How to reset a user’s password in WordPress

In this post, we’ll talk you through the two methods to reset someone’s password in WordPress: A) get them to do it themselves (via the password reset link), or B) you reset it for them via WP-ADMIN.

Let’s look at both of those options in turn:

A) Getting the user to reset their own password

This is your preferred route – the more users who can self-serve, the less of an admin headache for you. Let’s take a look at the steps you need to take:

 

1) Ask the user to go to your login page (it should be something like https://{YOUR DOMAIN{/wp-login/)

 

2) Ask them to click the ‘Lost your password?” link "Lost your password' link in WordPress login

3) When they click that link, they’ll see this screen:

4) They need to enter their username or email address)* and click [Get New Password].

(*they’ll more likely remember their email address)

5) The website will then send them an email with instructions about how to reset their password:

Example of email a user receives when they try to reset their password in WordPress. Note they still need to click the link to set their new password - the email does not contain the new password

Important! For security reasons WordPress does not email the person their new password. Instead, they need to click that link to set a new password.

[adrotate banner=”3″]

6) The user will need to click the link in the email, this will take them to a screen like this:

Example of WordPress screen which a user sees when they are trying to reset their password

7) WordPress will automatically generate a random, secure password for them & populate the New password field with it. The user needs to make a note of the new password (hopefully in a secure password system like 1Password), and then click [Reset Password]

Note: If they choose to disregard the generated password and enter their own, WordPress is not going to allow them to enter an easily guessable, simple password – that’s just too great a security risk.

 

8) Once they have clicked [Reset Password], they shall see this screen…

Example of WordPress confirmation screen you see when a user resets their password

9) The user then needs to simply log back in via the usual login screen

Example of WordPress login screen - this time showing that Google's reCAPTCHA needs terms agreeing to

Bonus tip: if your site uses Google’s reCAPTCHA to help protect against hackers, you may sometimes hit a problem where folks say they cannot log in. If you take a close look at the above screenshot, you’ll see that you have to agree to Google’s amended terms and conditions for you to proceed – this catches a lot of people out.

[adrotate banner=”4″]

B) Resetting the user’s password for them

Sometimes, for whatever reason, you’re going to need to reset someone’s password on their behalf.

To do that, take the following steps:

1) Log in to your site as an Administrator

 

2)  Go to the Users menu in WP-ADMIN.

in WP-ADMIN, find the "USERS" menu, and select "ADD NEW"

 

3) Click on All Users

 

4) You’ll then be presented with a list of all your users.

Example list of users in WordPress Wp-admin section

Bonus tip: if you have lots of Administrator users (e.g. over 5), you probably need to check who really needs that high level of access, and scale back to better protect your site.

 

5) If you hover the mouse over the user in question, you’ll see a small menu appears:

Hover over User in Wp-ADMIN user list to reveal hover menu - click edit

 

6) Click the Edit option.

 

7) You will then be taken to the user edit screen for that particular user.

Note: this screen is very long, so we’ll just screenshot the relevant bit this time

Partial screenshot of WordPress wp-admin showing the "GENERATE PASSWORD" / NEW PASSWORD aspect of the ACCOUNT MANAGEMENT section.

 

8) Click [Generate Password]

Partial screenshot of WordPress wp-admin ACCOUNT MANAGEMENT section showing a new suggested password after GENERATE PASSWORD has been clicked

Note As before, WordPress will not allow you to enter simple passwords – they do this to enforce better security on the site. Weak, easily guessable passwords are the simplest route into a WordPress site for hackers. So if the user was hoping for a password of BASEBALL or PASSWORD1234, they are fresh out of luck ;)

 

9) You will now need to let the user know this new password (as it does not automatically email it to them).

I would advise you text or WhatsApp the new password to the user, as it’s safer than email.

Closing Thoughts

If you can get users to self serve and reset their own passwords, it will save you a management headache. However, as detailed above, sometimes you will have to reset the password for them.

 

No Comments

Leave a Reply