On many occasions we do not have a program to manage databases interactively as
Adminer
or
phpMyAdmin
. If we need to
restore the WordPress password because we have forgotten it
and we only have one session open in the terminal, we can easily change the WordPress password.
I use this method quite frequently in local development environments, where I don't have an SMTP mail server installed and I can't use the password retrieval function itself through an email that includes WordPress.
How to change the WordPress password from the MySQL console.
To carry out this tutorial, we will need an open console session and credentials to access the MySQL or MariaDB database, which would be: the username, password and host
(by default it is omitted if it is localhost)
.
The process will be done in three steps:
-
Create the hash of our new password.
-
Connect to the WordPress database.
-
Replace the hash of the old password with the hash of the new one.
How to create a hash of a WordPress password.
WordPress has used the MD5 algorithm since its inception to store the password in the database, but as it is considered an insecure algorithm, in 2007 WordPress adopted
phpass
(portable PHP password hashing framework)
.
Imagine that our password is
"TechnoWikis"
(without the quotes), then if we use the above algorithms we would get:
-
MD5:
8bfe929f64006000e190bbe385b6e93a
-
Phpass:
$P$BzJMa8sfzhikh/nmodBIN3yPPhkw.u1
When
modifying the password hash directly in the WordPress database
, both types of hashes would work, since
WordPress maintains compatibility with both
. In fact, we will use the MD5 algorithm to restore the password from the terminal, since
WordPress will automatically switch to the phpass algorithm when we first identify ourselves
.
We will use the MD5 algorithm to generate our password, since from a Linux terminal we can generate these hashes very easily with the
echo -n TechnoWikis | md5sum
command
echo -n TechnoWikis | md5sum
echo -n TechnoWikis | md5sum
Now that we have the hash corresponding to our new password, we will access the WordPress database.
Connecting to the WordPress database from the Linux console.
With our open terminal session, we execute the
mysql -u root -p
command and enter the password. On another occasion, we have already published a tutorial with instructions on
how to access MariaDB or MySQL from the Linux console
, which I recommend you have on hand.
Once authenticated, we will execute the query
SHOW databases;
which will show us all the databases to which the authenticated user has access. To select the WordPress database, we will execute the query
USE nombre_db_wordpress;
.
Now we can list all the tables in the database with the query
SHOW tables;
and we will have to identify the table where WordPress users are stored, which generally has a name similar to
wp_users
. This is the name of the table in a default WordPress installation, since it sets
wp_
as a
wp_
prefix.
Replace the hash of the old password with the hash of the new one.
To obtain a list with all users and their ID
(identifier)
, we execute the query:
SELECT ID, user_login, user_pass FROM wp_users;
With the previous query, we already know the ID of the user to whom we want to change the password. We will assume that your ID is number 2, so the query we made would be:
UPDATE wp_users SET user_pass= "8bfe929f64006000e190bbe385b6e93a" WHERE ID = 2;
If we have a recent MySQL or MariaDB
version (version greater than or equal to 5.x)
, we can calculate the MD5 hash directly in the query, thus avoiding the first step where we calculated the MD5 hash of our password. If our password were «TechnoWikis»
(without quotes)
, the query would be:
UPDATE wp_users SET user_pass= MD5('TechnoWikis') WHERE ID = 2;
And this is it, now we can access WordPress with the username and the new password.