Forgot WordPress Password: How to Regain Access to Your Dashboard

Forgot WordPress Password: How to Regain Access to Your Dashboard

If you have forgotten your WordPress password, this is quickly solved in most cases. WordPress offers an integrated function that lets you receive a password reset link by email. Only if this method does not work do technical alternatives via cPanel, phpMyAdmin or CURIAWEB support make sense.

This guide shows you the correct order: first the normal password reset, then checking typical email problems and finally the technical emergency methods.

1. Open the WordPress login page

First open your WordPress login page. In most cases, you can access it via one of these addresses:

• https://www.yourdomain.ch/wp-admin
• https://www.yourdomain.ch/wp-login.php

Replace www.yourdomain.ch with your own domain. If WordPress was installed in a subfolder, this must also be included in the URL, for example:

• https://www.yourdomain.ch/blog/wp-admin

2. Use “Lost your password?”

On the login page, you will find the “Lost your password?” link below the form. Click it and then enter your username or email address.

The process:

1. Open the login page.
2. Click “Lost your password?”.
3. Enter username or email address.
4. Submit the form.
5. Check your email inbox.
6. Open the link from the WordPress email.
7. Set a new strong password.
8. Log in with the new password.

If the username and email address are correct, WordPress normally sends an email with a link to reset the password.

3. Check spam folder and email address

If no email arrives, first check the spam or junk folder of your mailbox. Automated system emails in particular can end up there.

Also check:

• Did you enter the correct email address?
• Is the email address in the WordPress user account still current?
• Is your mailbox full?
• Was the email possibly moved by a filter?
• Are you using the correct domain and the correct WordPress installation?

If you run several WordPress websites, make sure that you trigger the password reset on the correct website.

4. If WordPress does not send emails

If the password email does not arrive, this may be due to the email configuration of your WordPress website. By default, WordPress uses the server’s PHP mail function. This does not work equally reliably in every environment.

Common causes:

• SMTP is not set up,
• sender address is not configured correctly,
• mail server rejects the message,
• SPF, DKIM or DMARC are not set correctly,
• a security plugin blocks sending,
• the website has technical errors,
• the stored user email is outdated.

For permanently reliable email delivery, we recommend an SMTP plugin and a correctly configured sender address.

5. Change password if you are still logged in

If you are still logged in to the WordPress dashboard and only want to change your password, no reset is necessary. Go to:

Users > Profile

There you will find the section for changing the password. WordPress can suggest a strong password. Then save the new password in a password manager.

If you are an administrator and want to change another user’s password, go to:

Users > All Users

Open the desired user account and set a new password there.

6. Technical emergency method: Reset password via phpMyAdmin

If you no longer have access to the stored email address and WordPress does not send a reset email, the password can be changed directly in the database. This is done via phpMyAdmin in cPanel.

Because this is a direct intervention in the database, this method should only be used if the normal method does not work. Create a backup beforehand.

• Guide: Reset WordPress password via phpMyAdmin

7. After regaining access: Check security

After you regain access to WordPress, you should check the security of your user account. A forgotten password is harmless – a compromised login, however, is not.

Recommended:

• set a new strong password,
• store the password in a password manager,
• check administrator users,
• remove unknown user accounts,
• enable two-factor authentication,
• update WordPress, plugins and themes,
• limit login attempts,
• set up SMTP for reliable system emails.

8. Choose a secure password

Do not use a short or reused password. Administrator accounts in particular are a popular target for automated attacks.

A good password is:

• long, ideally at least 16 characters,
• unique for this website,
• not derived from the domain, company name or names,
• not reused in other services,
• stored in a password manager.

Avoid passwords such as admin123, wordpress2026, password! or the name of your website.

9. Enable two-factor authentication

Two-factor authentication, or 2FA, adds extra protection to your account. Even if a password becomes known, a second factor is required for login, for example a code from an authenticator app.

2FA is especially recommended for:

• administrators,
• shop operators,
• editors with publishing rights,
• websites with customer data,
• member areas,
• agency and developer access.

10. Common mistakes during password reset

• Wrong website: The reset is triggered on another WordPress installation.
• Wrong email address: The entered address is not assigned to the user account.
• Spam folder not checked: The reset email arrived but was filtered.
• SMTP missing: WordPress cannot send reliable emails.
• Outdated user email: The address in the user account is no longer accessible.
• Weak new password: Access remains insecure.
• phpMyAdmin used without backup: Database changes become risky.
• 2FA not prepared: Recovery codes are missing after activation.

Recommended approach

1. Open login page: Use /wp-admin or /wp-login.php.
2. Click “Lost your password?”: Enter username or email address.
3. Check mailbox: Also check spam and junk folders.
4. Set new password: Choose a strong, unique password.
5. If no email arrives: Check SMTP, email address and spam filter.
6. If nothing works: Use the emergency method via phpMyAdmin.
7. After login, check security: Check users, updates, 2FA and SMTP.

Frequently asked questions about forgotten WordPress passwords

Where can I reset my WordPress password?

Open your WordPress login page and click “Lost your password?”. Then enter your username or email address.

Why does no password email arrive?

The email may be in the spam folder, the stored address may be wrong or WordPress may not send emails reliably. In this case, SMTP should be checked.

Can I change my password if I am still logged in?

Yes. Go to Users > Profile and change your password there.

What do I do if I no longer have access to the email address?

In an emergency, the password can be reset directly in the database via phpMyAdmin. Create a backup beforehand.

Is the password reset via phpMyAdmin safe?

It is suitable as an emergency method if carried out correctly. Because it involves working directly in the database, caution is required.

Should I use a password manager?

Yes. A password manager helps store long and unique passwords securely.

Should I enable two-factor authentication?

Yes, especially for administrators. 2FA additionally protects your account if a password becomes known.