WordPress has a variety of ways to recover lost passwords. From something as simple as clicking the “Lost your password?” link, to being able to reset it via phpMyAdmin directly through the database, replacing either yours or someone else’s login credentials isn’t difficult. However sometimes for some reason or the other, none of these work. Either you don’t have easy access to the database or the control panel backend, or the e-mail ID used for password recovery isn’t functioning. Whatever the reason, WordPress gives you one final way to recover the password of any user having the “Administrator” role. It relies on creating a file that doesn’t exist on any WordPress installation by default. This method is utilized only in emergencies when all else fails. Use it with caution and make sure that you remove the vulnerability immediately afterwards. The process consists of four steps:
- Create the password reset file
- Upload it to the WordPress root
- Execute the file for a particular Administrator
- Delete it
Create the Emergency Reset File
The first step is to create the PHP file and save it to your local desktop. Visit this URL and scroll down until you reach the section with the PHP code in a grey box. Copy the entire contents starting with <?php and ending with </html> and paste it into a plain text editor like Notepad. Save the file onto your local PC. In this example, I’ve used the filename “emergency_password_reset.php” as shown below.
Next, we have to upload this to our WordPress installation. This is most easily done via FTP. Find the root directory of WordPress. It will be the one containing the subdirectories wp-content, wp-admin, and wp-includes. Transfer the file to this location. If you’re looking for a hassle free FTP client, I recommend FireFTP which is free software for Firefox.
Choosing a new Password
Now that the file is present in the root directory, we need to visit it directly via a browser. If you got the location right, simply type in the name of your blog followed by the name of the emergency password script along with the extension. So if your blog is example.com, the URL needs to be www.example.com/emergency_password_reset.php.
This will bring up the password reset screen as shown below.
Note that you can only use this method for resetting passwords for administrators. As such, it is not a general “lost password” tool, but a method for regaining access to a WordPress installation when all other options fail. If you’re an administrator, you can in any case change the password for any other user right from the administration dashboard itself. This procedure is only for those situations when no administrator is able to log in.
Follow the instructions you see when you execute the file and type in the name of an administrator along with the new password. Then click the “Update Options” button. If everything goes smoothly, you will see a notification saying that an e-mail has been sent to the e-mail account associated with that username and that the password has been changed. Keep in mind that sometimes the reason for resorting to this method is that the e-mail itself is inaccessible. But don’t worry – the password change will take place even if the notification isn’t delivered. Here is what the received e-mail looks like:
Delete the File
It’s easy to see that this method is dangerous since anyone who is aware of the existence of the file can reset any administrator password and gain access to your site. Because of this, it is critical that you delete it as soon as possible.
It’s hard to imagine a situation when you will have no choice but to use this technique. No database access, no backend access, in active e-mail IDs… All of these will have to occur simultaneously for an administrator to be locked out of their account. But in case the unthinkable happens, it’s good to know that an emergency reset option is available.
Is your website slow?
Enter its URL below to find out now:
- PREVIOUS ENTRY: Fix the Empty Search to Homepage Problem in WordPress
- NEXT ENTRY: How to Show the Most Popular Posts and Pages Using Jetpack