Change your WordPress password via the MySQL database (or MariaDB). One of the most powerful login details one can have is a set of website hosting login details. This is a level higher from FTP login details, since with website hosting login details you can create new FTP login details from there. What makes it more powerful though is that you get access to the website hosting’s database.
The most powerful logins you can receive are web hosting login details. Can anything get more powerful than this? 🔥🔥🚨⚡️⚡️
— Mic Sumner (@Mic_Sumner) July 13, 2019
A perfect use case would be if you cannot find the password to a WordPress user of yours. Of course, if you are working with a client you will want to make sure that if it is their user details you will want to mention that you will be changing their password for them. This is out of courtesy and respect, because you wouldn’t want to rowdy up their password out of nowhere!
Another use case would be if you would like to change the password without notifying the WordPress admin_email about the change. Since the database is simply a group of values housed alone from the WordPress CMS, there would not be a relation that WordPress would notify of a password change by default — that is, unless you edit the password within WordPress. But please let me know if there are any Security plugins that do so, and this article can be updated accordingly for reference.
1. Log Into the Web Hosting
Log into your web hosting panel where you can modify the database. For most cases, you will either have to log into the cPanel or Plesk Panel to name a couple of the most popular web hosting panels out there. In this example I’m using Siteground since they’re quick and easy to setup.
Once logged in, have a look where you can edit the WordPress files. Usually this would be called the File Manager. But if not, you will have to use FTP to remotely access the files of the website. Please leave a comment below if you might get stuck at this part, as hosting providers have different ways of situating their website files. Although, the 2 most likely cases would be the File Manager tool, and FTP. It’s great if your web hosting provider offers one or the other, or both.
2. Find the Website’s Database
You will have to get into your website’s database. In the most fundamental form, you will have to look into the wp-config.php file of the WordPress website, and within that file, you will be able to find the DB_NAME constant’s value as the database name.
Please take note of this as you will have to find this in your database administration tool — a popular one we’ll look into is called phpMyAdmin.
So within your control panel, instead of finding the File Manager, look for the phpMyAdmin tool, and open it. phpMyAdmin is one of the most popular database admin tools out there. Of course, there are other ways of logging into your database, one of which is simply using the terminal/command line to access it. But for the most part having a graphical user interface (GUI) like phpMyAdmin makes life simpler and more visual.
With phpMyAdmin being the most popular, we will use this as our example in the article.
3. Locate the Users Table
From here, you will have to locate the user that you would like to edit.
Find the database that you have taken note of earlier in the previous step. In my example it was micsumne_wp658. Click your database as found, to view its contents. If using another method, you will have to look up on how to locate the users table there. Any issues leave a comment below.
Within this, look for the Users table. You can use the find function of your browser CMD+F on Mac, or Ctrl+F on Windows. And search for _users. In most cases this is the name of the table you can find your users. Please note that your users table will have a different name from the one in this article. Click the users table once it is found.
Now, within the Users table, you will see that no one’s password is outputted there in plain text. Instead, these are mashed up using the MD5 hash function to better obscure the password.
More info on the MD5 hash function can be found here.
So what we’ll do is edit the specified user’s row in the table. Click Edit on the left side of the row. You’ll see a different view of the row for editing. You could do the same with a quick edit if you’d like.
But in this article we will display a different view to edit the page so that we’re both on the same page.
Editing the WordPress User’s Password via Database
The core step of this article. 🎉
It is also one of the simplest once you have located the specific field in your database to edit. Please follow the instructions carefully below as you are modifying the database of the website.
If you would like, please make a backup of your database before proceeding.
1. Type a New Password
Feel free to edit the Value of the user_pass with the password you would like. You could keep your password simple, however in most cases it is better to generate your password rather than creating one for yourself.
Unfortunately phpMyAdmin doesn’t have a generator feature as of yet. But you can find several specialised password generators across the internet.
Here are a few popular password generators on the internet:
- Norton Password Generator
- Dashlane Password Generator
- LastPass Password Generator
- 1Password Password Generator
- Passwordsgenerator.net
Once you’ve got your generated password, please make sure to make a copy of it securely. Afterwards, copy-paste this onto the user_pass value, and follow the next step below, as we will have to mash up the password.
2. Set an MD5 Hash Function
The next step would be to apply an MD5 hash function towards your plain-text password. This will ensure that it’s not kept as plain text! WordPress would be able to recognise your password though as it has been using MD5 as standard in creating passwords within creating a user. It is only that we are manually performing what WordPress does automatically.
Once you are done with selecting the MD5 option in the dropdown, please read the final step below.
3. Click ‘Go’
After you’re done with selecting MD5 in the dropdown beside your new password, click on ‘Go’ on the lower right-hand side of the view. Your password would be mashed up using the MD5 hash function and ready for you to use!
