Recovering Administrator Access on Your WordPress Site
If you have lost your administrator password for your site, this article will help you recover access. The way most content management systems (CMS) stores authentication data, is within a MySQL database table usually named “user.” Passwords are usually encrypted using one way hashing algorithms such as SHA2 and sometimes made difficult to brute force with key derivation functions or salting. Some CMS has tools that you can use via SSH, and others require that you modify the database directly. This article will explain how you can reset the password for WordPress.
Using phpMyAdmin to run a query
In this article, there are many steps that require running a MySQL query on the database for your web site. If you are unfamiliar with MySQL, we recommend that you pay close attention when entering the query or contact us for assistance as you are able to cause damage to the site if a query is entered incorrectly. This section will provide instructions on how to run the queries mentioned in this article with the use of phpMyAdmin built into cPanel.
Before you run any query, first make sure that you are running the query on the correct database and that you have updated or added correct prefixes to the tables mentioned in a query. You can find this information by viewing the configuration file for the site, which contains the database name and table prefix.
UPDATE `prefix_users` SET `user_pass` = MD5(‘password’) WHERE `user_login` = ‘admin’;
The query above will change the password for the user “admin” to the password “password” on a CMS. Before you run the query, you must first update the query to match your environment. The prefix, identified as “prefix_” in the example, needs to be either removed or replaced depending on if your site uses a prefix. The password needs to be replaced. The username needs to be updated to your account login-if you do not know the account login, you can usually click on the table in phpMyAdmin to see what accounts exist.
Note: If you are copying and pasting the query, double check the single quotes (‘) and prime (`) are not replaced with smart quotes. The prime key is to the top left of the keyboard under the escape key and the single quote key is next to the return key typically on a us keyboard.
Once you have all the information above updated to match your environment, you can then run the query on the database.
- Login to cPanel.
- Under the databases section, click on phpMyAdmin.
- On the left side bar, click on the database for your site.
- On the top, click on the tab named SQL.
- Confirm that the “Run SQL query/queries on database user_db” matches the database name of your site.
- Enter the query, updated to match your environment.
- Once you have confirmed everything is right (you can click simulate query to see how many items will be affected), click on the “Go” button on the bottom right to execute the command.
WordPress accepts having password encrypted by using the obsolete MD5 algorithm without salt. We highly recommend that you use a temporary password here and change the password immediately after.
- Follow the instructions for phpMyAdmin to run the following query.
UPDATE `prefix_users` SET `user_pass` = MD5('password') WHERE `user_login`='admin';
- Login to the wordpress admin using password set by the query.
- On the top right of the screen, click on your username to get to the profile.
- Near the bottom of the screen is a “New Password” option where you can click “Generate Password” to get a new password.
- Click “Update Profile” to save the new password.