Recovering Your WordPress Admin Password

Sometimes, you just forget the password of the admin account of your WordPress install. The easiest solution to recover your password is to use WordPress’ emergency password reset script. This script allows you to change your admin password in WordPress.

Step 1: Disallowing access to your website

The first thing to do is to temporarily disallow access to your website. An attacker could change your admin password and gain access to your WordPress install if they detect the recovery script. You naturally want to prevent this. If you are using Apache, you can create an .htaccess file containing the following:

order deny,allow
deny from all
allow from 111.222.333.444

Change 111.222.333.444 with your IP address. Now, only you will be able to access your website.

Step 2: Upload the script

Upload the script that will allow you to change your WordPress admin password. It can be found on the WordPress codex site. It’s basically a big PHP script. Copy and paste it into a file located in the same directory as your WordPress installation. Call it emergency.php.

Step 3: Using the script

Access your WordPress installation at http://111.222.333.444/emergency.php. Replace 111.222.333.444 with the address of your WordPress site. You will now be asked for your admin username and the new password.

Once you’ve entered the correct username, click Update Options. Upon success, you will see a page that says:

Your password has been successfully changed

An e-mail with this information has been dispatched to the WordPress blog administrator

You should now delete this file off your server. DO NOT LEAVE IT UP FOR SOMEONE ELSE TO FIND!

Pay close attention to that last sentence.

Step 4: Delete the script

You will now be able to log back into WordPress.

Delete the emergency.php script, then remove the .htaccess file that we setup earlier, so that other users may access your site.