If you’re unable to login, you need to reset your password using the “Lost your password?” functionality in the login screen. But what if the e-mail ID to which your account is linked has been disabled, or you don’t have access to the mailbox for whatever reason? It’s not easy to predict the various circumstances under which you’re unable to enter your WordPress installation. But fear not! As long as you are able to login to your backend database, you can change your WordPress username and password. After all, this is the engine that powers the entire application. With database access, you have all the powers of a god! But first, a little primer on how WordPress passwords are stored.
Contrary to what you may think, your passwords are not stored in the WordPress database in plain text. While this might be easy for humans to read, it’s a security risk. Rather, they are stored in encrypted form. This is a very special type of encryption where it’s just about impossible to reconstruct the original passphrase from the gibberish numbers and characters. So while you can reset your password, you can’t find out what it was originally. This way, if any attacker breaches the database, they won’t know what the passwords of your users are and so will be unable to try and reuse them on banking sites etc.
In the case of WordPress, The passwords are processed through what is known as a 128 bit MD5 cryptographic hash function. It converts any input string into a mishmash of letters and characters. So if we want to type our new password directly into the database, we’re going to have to perform the hash ourselves. Fortunately, phpMyAdmin provides the tools for this.
Resetting via phpMyAdmin
Most web hosts will provide you with access to the backend database via a program known as “phpMyAdmin”. It’s one of the most well-known and popular web applications for accessing and manipulating databases online. It doesn’t require any software to be installed on your computer which is what makes it so easy to use. Go into your hosting control panel and search for the phpMyAdmin option. It should look something like this:
Click the icon and enter your database username and password. If you’ve forgotten this as well, don’t worry! These are stored in the wp-config file as I’ve explained elsewhere. Once inside, select your database from the menu on the left. There may be many of these and you can once again refer to wp-config to know which it is. Once selected, it will present you with a list of tables in the right pane. Locate the wp_users table and click it:
This is the table containing all the usernames and passwords. Under the “user_login” field, identify the row which has the username for which you want to change the password and click the “Edit” link all the way to the left. You are now able to change all of the fields. The row starting with “user_pass” contains the password. It should be a gibberish of characters and numbers as explained above. Type in your new password and in the drop-down box under “Function” in the same row, select MD5. Finally, click “Go” and the entry will be updated with your password being processed with the MD5 algorithm.
Check to see that your password has indeed been transformed into an encrypted form. If not, the MD5 hash was not applied and you need to redo it. Go to the login page and test out your new password!
Keep in mind that modifying the database directly while extremely powerful, is also fraught with danger if you don’t know what you’re doing. Ideally you should stay away from it if you don’t have any experience working with databases and tables. But if you’re truly in a fix and don’t know what else to do, this simple guide should at least give you access to your installation.
Is your website slow?
Enter its URL below to find out now:
- PREVIOUS ENTRY: Guide to Reseller Hosting - Part 4: Configuring Vanity Nameservers
- NEXT ENTRY: How to Build a Review Site Using Wordpress