade any accounts that no longer need administrator access.
  4. Update any saved passwords in browsers, FTP tools, and password managers so they match the new value. Delete old notes, messages, or screenshots that include your previous password.
  5. In cases where you changed your password because you suspected a hack, run a full security scan with your security plugin and follow a basic hardening checklist to remove malware and close common gaps.

When these items are complete, your new password will be much harder to abuse and you will have better control over who can access the site.

Conclusion Your WordPress Password Is Safely Updated

By now you have seen several reliable ways to Change WordPress Password, from the simple dashboard profile update to emergency database and WP-CLI methods. Whether you forgot your login or needed to secure a compromised account, you can regain access without waiting on support.

Because you also enabled protections like two factor authentication, logged out other sessions, and cleaned up user access, you turned a routine password change into a major security upgrade. Keep your new password in a secure password manager and schedule occasional security checkups so your WordPress login stays strong over time.

Further Reading and Resources

WordPress Password Change Frequently Asked Questions

What if I do not receive the password reset email

First confirm that you are using the correct username or email address and check your spam or junk folder. If the email is still missing, your site may not be sending emails correctly due to missing SMTP settings or host restrictions. In that case, use the phpMyAdmin or WP-CLI method to reset the password manually, then set up proper SMTP so future emails deliver reliably.

Can I change another users password as an administrator

Yes. Log in as an administrator, go to Users » All Users, click the username you need to update, and use the Set New Password option in the Account Management section. Notify the user securely of the new password or ask them to change it immediately after logging in.

Is editing the database safe for changing passwords

Editing the database is safe if you move carefully and back up first, but it is more risky than using the dashboard or email reset. A mistake in phpMyAdmin can break your site or corrupt user data. Only use the database method when other recovery options fail, and always take a fresh database backup before making changes.

How often should I change my WordPress password

For most users, changing passwords a few times a year is enough when combined with strong unique passwords and two factor authentication. However, you should change your password immediately if you suspect a hack, notice unfamiliar logins, or discover that your password was exposed in a data breach elsewhere.

Does changing my password log out other logged in devices

Not always. Some setups keep other sessions active even after a password change. To be safe, visit your Profile screen and use the option to log out other sessions or devices. Many security plugins also include a feature to force log out all users or specific accounts.
Tags
Photo of Editorial Staff Editorial StaffOctober 1, 2025
505 6 minutes read
Photo of Editorial Staff

Editorial Staff

Related Articles

How to Backup a WordPress Site illustration with people, code, gear, and tools for data protection and maintenance.

How to Backup a WordPress Site

December 29, 2025
Laptop and gears with web icons, illustrating how to check if WordPress plugins are up to date for website security and maintenance.

How to Check If WordPress Plugins Are up to Date

December 24, 2025
Illustration on how to secure WordPress downloads, featuring tools, a lock, and digital devices, emphasizing improved WordPress security.

How Do I Secure My WordPress Downloads

December 23, 2025
Team performing WordPress website maintenance services: security, updates, and monitoring on a mobile device, emphasizing protection.

Best Website Maintenance Services

December 20, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button