Unless you are using a password manager, at one time or another, you have probably forgotten or lost your password. When this happens, you really only have one option in WordPress…recover your password.
While it may be frustrating to be locked out of your account, it’s a very normal occurrence, in fact, 21% of users forget a password after just 2 weeks and a staggering 25% forget a password once a day.
And since most users often have over a hundred online accounts, that means they have a hundred passwords to remember. Thus, the rate of forgetting passwords is skyrocketing across the internet.
Today, I will demonstrate how to recover your lost password in WordPress.
Are Password Resets Safe?
Resetting your password or retrieving a lost password is a pretty common occurrence that doesn’t pose a significant risk to your account.
With that said, depending on the way it is carried out can change that. For example, some sites force users to reset their passwords every several months. Unfortunately, users hate this and often pick a similar password, in some cases just tacking on an extra number.
This can actually expose a pattern in the users that could allow hackers to crack their passwords.
For example, let’s say your first password was CrashMario. Then you are forced to change the password, thus you decide your new one will be CrashMario1. Can you guess what the password will be when it resets again?
For this reason, we are starting to see security experts recommend against regular password changes. And once a hacker learns what an individual’s password tendency is, well, they can use that to compromise all accounts tied to that user.
With this said, there are plenty of ways to avoid this from happening. For instance, you could use a password manager that will generate a password for you, store it, and encrypt the data. It avoids this issue entirely because the user is not creating the password.
In any case, let’s go over how to recover a password in WordPress.
How to Recover Your Password in WordPress
Recovering a lost password in WordPress is a very generic process that most websites utilize. Essentially, you click on the link, enter your email address or username, then access the email sent to you, and create a new password.
As such, you need access to the email address associated with your account. If for some reason you do not have access to this, account recovery is not possible without contacting the site administrator for additional assistance.
Luckily, this is a pretty easy process, so it will probably take about 2 minutes.
Note: This process covers the default lost password recovery system in WordPress. It is possible to modify this process using a plugin, or by changing the code. If a process is different from this guide, contact that site’s administrator for more details,
Step 1: Begin The Lost Password Process
The first thing you need to do is tell WordPress you lost your password. This option is available in the login area of WordPress. Simply click on the “Lost your password?” link underneath the login area.
On the next screen, you will be prompted to enter your username or the email address associated with your account. Once you do, click on the “Get New Password” button.
Step 2: Use the Email to Reset Your Password
An email will be sent to the email address associated with your WordPress account. This will usually be instantaneous or it can take up to five minutes. Check the registered email address and look for an email message titled [Your Blog Title] Password Reset.
This is the default message WordPress will send if a web developer does not customize the message.
Note: If you do not see this message after five minutes, make sure to check your Spam/Junk folder. Contact a website representative if the problem persists.
Once you open the message, you should see a line that says “To reset your password, visit the following address:” Follow that link. You will see a strong password generated by WordPress that you can use.
Alternatively, you can clear it and enter your own password. As we talked about earlier, it is a better option to use a password generator instead of creating one yourself. WordPress does this automatically, or you could use the GreenGeeks password generator.
Click on the “Save Password” button and you will see a “Your password has been reset.” message.
If not, you probably tried to make a password that was not as strong as your new password. Many web developers will prevent you from creating a weak or moderate password.
Congratulations, you have successfully reset your WordPress password.
Plenty of people need to change their password for security purposes or simply because they forget the password. If you are an admin or staff member, you can manually reset your password in WordPress through your phpMyAdmin.
Consider Using a Password Manager
All of this can be avoided by utilizing a password manager. Password managers are services that store and encrypt your passwords. They will automatically fill in login details and can even protect other kinds of information like credit cards or phone numbers.
You may be thinking, wait a minute, my web browser does all of this, and you are correct. But it doesn’t do so as securely.
Storing data in a web browser is not safe. Anyone who accesses that computer can gain access to the data and easily import it into an Excel file. With a password manager, this isn’t the case.
Password managers employ a zero-knowledge technique which encrypts the passwords before they are stored. Thus, the password manager itself doesn’t know the password. They also can detect when a password is compromised and replace it.
You may think a service like this may be expensive but think again. Password managers only cost a few dollars a month, in fact, I’m willing to bet you spend more on coffee in the morning than what you would spend for a month of this type of service.
FAQ About WordPress Passwords
In the past, security experts have recommended doing it every six months, but newer studies are suggesting that regularly changing your password may lead to more account compromises. As such, do it only if you suspect the password is compromised.
You will need to contact a site administrator. You may be able to recover your account using other data such as a credit card listed on the account. It really depends on the site itself and how it is maintained.
Yes. If a single site gets compromised and your password is obtained, hackers could use that password to compromise every account that uses it. As such, make a strong unique password for each site.
Yes. Writing down a password and storing it in a secure location is a good idea. Granted it lacks the convenience of a password manager that allows you to access it when logging in, but it is a great backup solution.
Passwords are stored in the MySQL database. Site administrators can access this database at any time and make changes to the information stored whenever necessary.
Don’t Fret, Recover Your WordPress Password Today
As you can see, the account recovery feature in WordPress is quite easy to use. All it really requires is access to the email address associated with your account and a few minutes of patience.
That said, it is best to avoid this situation entirely by utilizing a password manager. Doing so not only makes it easier to log into your accounts, but it is also safer. You may also want to consider enabling 2FA on accounts where it is available.
In any event, I hope this tutorial was helpful in learning how to recover your password in WordPress.
Have you ever forgotten a password in WordPress? Will you consider using a password manager for additional security?