WP AI Agent
Features Pricing Blog Contact Download Plugin Manage Subscription Get Free Key →

How to Reset a WordPress Password via phpMyAdmin (Step-by-Step)

· · 8 min read

Knowing how to reset a WordPress password via phpMyAdmin is an essential skill for any WordPress site owner or developer, especially when you find yourself completely locked out of the admin dashboard with no access to the registered email account. This guide walks you through every step of the process, explains why it works, and covers common pitfalls to avoid along the way.

Why You Might Need to Reset a WordPress Password via phpMyAdmin

There are several real-world scenarios where the standard "Lost your password?" link on the WordPress login screen simply won't help you:

  • The email address associated with your admin account no longer exists or is inaccessible.
  • Your WordPress site is not sending emails due to a misconfigured mail server or missing SMTP plugin.
  • You have inherited a site and the previous owner did not hand over credentials.
  • The wp-login.php page itself is blocked or returning errors.
  • You are working on a local development environment with no live email delivery.

In all of these situations, phpMyAdmin — the web-based graphical interface for managing MySQL and MariaDB databases — gives you direct access to the WordPress database so you can update the password hash manually, bypassing the WordPress application layer entirely.

What You Need Before You Start

Access to Your Hosting Control Panel or Local Server

phpMyAdmin is almost always bundled with popular hosting control panels such as cPanel, Plesk, and DirectAdmin. On local development stacks, it is included with XAMPP (C:\\xampp\\htdocs), MAMP, WAMP, and Laravel Herd/Valet-adjacent tools. Confirm you can log in to phpMyAdmin before proceeding.

Your WordPress Database Name

You will need to know which database your WordPress installation uses. If you are unsure, open your site's wp-config.php file and look for the following line:

define( 'DB_NAME', 'your_database_name' );

Also note DB_USER, DB_PASSWORD, and DB_HOST while you have the file open — these are the credentials you may need to log in to phpMyAdmin if your host requires them.

Basic Knowledge of MySQL Tables

You do not need to be a database administrator, but it helps to understand that WordPress stores all user accounts in the wp_users table (the prefix wp_ may differ on your installation). Passwords are stored as MD5-based hashes managed by the PHPass library, not as plain text.

Step-by-Step: How to Reset a WordPress Password via phpMyAdmin

Follow these steps carefully. Each action is reversible up until you click Go to execute a query, so read every step before confirming.

  1. Log in to phpMyAdmin. Navigate to your hosting control panel and open phpMyAdmin, or go directly to a URL such as https://yourdomain.com/phpmyadmin if your host exposes it there. Enter your database username and password if prompted.
  2. Select your WordPress database. In the left-hand sidebar you will see a list of all databases on the server. Click the name that matches the DB_NAME value you found in wp-config.php. The sidebar will expand to show all tables inside that database.
  3. Open the wp_users table. Scroll through the table list and click on wp_users. If your site uses a custom database prefix (for example, wp7x_), the table will be called wp7x_users instead. Clicking the table name loads all user rows in the main panel.
  4. Identify the account you want to update. Each row represents one WordPress user. Find the row where the user_login column matches the username of the account whose password you need to reset. Note the value in the ID column for reference.
  5. Click the Edit (pencil) icon on the far left of that user's row. phpMyAdmin will open an inline form showing every field for that record.
  6. Locate the user_pass field. Scroll down to the field named user_pass. You will see a long string of characters starting with $P$B — this is the current hashed password.
  7. Set the Function to MD5. Directly to the left of the user_pass input box there is a dropdown labelled Function. Click it and select MD5 from the list. This tells phpMyAdmin to hash whatever plain-text value you type before saving it to the database.
  8. Type your new password. Clear the existing hash from the user_pass value field and type your new plain-text password. Choose something strong — at least 12 characters with a mix of uppercase, lowercase, numbers, and symbols.
  9. Click Go to save the changes. phpMyAdmin will apply the MD5 function to your input and store the resulting hash in the database. A green success banner will confirm the row was updated.
  10. Test the new password immediately. Open a private/incognito browser window and navigate to https://yourdomain.com/wp-login.php. Enter the username and the new password you just set. You should be logged in successfully.

Using an SQL Query Instead of the GUI

If you prefer to work directly with SQL — or if your version of phpMyAdmin does not show the Function dropdown — you can execute a query manually. This method is faster once you are comfortable with it and is particularly useful if you are managing multiple sites.

Running the UPDATE Query

  1. In phpMyAdmin, click your WordPress database name in the left sidebar to make sure it is selected.
  2. Click the SQL tab at the top of the main panel. A text area will appear where you can type raw SQL.
  3. Enter the following query, replacing newpassword with your chosen password and 1 with the correct user ID you noted earlier:
UPDATE wp_users
SET user_pass = MD5('newpassword')
WHERE ID = 1;
  1. Double-check the table name prefix matches your installation (e.g., wp7x_users if your prefix is wp7x_).
  2. Click Go. phpMyAdmin will report how many rows were affected — it should say 1 row affected.
  3. Test the login as described in Step 10 above.

Important note about MD5 vs. WordPress PHPass hashing: WordPress natively uses the PHPass portable hashing framework, which is stronger than plain MD5. When you save an MD5 hash directly to the database, WordPress will detect it on the next successful login and automatically rehash the password using PHPass, upgrading the security silently. This means using MD5 via phpMyAdmin is safe and intentional — WordPress handles the upgrade transparently.

Alternative: Reset the Password Using WP-CLI

If you have SSH access to your server, WP-CLI (WordPress Command Line Interface) is often a faster and safer option than editing the database directly. It uses WordPress's own password hashing functions, so you skip the MD5 intermediate step entirely.

WP-CLI Command to Reset a Password

SSH into your server, navigate to your WordPress root directory, and run:

wp user update 1 --user_pass="YourNewStr0ngP@ssword" --allow-root

Replace 1 with the user's ID or substitute it with the username or email:

wp user update admin --user_pass="YourNewStr0ngP@ssword"
wp user update [email protected] --user_pass="YourNewStr0ngP@ssword"

WP-CLI will confirm success with a message like Success: Updated user 1. This method also triggers WordPress hooks and properly hashes the password using PHPass from the start.

Troubleshooting Common Issues

The Login Still Fails After Updating the Password

If you updated the password but still cannot log in, check the following:

  • Wrong table prefix: Confirm that you edited the right *_users table. Open wp-config.php and look for $table_prefix to verify the prefix.
  • Cached credentials: Clear your browser cookies and cache, or test in a private window.
  • Multiple user accounts: Make sure the user_login in the row you edited matches exactly what you are typing in the login form (case-sensitive in some server configurations).
  • A security plugin is blocking logins: Plugins like Wordfence or iThemes Security may have locked your IP. Check their settings via the database's wp_options table or temporarily rename the plugin folder via FTP/cPanel File Manager.

You Cannot Find phpMyAdmin in Your Hosting Panel

Some managed hosting providers (such as WP Engine, Kinsta, or Flywheel) do not provide phpMyAdmin access for security reasons. In these cases, use the host's built-in database management tool, connect via SSH and use WP-CLI as shown above, or contact support to request a password reset. Most managed hosts offer a one-click admin password reset from their dashboard.

The wp_users Table Has an Unexpected Prefix

If you cannot find a table ending in _users, look inside wp-config.php for the $table_prefix variable:

$table_prefix = 'wp_';

Whatever value is set there — for example xk92_ — will be prepended to every WordPress table name, so the users table would be xk92_users.

Frequently Asked Questions

Is it safe to reset a WordPress password via phpMyAdmin?

Yes, it is safe when done correctly. phpMyAdmin communicates with your database over a secure connection (HTTPS on live servers), and the MD5 hash you store is automatically upgraded to PHPass by WordPress on the next login. Just make sure you choose a strong new password and that your phpMyAdmin instance is itself password-protected.

Why does WordPress use MD5 hashing in phpMyAdmin but PHPass internally?

WordPress uses the PHPass library for all passwords created or changed through the WordPress application. However, phpMyAdmin only offers standard MySQL functions like MD5 in its GUI. WordPress is designed to recognise MD5 hashes stored in the database and transparently rehash them with PHPass the first time that password is used to log in, so the end result is fully secure.

What if I don't have access to phpMyAdmin or SSH?

If neither phpMyAdmin nor SSH is available, you can reset your password by editing the functions.php file of your active theme via FTP. Add a one-time code snippet that calls wp_set_password( 'newpassword', 1 );, load any page on your site to trigger it, then immediately remove the code. Alternatively, contact your hosting provider's support team — most can reset the admin password for you.

Will resetting the password via phpMyAdmin log out all active sessions?

Not automatically. WordPress stores session tokens separately in the wp_usermeta table under the key session_tokens. If you want to invalidate all existing sessions after a password reset — for example, if you suspect the account was compromised — you should also delete those meta rows for that user ID, or use the WP-CLI command wp user session destroy --all.

Resetting a WordPress password via phpMyAdmin is a reliable lifeline when you are locked out and the standard recovery options are unavailable. By following the steps above, you can regain full access to your site in just a few minutes. If you prefer not to dig into databases manually, consider using WP AI Agent — an intelligent tool that lets you manage WordPress tasks like password resets, plugin updates, and site configuration through simple natural-language AI chat, no technical knowledge required.

Ready to manage WordPress with AI?

Get 100,000 tokens free every month. No credit card required.

Get Your Free License Key →

More from the blog

8 min read

How to Add a Table of Contents to WordPress Posts (Complete Guide)

7 min read

How to Display a Recent Posts Widget in WordPress: Complete Guide

8 min read

How to Create a 404 Error Page in WordPress: Complete Guide