Reset WordPress password via phpMyAdmin: emergency access through the database

If you can no longer log in to WordPress and password recovery by email does not work either, direct access to the database remains as an emergency solution. Using phpMyAdmin in cPanel, you can manually change the password of a WordPress user.

This method is helpful if you no longer have access to the stored email address, WordPress is not sending emails, or the user account urgently needs to be restored. At the same time, it is a database intervention and should be carried out with caution.

Briefly explained: WordPress stores user accounts in the database table wp_users, or in a table with a custom prefix. In an emergency, the password can be changed there via phpMyAdmin.

When does this method make sense?

The password reset via phpMyAdmin should only be used when the normal methods do not work. In most cases, the standard function on the WordPress login page is the better and safer method.

Use the database method only if:

  • you no longer have access to the stored email address,
  • WordPress does not send a password reset email,
  • your website's email system is faulty,
  • you have locked yourself out as an administrator,
  • a user account urgently needs to be restored,
  • you have access to cPanel and phpMyAdmin.

WordPress documents several ways to reset a password, including the normal email method, phpMyAdmin, MySQL, FTP, WP-CLI and an Emergency Password Reset Script. The recommended standard method remains the “Lost your password?” function on the login page.

Important security notice before you start

phpMyAdmin gives direct access to your website's database. An incorrect change can damage user accounts, content or settings. Therefore, work slowly and only change the field that really needs to be adjusted.

Before making the change, you should:

  • create a full backup of the database,
  • make sure you open the correct database,
  • identify the correct user,
  • use a strong new password,
  • save the password again in the WordPress profile after logging in,
  • check whether unknown administrators exist.
Important: Always create a database backup before making changes in phpMyAdmin. The password reset is simple, but the database is a sensitive area of your website.

1. Find the correct WordPress database

Before opening phpMyAdmin, you should know which database belongs to your WordPress installation. Especially with several WordPress websites in the same hosting account, there may be multiple databases.

You will find the database details in the wp-config.php file in the main directory of your WordPress installation. It contains entries such as:

define( 'DB_NAME', 'database_name' );
define( 'DB_USER', 'database_user' );
define( 'DB_PASSWORD', 'database_password' );
define( 'DB_HOST', 'localhost' );

The value for DB_NAME is the name of the database you need to open in phpMyAdmin.

2. Open phpMyAdmin in cPanel

Proceed as follows:

  1. Log in to your cPanel.
  2. In the Databases section, open phpMyAdmin.
  3. Wait until phpMyAdmin has loaded.
  4. Select the correct WordPress database in the left column.
  5. Check whether tables such as wp_posts, wp_options and wp_users are visible.

The table prefix may differ from wp_. For security reasons, many installations use custom prefixes such as cw_users, wpx_users or similar variants.

3. Find the user table

WordPress stores user accounts in the wp_users table. If your installation uses a different table prefix, the table will be named accordingly, for example:

  • wp_users
  • wpx_users
  • curia_users
  • abc123_users

So look for a table that ends with _users. Open this table by clicking it.

Typical columns in this table are:

  • ID
  • user_login
  • user_pass
  • user_nicename
  • user_email
  • user_registered
  • display_name

4. Select the correct user

In the table, you will see all WordPress users. Find the user whose password needs to be changed. You can usually identify the user by user_login, user_email or display_name.

Click Edit for this user.

Warning: Only change the user you can clearly identify. Especially with several administrators, carefully check the email address and username.

5. Change the password in the user_pass field

In the edit view, find the user_pass field. It contains the stored password hash. This value looks cryptic and must not be interpreted as plain text.

To set a new password:

  1. Find the user_pass row.
  2. In the Function dropdown menu, select MD5.
  3. Enter your new password in plain text in the Value field.
  4. Click OK, Go or Save at the bottom.

You can then log in to WordPress with the new password.

Why is MD5 used here?

WordPress does not store passwords in plain text. During normal login and password changes, WordPress uses modern hashing methods. The MD5 method via phpMyAdmin is an emergency mechanism: WordPress can recognize an MD5 hash during login and then save the password again using the current WordPress method.

This means: MD5 is not recommended here as permanent password storage. It is only a practical temporary method to regain access. The WordPress documentation also describes the phpMyAdmin method by selecting the MD5 function for the user_pass field.

Important: After the database reset, log in to WordPress immediately and save a new strong password under Users > Profile. This allows WordPress to process the password normally.

6. After login, save the password again in the profile

After successfully logging in, you should set the password again directly in WordPress. Go to:

Users > Profile

or, for other users, to:

Users > All Users > Edit User

Create a new strong password there and save the profile. This step is important so that WordPress processes the password normally and you do not permanently work with an emergency hash.

7. Choose a strong password

Do not use a short or easily guessed password. An administrator password protects your entire website.

A good password should:

  • be long, ideally at least 16 characters,
  • not appear in dictionaries,
  • not consist of company names or domain names,
  • not be reused,
  • contain upper- and lowercase letters, numbers and special characters or be built as a long passphrase,
  • be stored in a password manager.

Examples of weak passwords:

  • admin123
  • wordpress2026
  • curiaweb
  • password!

A long, unique passphrase or a randomly generated password from a password manager is better.

8. Check the user's email address

If you had to use the database method because password recovery by email did not work, also check the user's email address.

In the _users table, you will find the user_email field. If an outdated or incorrect address is stored there, you can correct it. Alternatively, change the email address in the WordPress profile after logging in.

You should also check whether your website generally sends emails. If password reset emails do not arrive, SMTP configuration may be necessary.

9. Check administrators and user roles

If you lost access or suspect unauthorized changes, check all administrator accounts after logging in.

Open:

Users > All Users

Check:

  • Are there unknown administrators?
  • Have email addresses been changed?
  • Are there suspicious user accounts?
  • Do users have excessive permissions?
  • Have new accounts been created recently?
  • Are former employees still active?

Remove or block accounts that are no longer needed and assign only the permissions that are truly necessary.

10. Enable two-factor authentication

After a password emergency, it makes sense to increase login security. Two-factor authentication adds a second proof to the password, for example a time-based code from an authenticator app.

Benefits:

  • better protection if passwords are stolen,
  • more security for administrators,
  • lower risk from phishing,
  • more control with multiple users.

Two-factor authentication is especially recommended for administrators and shop operators.

11. Alternative methods for password reset

phpMyAdmin is not the only option. Depending on access and the technical environment, other methods may be more suitable.

Method Suitable if Assessment
Lost your password? Email access works Simplest standard method
phpMyAdmin cPanel and database access are available Practical emergency method
WP-CLI SSH/WP-CLI is available Very clean for advanced users
functions.php File access is available Only with caution, remove the code immediately afterwards

WordPress lists several official methods, including phpMyAdmin, MySQL Command Line, FTP, WP-CLI and an Emergency Password Reset Script.

12. Common mistakes when resetting a password via phpMyAdmin

  • Wrong database opened: Especially common with multiple WordPress installations.
  • Wrong table edited: The table prefix is not always wp_.
  • Wrong user changed: Username and email address were not checked.
  • MD5 not selected: Password is saved as plain text or incorrectly.
  • Password too weak: The website remains at risk.
  • No backup created: Mistakes are difficult to undo.
  • Unknown administrators not checked: Possible unauthorized access remains.
  • Email issue not fixed: Password reset will continue not to work in the future.

13. What to do if login still does not work?

If you have changed the password but still cannot log in, check the following points:

  • Was the correct database changed?
  • Was the correct _users table edited?
  • Was the correct user changed?
  • Was the MD5 function selected for user_pass?
  • Is there a security plugin blocking the login?
  • Has the login URL been changed?
  • Is the user perhaps not an administrator?
  • Is there a problem with cookies or cache?
  • Has the website been compromised?

Test the login in a private browser window and clear cache and cookies if necessary.

14. Increase security after successful access

A lost admin login is a good reason to review overall login security.

Recommended:

  • set a new strong password,
  • check all administrators,
  • remove users that are no longer needed,
  • enable two-factor authentication,
  • update WordPress, plugins and themes,
  • limit login attempts,
  • check backups,
  • set up SMTP for reliable system emails,
  • check security logs,
  • perform a malware scan if a hack is suspected.

15. SEO and GEO: Why access security matters indirectly

A password reset via the database has no direct SEO effect. Nevertheless, administration security is important for your website quality. If attackers gain access to WordPress, they can insert spam pages, redirects, malware, hidden links or malicious scripts.

This can seriously affect SEO, trust and user experience. For GEO, meaning Generative Engine Optimization, a trustworthy, stable and clean website is also important. Security issues, spam content or manipulated pages damage the credibility of your content.

Recommended procedure

  1. Try the normal password reset: First use the “Lost your password?” function.
  2. Check database name: In wp-config.php, check the value DB_NAME.
  3. Create backup: Back up the database before making changes.
  4. Open phpMyAdmin: Use cPanel to switch to the correct database.
  5. Open the _users table: Note the table prefix.
  6. Identify user: Check username and email address.
  7. Edit user_pass: Select the MD5 function and enter the new password.
  8. Log in to WordPress: Sign in with the new password.
  9. Save password again in the profile: WordPress should process the password regularly.
  10. Check security: Review administrators, updates, 2FA and email delivery.

Frequently asked questions about WordPress password reset via phpMyAdmin

Can I change my WordPress password directly in the database?

Yes. Via phpMyAdmin, you can edit the user_pass field of a user in the _users table. In emergencies, the MD5 function is often used for this.

Why is my table not called wp_users?

The table prefix can be custom. Look for a table that ends with _users.

Is MD5 secure for passwords?

MD5 is not recommended as modern permanent password hashing. In this case, it only serves as an emergency mechanism. After logging in, you should immediately save the password again in the WordPress profile.

Do I need to create a backup before the change?

Yes. Changes in phpMyAdmin directly affect the database. A backup is strongly recommended.

What should I do if I cannot find the correct database?

Open the wp-config.php file in the WordPress main directory. The DB_NAME entry shows the name of the database being used.

Can I also change the email address?

Yes. In the _users table, there is a user_email field. You can correct the address there or change it in the WordPress profile after logging in.

What should I do after successful login?

Set a new strong password in the WordPress profile, check all administrators, update WordPress and plugins and enable two-factor authentication where possible.

Can CURIAWEB Support help?

Yes. If you are unsure or cannot find access to phpMyAdmin, CURIAWEB Support can assist you with assessment and recovery.

Full control over your WordPress data

With WordPress hosting from CURIAWEB, you retain access to important technical layers such as cPanel, phpMyAdmin, databases and files. This allows you to manage, back up and restore your website in a targeted way when needed.

View WordPress Hosting from CURIAWEB

Need help with access? Our CURIAWEB Support will be happy to assist you.

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

How to Install WordPress via Softaculous Auto-Installer

How to Install WordPress via Softaculous Auto-Installer WordPress is the world's leading...
How to Manually Install WordPress via Installation Archive

How to Manually Install WordPress via Installation Archive In this tutorial, we will guide you...
WordPress Configuration: How to Adjust General Settings for Optimal Results

WordPress Configuration: How to Adjust General Settings for Optimal Results After the initial...
What is a WordPress Plugin and How Do You Install It?

What is a WordPress Plugin and How to Install a New One? Introduction Plugins are components...
How to Install a New Theme in WordPress

How to Install a New Design (Theme) in WordPress Introduction It is obvious how fundamentally...