How to Reset Your WordPress Admin Password (6 Methods)

A locked dashboard and an invalid recovery link usually mean your server is actively blocking PHP mail functions or your database credentials have desynced.

The Quick Diagnostic: Which Method Do You Need?

You do not need to read this entire guide to get back into your site. Identifying your current access level is the only step you need to take right now. If your hosting provider gives you a dedicated WordPress management panel, use Method 2. If you have your cPanel login details but no email access, Method 3 is your database solution. If you use a file manager like FileZilla and only have FTP credentials, skip straight to Method 4.

Method 1: The Standard Lost Your Password Link

Clicking the lost password link on your login screen is the standard approach. You enter your username or email address and wait for the recovery link. The problem begins when that email never arrives.

Why Aren't You Getting the Password Reset Email?

WordPress relies on the default PHP mail function to send outgoing messages. Many hosting providers disable this function entirely to prevent server spam. Your email provider might also aggressively filter these automated messages, sending them straight to the spam folder.

The Permanent Fix: Setting Up an SMTP Plugin

You need to bypass the PHP mail function completely. Once you regain access using the other methods below, install a dedicated SMTP plugin like WP Mail SMTP or FluentSMTP. These plugins route your WordPress emails through secure, authenticated providers like SendGrid or Google Workspace. This guarantees your future password reset links actually reach your inbox.

How to Fix the Invalid or Expired Link Error

Sometimes the email arrives, but clicking the link gives you an invalid or expired error. Caching plugins often cause this issue. The server caches the token URL, making it useless upon the first click. If you use W3 Total Cache, WP Super Cache, or a similar plugin, go to its settings and flush all cached files, then request a fresh reset link. Also try opening the link in a private browsing window to rule out browser-side caching.

Method 2: 1-Click Recovery via cPanel or Plesk WP Toolkit

Modern hosting environments simplify this process significantly. If your host provides WP Toolkit or Softaculous, you have a direct backdoor.

Log into your main hosting dashboard. Navigate to the WP Toolkit or Softaculous WordPress management section. You will see a list of your installed WordPress sites. Click the Setup or Manage button next to your specific site. You will find a clear option to change the administrator password right there. Type your new strong password and hit save. You are back in.

Method 3: Force Reset via phpMyAdmin (Database Access)

This is the most reliable method when everything else fails. You are going to directly edit the raw data WordPress uses to authenticate users.

First, you need your database name. Access your site files via FTP or cPanel File Manager and open the wp-config.php file. Look for the line defining DB_NAME. Note that exact name down.

Now, open phpMyAdmin from your hosting dashboard and select that specific database from the left sidebar. Look for the wp_users table and click on it. Find your admin username in the list and click the Edit button on that row.

Delete the long string of random characters in the user_pass field. Type your new password in plain text. Click the dropdown menu in the Function column right next to your password and select MD5. This encrypts your new password so WordPress can read it. Click the Go button at the bottom to save your changes.

If you cannot open phpMyAdmin at all, first check whether you are dealing with an Error Establishing a Database Connection, which will block database access regardless of your credentials.

Why MD5? WordPress does not use MD5 for permanent password storage. Selecting it here acts as a trigger: the moment you log in, WordPress detects the MD5-hashed value, validates it, and immediately re-hashes it using its own stronger algorithm.

Method 4: Use FTP and the functions.php Snippet

If you cannot access your database but have FTP credentials, your theme files hold the key.

Connect to your server using an FTP client like FileZilla. Navigate to wp-content/themes and open your active theme folder. Download the functions.php file to your computer and open it with a code editor. Paste the following snippet right after the opening <?php tag:

wp_set_password( 'YourNewPassword', 1 );

Replace YourNewPassword with your desired password. The number 1 refers to User ID 1, which is almost always the original admin account. If you are unsure of your User ID, open phpMyAdmin, look at the wp_users table, and check the ID column for your username. Upload the modified file back to the server and overwrite the old one. Load your WordPress login page in your browser.

Remove this line immediately after logging in. If you leave it, the code runs on every page load and resets your password continuously, locking you out again within minutes.

Method 5: The Emergency PHP Reset Script (When All Else Fails)

This is the absolute last resort when you have no database access and the functions.php method is unavailable.

Create a new plain text file on your computer and name it emergency-reset.php. The WordPress core contributors maintain an emergency password reset script at wordpress.org/support/article/resetting-your-password. Find the "Emergency Password Reset Script" section, copy that code, and paste it into your file.

Upload this file to the root directory of your WordPress installation using FTP. Open your browser and navigate to yoursite.com/emergency-reset.php. The script will prompt you to enter the administrator username and a new password. Submit the form.

Delete this file immediately after gaining access. Leaving this script on your server is a critical security risk: anyone who knows the URL can use it to take over your site.

Method 6: Reset via SSH Using WP-CLI

Advanced users managing VPS or dedicated servers can do this in one command.

Connect to your server via SSH and navigate to your WordPress root directory. Run:

wp user update 1 --user_pass="YourNewSecurePassword"

Replace 1 with the actual User ID you want to update. WP-CLI handles the hashing and updates the database instantly. You can also use the username directly:

wp user update yourusername --user_pass="YourNewSecurePassword"

How to Reset Another User's Password as Admin

If you are already logged in as an administrator and need to help a locked-out editor or author, you do not need any of the above methods.

Go to Users > All Users in your dashboard. Hover over the account and click Edit. Scroll down to the Account Management section and click Set New Password. Generate a strong password, then click Update User.

Regained Access? Do These 3 Things Immediately

Getting back in is only the first step. Do not skip this part.

Update your password to something genuinely strong and unique. Not the temporary one you just created. A password manager like Bitwarden generates and stores these for you automatically.

Install a Two-Factor Authentication plugin. Adding a secondary verification step via an authenticator app blocks unauthorized logins even if someone guesses your password. While you are in the admin settings, it is also worth hiding unnecessary menus in the WordPress admin panel to reduce the exposed surface area for any future access issues.

Configure an SMTP plugin as described in Method 1. Routing your WordPress emails through a proper authenticated provider means you will never have to manually edit database tables or upload emergency scripts just to recover a forgotten password again.