WP AI Agent
Features Pricing Blog Contact Download Plugin Manage Subscription Get Free Key →

How to Reset a WordPress Password via phpMyAdmin (Step-by-Step)

· · 8 min read

Knowing how to reset a WordPress password via phpMyAdmin is an essential skill for any site owner or developer who has ever been locked out of their WordPress dashboard. Whether you've forgotten your credentials, your email server isn't delivering reset links, or you've inherited a site without login details, phpMyAdmin gives you direct database access to update your password quickly and securely.

Why You Might Need to Reset a WordPress Password via phpMyAdmin

The standard WordPress password reset flow relies on receiving an email at your registered address. When that process breaks down, phpMyAdmin becomes your best alternative. Common scenarios include:

  • Forgotten admin password with no access to the registered email account
  • WordPress email delivery is broken or blocked by the hosting server
  • Migrated site with outdated or incorrect user email addresses in the database
  • Inherited website with no documented credentials
  • Corrupted WordPress installation that prevents dashboard access

Because phpMyAdmin lets you edit the WordPress database directly, you can overwrite the stored password hash with a new one — no email required.

What You Need Before You Start

Before diving into the steps, make sure you have the following in place:

Access to Your Hosting Control Panel

Most shared hosting providers (cPanel, Plesk, DirectAdmin) include phpMyAdmin as a built-in tool. Log in to your hosting control panel and locate the phpMyAdmin link, usually found under the Databases section.

Your WordPress Database Name

If you're unsure which database your WordPress site uses, open your wp-config.php file. You'll find the database name defined like this:

/** The name of the database for WordPress */
define( 'DB_NAME', 'your_database_name' );

/** MySQL database username */
define( 'DB_USER', 'your_db_username' );

/** MySQL database password */
define( 'DB_PASSWORD', 'your_db_password' );

/** MySQL hostname */
define( 'DB_HOST', 'localhost' );

Note down the DB_NAME value — you'll need it to identify the correct database inside phpMyAdmin.

A New Password Ready

Decide on your new password before you begin. It should be strong: at least 12 characters, mixing uppercase letters, lowercase letters, numbers, and special characters.

How to Reset a WordPress Password via phpMyAdmin: Step-by-Step

Follow these steps carefully. The process takes only a few minutes once you're inside phpMyAdmin.

Step 1: Open phpMyAdmin

  1. Log in to your hosting control panel (e.g., cPanel).
  2. Navigate to the Databases section.
  3. Click the phpMyAdmin icon or link to open it in your browser.

Step 2: Select Your WordPress Database

  1. In the left-hand panel of phpMyAdmin, you'll see a list of databases.
  2. Click on the database name that matches your DB_NAME value from wp-config.php.
  3. The database will expand to show all its tables. Look for tables prefixed with wp_ (or your custom prefix if it was changed during installation).

Step 3: Open the wp_users Table

  1. In the list of tables, click on wp_users (replace wp_ with your actual table prefix if different).
  2. Click the Browse tab at the top to view all user records.
  3. You'll see a row for each registered user. Find the admin account you want to update — typically identified by the user_login column showing admin or the relevant username.

Step 4: Edit the User Record

  1. Click the Edit (pencil) icon on the left side of the row for the user whose password you want to reset.
  2. A form will open showing all columns for that user, including user_pass.

Step 5: Update the Password Hash Using MD5

  1. Find the user_pass field. It currently contains a long hashed string (WordPress uses phpass hashing by default).
  2. Clear the existing value in the user_pass field.
  3. In the Function dropdown column next to user_pass, select MD5 from the list. This tells phpMyAdmin to automatically hash whatever value you type.
  4. Type your new plain-text password into the user_pass value field.
  5. Click the Go button to save the change.

Important note on hashing: WordPress natively uses the phpass hashing algorithm, which is stronger than MD5. However, WordPress is backward-compatible with MD5 hashes — when you next log in, WordPress will detect the MD5 hash, verify your password, and automatically upgrade the hash to its stronger phpass format. Your login will succeed on the first attempt.

Step 6: Verify the Change

  1. Browse the wp_users table again.
  2. Confirm that the user_pass column for your user now shows a new hash string (32 characters for MD5).
  3. Open your WordPress login page (usually yoursite.com/wp-login.php) and log in with the username and your new password.

Alternative Method: Using an MD5 Hash Generator Manually

If the Function dropdown in phpMyAdmin does not show the MD5 option, you can generate the hash yourself and paste it directly.

Generate a Hash Online or via PHP

  1. Visit a trusted MD5 hash generator website, or use the PHP command line on your server.
  2. Enter your new password and copy the resulting 32-character MD5 hash.
  3. In the phpMyAdmin edit form, paste this hash into the user_pass field.
  4. Make sure the Function column next to user_pass is set to none (blank) — you do not want phpMyAdmin to hash an already-hashed value.
  5. Click Go to save.

Using PHP to Generate a WordPress-Native Hash

If you have server command-line access or can run a PHP snippet, you can generate a proper WordPress phpass hash using WP-CLI, which is the recommended approach for production sites:

# Generate a password hash using WP-CLI
wp user update 1 --user_pass="YourNewSecurePassword123!" --allow-root

# Or reset by username
wp user update admin --user_pass="YourNewSecurePassword123!" --allow-root

WP-CLI handles the entire process — no database editing required — and produces the correct phpass hash automatically. However, it requires SSH access to your server.

Troubleshooting Common Issues

Even with the correct steps, you may run into problems. Here are the most common issues and how to resolve them.

Can't Find phpMyAdmin in Your Control Panel

If phpMyAdmin isn't visible in your hosting control panel, contact your hosting provider's support team. Some managed WordPress hosts (like WP Engine or Kinsta) offer a custom database management tool instead of phpMyAdmin, or provide access via a separate URL.

Multiple Databases — Not Sure Which One to Use

Check your wp-config.php file as described earlier. The DB_NAME constant will tell you the exact database name. If you have SSH access, you can view the file with:

cat /path/to/your/site/wp-config.php | grep DB_NAME

Table Prefix Is Not wp_

During WordPress installation, some security guides recommend changing the default wp_ table prefix to something custom (e.g., wp7x_users). Check your wp-config.php for the $table_prefix variable:

$table_prefix = 'wp_';

Replace wp_users with yourcustomprefix_users throughout the steps above.

Login Still Fails After Updating the Password

Double-check the following:

  • Ensure you selected MD5 in the Function dropdown (or pasted a valid MD5 hash with no Function selected).
  • Confirm you saved the change by clicking Go.
  • Clear your browser cookies and cache before attempting to log in again.
  • Make sure you're logging in with the correct username — not the display name or email address in some configurations.
  • Check whether a security plugin (like Wordfence) may be blocking your IP address.

Security Best Practices After Resetting Your Password

Once you've regained access to your WordPress dashboard, take a few minutes to strengthen your account security.

Update Your Email Address

Go to Users > Your Profile in the WordPress dashboard and confirm that your email address is correct and accessible. This ensures future password reset emails will reach you.

Enable Two-Factor Authentication

Install a two-factor authentication plugin such as WP 2FA or Google Authenticator. This adds a second layer of protection so that even if your password is compromised, an attacker still cannot access your account.

Use a Password Manager

Store your new password in a reputable password manager (1Password, Bitwarden, Dashlane) so you never lose access again. Generate a truly random, high-entropy password rather than something memorable.

Limit Login Attempts

Install a plugin like Limit Login Attempts Reloaded to block brute-force attacks that try to guess your password through repeated login attempts.

Audit User Accounts

While you have database access, browse the wp_users table and review all registered accounts. Remove any accounts you don't recognise — these could be backdoors created by a previous attacker.

Frequently Asked Questions

Is it safe to reset a WordPress password via phpMyAdmin?

Yes, it is safe as long as you have legitimate access to your own hosting account and database. phpMyAdmin uses your hosting credentials to authenticate, so only authorised users can make changes. Always use a strong, unique password when updating your credentials, and consider enabling two-factor authentication after regaining access.

Will changing the password hash in phpMyAdmin break anything else in WordPress?

No. The user_pass field in wp_users is self-contained. Changing it only affects the login password for that specific user. It does not alter posts, settings, plugins, themes, or any other WordPress data. WordPress will automatically upgrade an MD5 hash to its stronger phpass format the first time you successfully log in.

What if I don't have access to phpMyAdmin or my hosting control panel?

If you have SSH access to your server, use WP-CLI to reset the password from the command line without needing phpMyAdmin. If you have FTP access but no database access, you can use the Emergency Password Reset script by WordPress.org — upload a PHP file to your root directory to trigger a password reset. If you have neither, contact your hosting provider's support team directly.

How do I find my WordPress database name without wp-config.php access?

Log in to phpMyAdmin and look for a database that contains tables named with the wp_ prefix (e.g., wp_users, wp_posts, wp_options). If you have multiple databases, browse each one until you find these WordPress-specific tables. Alternatively, your hosting control panel's database section may list database names alongside their associated users, which can help you identify the correct one.

Resetting a WordPress password via phpMyAdmin is a reliable solution for regaining admin access when conventional methods fail. By following the steps in this guide, you can update your credentials directly in the database and get back into your dashboard within minutes. For ongoing WordPress management — including user administration, plugin updates, and security tasks — consider using WP AI Agent, an intelligent tool that lets you handle complex WordPress tasks like these through simple natural-language AI chat, no manual database editing required.

Ready to manage WordPress with AI?

Get 100,000 tokens free every month. No credit card required.

Get Your Free License Key →

More from the blog

7 min read

How to Configure WordPress Reading Settings: Complete Guide

8 min read

How to Embed a YouTube Video in WordPress: Complete Guide

8 min read

How to Schedule Posts in WordPress: Complete Step-by-Step Guide