All»WP Tutorials & Reference»SQL for WordPress

SQL to Change User Password in WordPress

Published: 3 Mar 2023

You are in WP Tutorials & Reference»SQL for WordPress

More in WP Tutorials & Reference

This page explains how to change WordPress user password with a SQL query directly in the database.

On this page:

Where passwords are stored in WordPress DB

Passwords are stored in the wp_users table in a column named user_pass (not user_password, not just password – common mistakes).

Password encryption in WordPress

One thing which may be a little challenging is that for security purposes, passwords are generally not stored as plain text, but in an encrypted (or hashed) format. The SQL query must reflect that.

It is a serious mistake for any database or application developer to store passwords in plain text format, as that would allow anyone with read/select access to the database (such as a hacker or disgrunted employee) to view (and possibly abuse or sell) user passwords, compromising their accounts not only in the application itself, but possibly elsewhere (because many people use the same password everywhere).

This page is not the place to discuss password encryption and security – just keep in mind passwords in databases are stored encrypted, and WordPress database is no exception.

How to encrypt updated password in SQL

When inserting or updating WordPress passwords, we can't do this:

`user_pass` = 'mypassword'

... but instead we need to wrap the password in a hash function (MD5 in this case):

`user_pass` = MD5('mypassword')

By the way, never use "mypassword" as your actual password.

Knowing how to encrypt a password in SQL, we can write the entire query to update a WordPress user password.

Changing password for user with given ID

The logic is the same as changing WordPress username or email: run an UPDATE SQL query with the user specified in the WHERE clause by user ID, login, or email address.

If you know the ID number, use the ID column in the WHERE clause (remember it is ID, capitalized – not id or user_id).

UPDATE `wp_users` 
SET `user_pass` = MD5('mypassword')
WHERE `ID` = 123;

Changing password for user with given username (login)

If your know the WordPress username, the column in the WHERE clause is user_login.

The following SQL query changes password to "mypassword" for the user whose WordPress username is "wpdir".

UPDATE `wp_users` 
SET `user_pass` = MD5('mypassword')
WHERE `user_login` = 'wpdir';

Changing password for user with given email

Alternatively, if you know the email address, the column after WHERE is user_email.

UPDATE `wp_users` 
SET `user_pass` = MD5('mypassword')
WHERE `user_email` = 'admin@wpdir.com';

All»WP Tutorials & Reference»SQL for WordPress

More in WP Tutorials & Reference

By remaining on this website or using its content, you confirm that you have read and agree with the Terms of Use Agreement.

We are not liable for any damages resulting from using this website. Any information may be inaccurate or incomplete. See full Limitation of Liability.

Content may include affiliate links, which means we may earn commission if you buy on the linked website. See full Affiliate and Referral Disclosure.

We use cookies and similar technology to improve user experience and analyze traffic. See full Cookie Policy.

See also Privacy Policy on how we collect and handle user data.

© 2024 WPDir