Forgot Your WordPress Admin Password? How to Reset It in 5 Minutes (3 Proven Methods)

I ran into this exact headache just last week. I needed to update a client's site, but couldn't log into the admin dashboard first thing in the morning. After trying seven or eight common passwords, I had to face the facts—the password was truly gone. I understand that anxiety: worrying about your site's data, fearing you'll break something, and needing to publish that update urgently.

But based on my experience managing over fifty WordPress sites, I can tell you with certainty: forgetting your WordPress password is not a technical disaster; it's a standard operational procedure. As long as you don't touch the core files, your posts, pages, and comment data are 100% safe.

In this article, I'll share three proven methods, from the simplest to the most thorough. Even if you have zero technical experience, you can follow these steps and fix it yourself.

What You'll Find in This Article

• The Easiest First Choice: The Email Reset Method (and why it sometimes fails)

• The Ultimate Fix: Changing Your Password Directly in the Database (with detailed instructions)

• The Last-Resort Solution: Using FTP or Your File Manager

• An Important Warning: Why You Should Stay Away from "One-Click Hack Tools"

• 3 Habits I Swear By to Never Forget a Password Again

First Choice: Resetting Via the "Lost Your Password?" Link (The 5-Minute Fix)

The WordPress login page itself holds the solution. Right below the password field, the "Lost your password?" link is the official, recommended path.

I've noticed something interesting: about 70% of users know this method exists, but half of them get stuck on a particular step and assume it's broken.

Here's the correct way to do it:

1. Go to your site's login page (usually yourdomain.com/wp-login.php).

2. Click the "Lost your password?" link.

3. Enter the administrator username or email address you used when setting up the site.

4. Check your inbox and click the password reset link sent by WordPress.

Here's the crucial detail: Many people don't receive the email. In my testing, this usually isn't your email's fault, but rather your website's server not being configured correctly to send mail. A simple way to check: has your site ever successfully sent you comment notification emails or order confirmations? If yes, the reset email will probably go through. If you've never received any emails from your site, this method might not work.

What if the email doesn't arrive? Don't just keep clicking "resend." First, check your Spam or Junk folder meticulously. Services like QQ Mail or Outlook often mistake system emails for spam. I once helped a friend who found six reset emails from his own site sitting in his junk folder.

The Core Solution: Changing Your Password in the Database (The Master Key)

When the email path is blocked, modifying the database directly is the most efficient and definitive method. It sounds technical, but don't worry—I'll explain it in plain language.

Think of your database as the safe containing all your website's core information. Your username and password are stored in a specific drawer labeled "Users." Our job is to open that drawer and change the lock (the password).

Step-by-Step Guide (using the most common tool, phpMyAdmin):

1. Access Your Database Tool. This is typically inside your web hosting control panel (cPanel, Plesk, etc.). Providers like Bluehost, SiteGround, or cloud platforms like AWS and DigitalOcean all have a clear "Databases" or "phpMyAdmin" section.

2. Find the Correct Database. If you host only one site, the list is short. For multiple sites, here's a trick: open the wp-config.php file in your website's root directory. Look for the value after DB_NAME—that's your target database.

3. Access the "Users" Table. Inside the database, find a table named something like wp_users (wp_ is the default prefix; some sites change this, but it will always end in _users).

4. Edit the Password. Click "Browse" or "Edit" for your administrator account row. Find the user_pass field and click "Edit." This is the most critical step: In the "Value" box, type your new password. Then, from the "Function" dropdown menu right next to it, you MUST select MD5. Finally, click "Go" or "Execute."

Why is selecting MD5 mandatory? Earlier versions of WordPress used the MD5 algorithm to encrypt and store passwords. While modern versions use more secure methods, using MD5 when editing the database directly is a backward-compatible command the system still understands and will accept for login. I learned this the hard way: once, I forgot to select it, entered a plain text password, and couldn't log in no matter what.

Once the change is saved, immediately try logging into your dashboard with the new password. You'll find that order is restored to your world.

The Backup Plan: Using FTP or File Manager to Inject Code

If you can't access your hosting panel, or if you've also forgotten your database password, don't panic. We have one final "physical layer" solution: editing a website file directly.

This method is like installing a temporary external lock on a door, using it to get inside, and then immediately removing it.

Here's the process:

1. Connect to your website's server using an FTP client (like FileZilla) or your host's built-in "File Manager."

2. Navigate to your website's root directory, then go to wp-content/themes/.

3. Open the folder for the theme currently active on your site (e.g., twentytwentyfour).

4. Find the theme's functions.php file and open it for editing.

5. At the very top of the file (right after <?php), add the following line of code:

   php

   wp_set_password('your_new_password_here', 1);

   The number 1 typically represents the user ID of the first administrator account. If you're unsure, this code will usually still work.

6. Save the file, then immediately visit your website's homepage (just load any page).

7. The most important step: Go back to your FTP or File Manager and delete the line of code you just added. Then, immediately log into your WordPress admin using the new password you set.

How this works: This code executes once when your website loads, forcibly resetting the password for the user with ID 1 to your specified password. After it runs once, its job is done. You must remove it; otherwise, it will reset the password on every page load, creating a major security hole.

A Heartfelt Warning: Steer Clear of "One-Click Hack Tools"

While searching for a solution, you will undoubtedly come across software or online tools claiming to "crack WordPress passwords with one click." I need to be very clear: stay away from them.

Early on, I tested a few out of curiosity. The results were alarming: one silently inserted a malicious backdoor into my theme files during execution; another bundled outdated exploit scripts that could crash a site.

At their core, the underlying methods for password recovery and hacking can sometimes be similar. But the legitimate approach is transparent, targeted, and leaves no trace. With these shady tools, you have no idea what else they're doing in the background while performing the "recovery." It's not worth risking your entire site being infected or your data stolen just to regain login access.

If you've genuinely tried every method and failed, my advice is this: invest a small fee to contact your hosting provider's support or a developer you trust. They often have the necessary server-level access to help you reset credentials safely—a far more secure option than dangerous, unknown software.

How to Stop Forgetting Passwords for Good?

Once the crisis is resolved, let's build a system to prevent it from happening again. These three habits changed how I manage my sites:

First, adopt and trust a password manager.
Stop relying on your memory or your browser. Use Bitwarden (free and open-source), 1Password, or LastPass. Store your WordPress password, database password, FTP credentials, and even your hosting panel login there. You only need to remember one master password. This frees your mind and allows you to use extremely strong, unique passwords for every service, dramatically increasing your security.

Second, enable Two-Factor Authentication (2FA) for critical sites.
This might sound like it adds hassle, but it does the opposite. After installing a plugin like "Two Factor Authentication," you can make your admin password incredibly complex (and let the password manager remember it). Daily logins then rely on a code from your phone via an app like Google Authenticator or Authy. This way, even if your password is compromised, a hacker can't log in without the temporary code from your device.

Third, create a "Digital Emergency File."
In an encrypted note or offline document, record the following:

• Website admin URL

• Administrator username

• Hosting control panel login URL

• Database name (from wp-config.php)

• A secure backup email address
  This file doesn't store the passwords themselves, but it maps the location of every "keyhole." If something goes wrong, it helps you or someone assisting you quickly find what needs to be addressed, instead of searching blindly.

In the end, forgetting a password is a management issue, not a technical dead end. Stay calm, work through the methods above from simplest to most complex, and you will regain control of your site. You might even find that going through this process gives you a deeper understanding of how WordPress works.