Reset Your WordPress Admin Password Manually – 5 Methods

WordPress locks you out when you forget the admin password — but you have multiple reliable recovery paths. This guide covers five methods, from the one-click Lost Password link to WP-CLI, so you can match the fix to your available access.

TL;DR: The fastest path is the Lost Password email link at yourdomain.com/wp-login.php?action=lostpassword. If email is unreachable, reset the password directly in the database with phpMyAdmin (Method 3) or with WP-CLI on the command line (Method 5). The FTP + functions.php approach (Method 4) is a solid fallback when neither database tools nor SSH are available.

Which method should I use?

Choose based on what you still have access to:

Your situation Best method
You can reach the email address on your account Method 1 — Lost Password link
Email unreachable; you have cPanel, Plesk, or phpMyAdmin Method 3 — phpMyAdmin
Email unreachable; you have FTP or SFTP access only Method 4 — functions.php edit
You have SSH or command-line access to the server Method 5 — WP-CLI
Email unreachable and no server access at all Contact your hosting provider

From WP STAGING support tickets, the most frequent lockout scenario is a database push that overwrites the wp_users table — in that case, jump straight to Method 3 or Method 5.

Method 1: Using the WordPress "Lost Password" Feature

The easiest method to reset your password is through WordPress’s built-in feature:

  1. Go to your WordPress login page (usually yourdomain.com/wp-admin).
  2. Click "Lost your password?" below the login form.
  3. Enter your username or email address and click "Get New Password".
  4. WordPress sends a password reset link to your registered email address. Follow the link to create a new password.
Lost your password - reset password

What to do if the reset email does not arrive

  • Check spam and junk — WordPress reset emails are plain-text PHP mail() messages. Many spam filters classify them as bulk mail.
  • Verify the registered address — The email goes to the address stored in wp_users.user_email, not necessarily the one you expect. If you have database access, open phpMyAdmin, open the wp_users table, and confirm the user_email value for your account.
  • Check the admin_email site option — In the wp_options table, find the admin_email row. On some server configurations, a mismatch between admin_email and user_email causes routing issues.
  • Host mail restrictions — Some shared hosts disable PHP mail() by default and require SMTP. If the site had an SMTP plugin (WP Mail SMTP, Postman SMTP) that stopped working, outbound mail silently stops. Your hosting provider’s mail log can confirm whether an attempt was even made.
  • Use Method 3 instead — If email access is lost entirely, phpMyAdmin is faster than debugging mail delivery.

Method 2: Resetting Password via Email

If you have access to the email account linked to your WordPress user account, you can reset via email directly:

  1. On the login page, click "Lost your password?".
  2. Enter your email address (not your username) and click "Get New Password".
  3. Open the email from WordPress and click the password reset link.
  4. Enter and confirm your new password, then click "Reset Password".

This method and Method 1 use the same WordPress feature. The only difference is input type — enter the username if you remember it, or the email address if you don’t. Either works.

Method 3: Changing Password via phpMyAdmin

For direct database access, reset your password using phpMyAdmin:

  1. Log in to your hosting control panel (cPanel, Plesk, or equivalent) and open phpMyAdmin.
  2. In the left sidebar, select your WordPress database.
  3. Open the wp_users table. If the table is not visible, check wp-config.php for the $table_prefix variable — the table follows the pattern <prefix>users.
  4. Locate your admin username in the list and click Edit (the pencil icon).
  5. Find the user_pass field. Clear the current value and type your new password as plain text.
  6. In the Function column next to user_pass, open the dropdown and select MD5. WordPress stores passwords as MD5 hashes in the database; selecting MD5 here tells phpMyAdmin to hash your plain-text input before saving.
  7. Click Go to save the row.
  8. Return to the login page and sign in with your new password.

In our testing, the MD5 hash method works reliably on all major shared hosting providers.

What to do if the phpMyAdmin change does not work

  • Wrong table prefix — If wp-config.php has $table_prefix = 'wpstg_';, look for wpstg_users rather than wp_users.
  • Login still fails after saving — WordPress’s phpass library may reject a raw MD5 hash on newer installs (WordPress 6.x+). If this happens, use Method 5 (WP-CLI), which calls wp_set_password() internally and always generates a compatible hash.
  • Multiple user rows — Check the user_login column and edit the row for your admin username, not a different account.
  • Changes don’t persist — If the row resets to its previous value immediately after saving, a security plugin may be blocking database writes. Temporarily deactivate any database activity monitor or firewall plugin, then retry.

Method 4: Using FTP to Reset the Password

If you have FTP or SFTP access to your site’s files but no database access, edit your active theme’s functions.php:

  • Connect to your website using an FTP client (FileZilla is a free option on all platforms).
  • Navigate to your theme’s folder, usually located in wp-content/themes/your-theme/.
  • Open the functions.php file.
  • Add the following line at the end:
PHP
wp_set_password('YOURNEWPASSWORD', 1);
  • Replace YOURNEWPASSWORD with your desired password. The second argument (1) is the WordPress user ID — user ID 1 is the first admin account created during installation. If you need a different user, find their ID in the ID column of the wp_users table via your hosting provider’s database tool.
  • Save the file and upload it back to the server.
  • Load any page on your site to trigger WordPress and execute the function.
  • Log in with your new password.
  • Remove the added line immediately and re-upload functions.php. Leaving it in place resets the password on every page load, which creates a security exposure.

What to do if the FTP method does not work

  • Wrong theme folder — You must edit the active theme’s functions.php. If you use a child theme, the child theme’s file loads first — edit that file. Confirm which theme is active by checking wp_optionstemplate in phpMyAdmin or your host’s database manager.
  • White screen after saving — A syntax error (missing semicolon, stray character) causes a fatal PHP error. Re-upload your original functions.php backup, then re-apply the edit carefully.
  • User ID 1 is not your account — Retrieve your correct user ID from the wp_users table and replace 1 in the function call.
  • Server-side file caching — Some managed hosts cache PHP files. If loading a page does not trigger the function, wait a minute and reload, or ask your host to purge the PHP file cache.

Method 5: Using WP-CLI

If you have SSH access to the server, WP-CLI is the cleanest method. It calls WordPress’s own wp_set_password() function directly, so the resulting hash is always in the format WordPress expects:

wp user update admin --user_pass="yournewpassword"

Replace admin with your actual admin username. To list all users and find the right login name:

wp user list --fields=ID,user_login,user_email

To target by user ID instead of username (useful when the username contains special characters):

wp user update 1 --user_pass="yournewpassword"

If you are running WP-CLI as the Linux root user, append --allow-root. Confirm WP-CLI is installed with:

wp --info

If WP-CLI is not yet installed on your server, follow the WP-CLI installation guide.

What to do if WP-CLI does not work

  • Command not found — WP-CLI is not installed or not in the system $PATH. Install it or use Method 3 (phpMyAdmin) instead.
  • Permission denied — Run as the web server user (www-data on Ubuntu, apache on CentOS/RHEL) or use sudo -u www-data wp user update .... Some managed hosting environments provide a dedicated SSH terminal in the control panel rather than raw root SSH.
  • "This does not seem to be a WordPress install" — Run the command from the directory containing wp-config.php, or pass --path=/var/www/html (adjust to your WordPress root).

Tips for Strong Password Creation

Creating a strong password is crucial for website security. Here are some tips:

  • Mix upper and lower case letters.
  • Include numbers and symbols.
  • Avoid common words or phrases.
  • Make it at least 12 characters long.
  • Use a password manager to generate and store unique passwords — never reuse the same password across multiple WordPress installs.

Conclusion

A WordPress admin password lockout is recoverable in every scenario covered above. The Lost Password email link handles the majority of cases. When email access is gone, phpMyAdmin gives you direct control over the database in about two minutes. WP-CLI is the cleanest fix when SSH is available because it uses WordPress’s own password-hashing functions and sidesteps the phpass compatibility issue that can occur with a raw MD5 hash. The FTP + functions.php approach is the right fallback when neither database tools nor SSH are accessible.

Once you regain access, update the password to something unique immediately, remove any temporary functions.php edits, and verify the registered email address is current so the same lockout cannot repeat.

Related Articles

Rene Hermenau

Author: Rene Hermenau

About the author: René Hermenau is the founder of WP STAGING. He works on WordPress backups, staging, migrations, database handling, and safe deployment workflows.