How to to change forgotten, locked out or hacked WordPress site password

WordPress dashboard

Most of us may come to a point where we've forgotten our WordPress password, it's easily done.

Although forgotten passwords are common, other issues may happen including becoming locked out after too many login attempts.

Worst case scenario, you been hacked and you can't get back into your website!

Hacked websites can easily happen if your website is outdated or using a weak password.

This simple guide will show you how to change your WordPress password, whether you have lost it, logged in too many times or been hacked.

Overview

WordPress

WordPress is a content management system released back in May 2003.

WordPress is used by 43% of all websites around the globe!

To put that in perspective, that's all of the other content management systems combined.

Great for creating blogs, business websites or even directory websites,

WordPress is very versatile, making it one of the most popular content management systems for creating your own website.

Password strength

We've all signed up with a website wondering what password you should use.

With any password it's always best to keep it safe and secure.

Think of a password that you'll remember, including numbers, symbols and letters to make it stronger.

Use a combination of letters, numbers and symbols, making it harder to guess.

Passwords can be easily found by phishing attacks on websites if your password is weak.

Don't use common passwords such as

These passwords are very easy to guess, gaining access to any website within a matter on seconds.

Limiting password attempts

With any strong password you can create further restrictions so they can't guess your password.

These include two factor authentication or a WordPress plugin for extra security.

Should they try a phishing attack or enter your password wrong multiple times, they'll be automatically blocked.

Loginizer

WordPress plugins like Loginizer will limit the attempts for guessing your password.

This will also apply for yourself when logging in, so make sure you guess it correctly.

Should you also lock yourself out don't worry, you can remove Loginizer in the plugins folder of your WordPress installation.

After an incorrect password is entered 5 times they will be temporary banned from trying to login.

You can change password attempts limit within the settings and how long you want them to be banned.

Loginizer can be downloaded, activated and installed in the plugins section of your WordPress dashboard.

  1. Login to WordPress
  2. Go to plugins
  3. Add new
  4. Search "Loginizer"
  5. Install
  6. Activate

Loginizers default is 5, unless you want to manually change this setting.

Alternatively if you fancy downloading it yourself, you can go to the WordPress plugins page.

  1. Search "Loginizer"
  2. Download
  3. Upload in the plugins area
  4. Finally activate Loginizer for it to start limiting incorrect password attempts to your website

WordFence

WordFence is another plugin that can help lock down your site.

WordFence has extra features and it's own firewall protection that prevents any hacking attempt on the site.

It also has free and premium options, although most only need the free version.

WordFence can also be downloaded in the plugins section of the WordPress dashboard or via the WordPress website.

  1. Login to WordPress
  2. Go to plugins
  3. Add new
  4. Search "WordFence"
  5. Install
  6. Activate
  7. Edit settings as required

You'll be asked to download a backup copy of your .htaccess file before WordFence edits the file.

Once completed WordFence will of updated your file, adding extra protection.

Also check out the settings, making any changes as required.

Changing password

Before you decide to change your password we recommend you using a stronger one.

Never share passwords with team members or even contract developers.

Instead create a new user role so you can manage permissions.

you can add new accounts under "Users".

Change password using "Forgotten password"

The easiest way to reset you password is by using the forgotten password link.

This will send an email with a password reset link - it's all in the name.

To reset your password, go to where you login, or type in a browser yourdomain.com/wp-admin.

Replace yourdomain.com with your own domain and press enter.

You should now see your login page, at the bottom you will be able to see "Lost your password?"

Click the link, which will take you to a different page.

Type in your username if you know it, or your email address.

After you've entered your email or username press the "Get new password" button.

If successful, you'll get an email if it matches the administrator email.

If it's not worked, skip to "Changing WordPress password in Softaculous", only if you've installed with the SoftacuChanging WordPress password in Softaculouslous app.

Otherwise go to "How to change WordPress password in PhpMyAdmin".

Changing WordPress password from dashboard

If you're able to login to your WordPress website, the easiest way of changing your password is from the WordPress dashboard.

For this step you'll need to login via the WordPress login area.

Ok, lets login to your account if you are able to do so.

  1. Type in your WordPress login area, usually yourdomain.com/wp-admin - replace yourdomain.com with your own domain
  2. You should now be in the back end of your website, you'll be able to see your dashboard.
  3. Look down the left hand side, click on the "Users" tab
  4. Within the users area click on your administrator username to change your password
  5. Scroll down to to "Account Management"
  6. Next to new password click on "generate password" to get your new password or manually enter your own password.
  7. Make sure the password can't be easily guessed.
  8. Click update profile to save your new details

Your password has now been updated.

Changing WordPress password in Softaculous

Changing password in your Softaculous is simple, you'll also need your hosting account details.

  1. Log into your hosting account control panel
  2. Navigate to the Softaculous applications installer, usually located under the extras tab for Directadmin users
  3. Click the all installations icon in the top right
  4. Click on edit WordPress installation
  5. Under admin account, enter your new username or password
  6. Scroll down to the bottom and click "Save installation details" to update your password

You've now updated your password in Softaculous.

How to change WordPress password in PhpMyAdmin

Knowing how to change your password in PhpMyAdmin is important just in case your WordPress installation is hacked.

If you are not able to reset using the other guides above then this way should do the trick.

WordPress uses a database which can be accessed through your phpMyAdmin.

Follow the following steps to reset your WordPress password in PhpMyAdmin.

  • Login to your hosting account
  • Locate phpMyAdmin
  • Find your WordPress installation on the left-hand side.
  • Expand Your installation and look for field _users.
  • Click on edit.
  • In the password area on the user_pass column, the password is encrypted using MD5, you can make a new password that is encrypted using MD5 hash.
  • Copy and paste your new encrypted code and save, your new password is now changed.
  • Alternatively if you don't want to use the MD5 hash website you can enter your new password in the password field then the drop down gives you the option to select MD5.
  • Save updated information

    • Your new password will now be updated, test your login to confirm it works.

    Summary

    We all go through phases of losing our password, but knowing how to fix the issue can either be frustrating or easy if you use our guide.

    Remember to always use a strong password, so even if you've forget it, nobody else can access your website.

    This way you'll be able to reset and carry on without the worry of it being hacked.

    Use letters, numbers and symbols for a strong password that nobody else can guess.

    Hackers are always trying to find a way into your website, we just can't see it.

    keep passwords, plugins, themes and anything else secure and upto date.

    Add an SSL certificate to prevent phishing attacks, preventing them stealing your personal information.

    This way it gives any potential hackers very little chance of gaining access to your website.

    Finally, find a hosting provider that reliable and concious about the servers security.

    If the hosting providers server it's fully secure, all the websites on it are potentially at risk.

    We hope this blog has helped you get back into your WordPress site, making it more secure for future attacks.

    Are you looking for a reliable and secure WordPress web hosting provider? Check out our packages for more information.