WordPress administrators occasionally face situations where changing a password directly in the database becomes necessary, despite it not being the recommended practice. Common scenarios include losing access to a recovery email or dealing with a compromised admin account. In these cases, database manipulation may be the only viable solution.
WordPress stores passwords in a hashed format within the database. While this practice enhances security, it also complicates direct password changes. This guide provides a step-by-step process for recovering access to a WordPress site by changing passwords through a database management tool or the WordPress command line.
The article also examines how Shield Security PRO’s security features can prevent password-related issues. The plugin offers measures to protect WordPress sites, which may reduce the need for database-level password changes.
Preparing for the password change: Backup your database
Before making any changes to the WordPress database, create a backup to protect against accidental data loss and allow for easy recovery if you run into complications.
Creating a backup using phpMyAdmin
You can use phpMyAdmin, a database administration tool, to manually create a backup by following these steps:
1. Log into your hosting control panel, find the section with database management options, and click on phpMyAdmin. In cPanel, for example, this would be Tools > Database.
2. From the menu on the left, find and click on your WordPress database.
3. Navigate to the Export tab at the top.
4. Choose your preferred export method and format – the default options should work for most situations – and click on Export.
5. Download the resulting file.
Alternative backup methods
If you’re not comfortable using phpMyAdmin, there are other options at your disposal:
Using plugins
You can use plugins like WP-Staging, UpdraftPlus, or VaultPress to create backups. These tools can create automated backups on a set schedule and export the archives to your preferred destination. This makes them ideal for WordPress site admins who prefer a more hands-off approach.
Using the cPanel Backup Wizard
If your hosting provider uses cPanel as their control panel, you can use it to create backups without needing to go through phpMyAdmin! Here’s how:
1. Go to Tools > Files > Backup Wizard.
2. From the Back Up or Restore screen, select Back Up.
3. At the Full or Partial Backup screen, select MySQL Databases.
4. Download the database backups.
Precautions and best practices
Regular database backups aren’t something you only do before making significant changes to your website. You should implement a routine backup schedule to safeguard against unexpected issues, ranging from data loss to ransomware.
After creating a backup, verify the file to ensure it’s complete and uncorrupted.
For added security, consider using multiple backup methods, such as storing copies both locally and in cloud storage. This redundancy provides an extra layer of protection, ensuring that a viable backup is always available if you ever have to restore data.
How to change the WordPress password from the database
Here are the steps you should follow to reset your WordPress password through phpMyAdmin, or by using WP-CLI, the WordPress command line tool:
Using phpMyAdmin
- Log into your hosting control panel, open cPanel, then open your WordPress database.
- Locate the table ending in
_users
and click on it. The prefix is usuallywp
, but it might vary, so you should look for the_users
suffix. - Click on Edit.
- Under the
user_pass
column, change the Value to the new password and the Function to MD5. - Click on Go to apply the changes.
⚠ MD5 hashing is less secure than the default WordPress option, so you should change your password again as soon as you regain access to your site. This forces the password hashing to update to a more secure option.
Using WP-CLI
- Log into your server via SSH. Use PowerShell on Windows or the default terminals on Linux and macOS. Contact your hosting provider for your credentials if you don’t already have them.
- Navigate to the directory where WordPress is installed using the command below:
cd /path/to/your/wordpress
- Retrieve a list of users using
wp user list
. - Find the username and ID of the account whose password you want to change.
- Use the command below to change the password:
wp user update 1 —user_pass=the_new_password
💡 Replace1
with the ID of the user whose password you want to change.1
is the admin.
⚠ When you’re able to get back into the account, change the password again to force it to update to a more secure hashing format.
This method is definitely the most complex, and the threat of syntax errors only adds to the frustration.
Luckily, you can avoid all this by using a plugin like Shield Security PRO. It secures your site with measures like strong password policies, activity logging, and Two-Factor Authentication (2FA), preventing the need for future database-level password changes.
We’ll take a closer look at Shield Security PRO later in this article!
Verifying the password change and troubleshooting common issues
Once you’ve changed your password in the database, it’s time to check everything is working correctly and fix any outstanding issues:
Verifying the password change
The easiest way to verify the change is by trying to login to the admin dashboard using the new password.
If this doesn’t work, you might need to do some more troubleshooting. First, clear the browser cache and cookies since old data might interfere with the process.
If this also fails, try logging in from an incognito or private browser window. This approach should eliminate any conflicts with stored data.
If the issue persists, double-check that you changed the password in the database correctly. You may need to try it again, just to be sure. Check for typos and, depending on the method you use, ensure you select the MD5 password hashing function.
Troubleshooting common issues
You might run into a few issues during this process, but there are usually some easy fixes:
- Incorrect password error: Verify the new password in the database. Ensure MD5 encryption was selected for the
user_pass
column. If the problem persists, reset the password again through phpMyAdmin. - Password reset link issues: If the reset link leads to errors, disable plugins via sFTP or cPanel. Re-enable plugins individually to identify conflicts.
- Database connection errors: Check wp-config.php for correct database credentials. Verify the database server is running and accessible.
- Lost changes after database update: Confirm changes were saved in phpMyAdmin. Refresh the database view to verify updates.
- Access denied errors: Ensure the user has necessary database permissions. Contact the hosting provider if permission issues continue.
Exploring Shield Security PRO’s password management features
Shield Security PRO is a premium security solution for hardening WordPress websites. Its password management features can prevent the need for database-level password changes and guard against brute force and DoS attacks.
To this end, it provides the following features:
- Password policies: Enforces strong password creation and maintenance.
- Two-factor authentication: Adds an extra layer of security, significantly reducing unauthorised access risks.
- Activity logging: Tracks password changes and critical events for transparency and security audits.
- Application password authentication: Detects and logs incorrect usage of application passwords.
- ‘Pwned’ password prevention: Checks against the Have I Been Pwned database to prevent use of compromised passwords.
Site admins can force all users to change their passwords to comply with new security policies and ensure that all accounts meet the latest standards.
Prevent future password issues with Shield Security PRO
With the knowledge provided in this guide, you can now change WordPress passwords directly in the database when necessary. However, you should consider this approach a last resort due to the potential risks and complexities involved.
Instead, you should focus on implementing robust security practices to avoid situations that require database-level password resets.
Shield Security PRO’s comprehensive password management features offer an effective solution to this challenge. By enforcing strong password policies, implementing two-factor authentication, and providing additional security measures, the plugin significantly reduces the likelihood of manual DB interventions.
This proactive approach saves you time and effort while providing peace of mind. Install Shield Security PRO today to enhance your WordPress site’s security posture and prevent future password-related issues!