SYSTEMS OPERATIONAL
WordPress

Locked Out of WordPress? Reset Your Admin Password Fast

Getwebup 5 min read

Typed your password wrong one too many times, or inherited a site where nobody remembers the admin login? You don't need to email a developer or wait on support — if you've got cPanel access, you can get back into wp-admin yourself in about five minutes using phpMyAdmin.

Symptom: You're locked out of wp-admin

This usually shows up one of a few ways:

  • "The password you entered is incorrect" on the login screen, and you're certain it isn't.
  • "Error: The email could not be sent" when you click "Lost your password?" — because WordPress can't send outbound mail (see our WordPress SMTP guide if that's the real problem).
  • You've taken over a site from a previous developer or agency and the only admin account is theirs.
  • A security plugin locked the account after too many failed attempts, and the lockout email never arrived.

Cause: why the normal recovery flow fails

WordPress's built-in password reset depends entirely on email delivery. If your site's mail sending is broken — no SMTP configured, PHP mail() disabled, or the reset email landing in spam — the "forgot password" link is a dead end. Same story if the account's email address itself is wrong, outdated, or belongs to someone who's left the company.

When that happens, the database is still sitting there with a valid admin row in wp_users. You just need to update it directly, which is exactly what phpMyAdmin is for.

Fix: reset the password through phpMyAdmin

Step 1 — Open phpMyAdmin

Log in to cPanel, go to the Databases section, and click phpMyAdmin. On the left sidebar, select the database your WordPress site uses (check wp-config.php for DB_NAME if you're not sure which one).

Step 2 — Find the users table

Click on wp_users in the table list (the prefix may differ — some installs use something like wp7x2_users for security). Click Browse to see the rows, and find the row for your admin account.

Step 3 — Edit the user row

Click Edit (the pencil icon) on that row. You'll see a form with every column, including user_pass.

  1. Clear out whatever is in the user_pass field and type your new password.
  2. In the Function dropdown next to that field, select MD5. This is the critical step — WordPress stores passwords as MD5 hashes (wrapped in its own portable hash format), so if you skip this, your new password gets saved as plain text and won't work at all.
  3. Click Go to save.

Log in at yourdomain.com/wp-login.php with the new password. It should work immediately — no cache to clear, nothing to restart.

Alternative: no phpMyAdmin access, but you have SSH or File Manager

If you'd rather not touch the database directly, add this snippet to the very top of your active theme's functions.php (via cPanel File Manager):

wp_set_password( 'YourNewPasswordHere', 1 ); // 1 = user ID of the admin account

Load any page on the site once to trigger it, then delete the line immediately. Leaving it in means anyone who finds it can reset the password again — this is a one-time-use trick, not a permanent fix.

Don't know the admin's user ID?

Back in phpMyAdmin, run this SQL in the SQL tab against your WordPress database:

SELECT ID, user_login, user_email FROM wp_users;

That lists every account with its ID, so you can target the right row whichever method you use.

If the account is disabled or the user doesn't exist at all

Sometimes the real problem isn't a forgotten password — the admin account was deleted, or a security plugin (like Wordfence or Sucuri) locked it out entirely and won't let it back in no matter what the password is. In that case, run this SQL in phpMyAdmin to promote or create an account instead of fighting the plugin's lockout screen:

UPDATE wp_users SET user_status = 0 WHERE user_login = 'yourusername';

If the account is genuinely gone, it's usually faster to create a fresh admin from phpMyAdmin's wp_users and wp_usermeta tables than to hand-edit a broken security plugin's lockout tables — but for that, disabling the plugin folder via File Manager (rename wp-content/plugins/wordfence to wordfence-disabled) is usually the quicker path in.

Prevention: don't end up here again

ProblemFix
Password reset emails never arriveSet up proper SMTP delivery instead of relying on PHP mail()
Only one admin account existsCreate a second admin user with a different, known-good email address
Forgotten passwords keep happeningUse a password manager instead of memorizing logins
Security plugin lockoutsWhitelist your office/home IP in the plugin's settings
Handed a site by a previous developerImmediately create your own admin account and remove theirs

It's also worth turning on two-factor authentication once you're back in — it won't stop a forgotten password, but it will stop someone else from using one they've guessed.

A quick note on security

Resetting a password through the database is a legitimate admin task, but it's also exactly what an attacker with database access would do. Only run this on sites you own or manage, change the password to something you generated (not something guessable), and log out of phpMyAdmin when you're done — cPanel sessions with database access are a high-value target if left open on a shared computer.

Frequently asked questions

Why didn't I get a password reset email from WordPress?

WordPress relies on PHP's mail() function by default, which many servers block or flag as spam. If outbound email isn't configured with SMTP, the reset link often never arrives. Check your spam folder first, then set up SMTP delivery so future resets actually reach your inbox.

Do I need to select MD5 when editing user_pass in phpMyAdmin?

Yes. WordPress stores passwords as hashes, not plain text. If you type a new password into user_pass without setting the Function dropdown to MD5, WordPress won't recognize the login and the reset won't work.

Can I reset the password without phpMyAdmin?

Yes, if you have File Manager or SSH access. Temporarily add a wp_set_password() call to your theme's functions.php, load the site once, then remove the line immediately. It's a one-time trick, not something to leave in place.

What if the admin account was deleted entirely?

Check the wp_users table in phpMyAdmin to confirm. If it's really gone, the fastest path is usually creating a fresh admin user directly in the database rather than trying to recover the old account.

How do I stop this from happening again?

Set up working SMTP email delivery, keep a second admin account with a different email address as a backup, and use a password manager so you're not relying on memory for logins.

#wordpress #wp-admin #password-reset #phpmyadmin #login-issues #cpanel

Keep reading

Chat with Support