Can’t log back into your WordPress site?
Finding yourself unable to access your admin area because you can’t remember your password or username can be really frustrating.
Fortunately, with WordPress, there is always a way to get back into the backend of your site.
In this troubleshooting step-by-step tutorial for non-technical WordPress users, you will learn the process of recovering a forgotten password or username and getting access to your website. We’ll go as far as we can without getting into complicated technical areas, and then, if this still doesn’t help you, we’ll explain to you what other options are available for recovering your password details.
Let’s start at the beginning.
Typing In The Wrong Username Or Password
Normally, if your username or password are wrong when trying to access your WP dashboard, you will get an error message like the one below displayed on your login page …
Here’s a clue: If you get the username correct but the password wrong, WordPress will actually tell you this …
For security reasons, avoid installing WordPress sites with the username admin.
This is the default installation username for WordPress and one of the leading causes of brute force attacks and security threats on WordPress sites.
(WordPress security experts recommend avoiding using Admin as your username)
If you need to change your username, see this tutorial: Changing Your Admin Username
If you have forgotten your password, but you know your username or the email address you have registered with, then click on the “Lost your password?” link in the error message …
(Click on lost password link to regain access)
You can also access the lost password area by clicking on the link found below the login box …
Alternatively, type the following URL into your web browser (where “domain” is your domain name and “tld” is the domain extension, eg. “com”, “net”, “biz”, etc.) …
Type in your username or email and click the button to get a new password …
(Get new password)
At this stage, there is no password recovery option. You will need to reset your password.
You will receive a system email containing a password reset link. Click on the link to reset your password.
(Click on email link to reset your WordPress password)
WordPress will suggest a secure password for your account. If you are happy with the password, click on Reset Password …
(Choose a secure password)
If you would like to enter a different password, then type a new password into the New Password field. Make sure that you select a strong password containing upper and lower case letters, numbers and symbols, like “@, $, %, &, ^” etc …
(Choose a secure WordPress password)
Use a password generator tool to help you create a secure password.
You can use a free online password generator tool like PasswordsGenerator.net (shown below) …
Or password management software like RoboForm, which not only lets you generate secure passwords, but also store and manage all your passwords …
(Use A Password Generator Tool If You Need Help Creating A Strong Password)
After resetting your password, log in as normal …
Changing Your Password Inside The WordPress Admin Area
To change your password inside your WordPress administration area, log into your admin and select Edit My Profile from the “Howdy, User” dropdown menu near the top-right hand corner of your screen …
(Howdy, Username > Edit My Profile)
You can also access your “Profile” area by selecting Users > Your Profile from your main admin menu.
Towards the bottom part of the screen, you will see the “change password” fields. Enter a new password and confirm this password here.
Note: Use the WordPress password strength meter to help you avoid using weak passwords and come up with a strong password.
(Don’t use weak passwords)
Click Update Profile when finished to update your password settings.
(Remember to save your settings)
Better Password Security
WordPress version 4.3 improves how your passwords are chosen and changed …
(WP 4.3 – Better Password Security)
You start out with a strong password by default and are given the option to keep the assigned password or replace it with your own.
A password strength meter is available as well as the option to hide your password from prying eyes. The new password interface can be found on the password reset screen and the WordPress install screen …
(Improved Password Security)
If you want to set up a password that WordPress considers to be weak, you will be asked to confirm the use of this password …
(WordPress 4.3 – Better Password Security)
From v. 4.3 onwards, instead of receiving passwords via email, users will get a password reset link with 24-hour expiry. E-mail notifications will be sent out, however, in the event that an email or password is changed.
If You’ve Forgotten Your Username And Password
So far, the above steps work if you’ve lost your password but you still can access your username or email address.
How can you log in if you don’t know both your username and password?
You can still log into your WordPress site, but a little technical intervention is required.
As this tutorial is mostly aimed for non-technical WordPress users, we suggest that if the information above hasn’t helped you get back into your WordPress site, then either contact someone who can provide you with technical support (i.e. your webmaster, website management person or your webhost) and ask them to help you change your WordPress Password from phpMyAdmin, or you can try using the method below, which will simply reveal your username and email address, so you at least you can get your password reset and log back in.
All you need is access to your server. Don’t worry, you won’t be changing anything … you’re just taking a look!
If taking a look inside your server or WordPress database makes you feel hesitant, then please ask a knowledgeable WordPress user for assistance.
In the example below, we’ll be working with cPanel …
cPanel management software
Log into your server admin account …
cPanel administration area
Scroll down to the “Databases” section and open up phpMyAdmin …
Open up your WordPress database.
Note: If you have a number of databases set up on your domain, make sure that you select the right one …
Don’t worry about the complicated-looking information on your screen.
Click on wp_users …
You will see a list of all your site’s users with their usernames and email addresses. Typically, the first line is assigned to the site administrator, but if you have more users and need to locate their username or email, then scroll down the list until you find the details you are looking for …
Note: The user password is also included in this section of your database (in the “user_pass” column”), but as you can see from the screenshot above, it is encrypted and displays only random-looking characters in the field.
Due to the purpose of security, WordPress stores all passwords as a cryptographic hash function (MD5 Hash) instead of plain text. This prevents even the site administrator from knowing a user’s password.
To replace this password requires using an encryption tool that lets you generate an MD5 hash, which you would then copy and paste into the password field. You can search for “free MD5 generators online” if you want to change the password yourself, but as suggested earlier, ask for help from a professional if you really don’t know what you are doing, as you could end up causing errors.
Now that you have retrieved your username and email address, log out of your server, return to the login screen and request a new password …
We hope that you have found this tutorial useful and can now resume working.