How to reset a user’s password in WordPress
In this post, we’ll talk you through the two methods to reset someone’s password in WordPress: A) get them to do it themselves (via the password reset link), or B) you reset it for them via WP-ADMIN.
Let’s look at both of those options in turn:
A) Getting the user to reset their own password
This is your preferred route – the more users who can self-serve, the less of an admin headache for you. Let’s take a look at the steps you need to take:
1) Ask the user to go to your login page (it should be something like https://{YOUR DOMAIN{/wp-login/)
2) Ask them to click the ‘Lost your password?” link
3) When they click that link, they’ll see this screen:
4) They need to enter their username or email address)* and click [Get New Password].
(*they’ll more likely remember their email address)
5) The website will then send them an email with instructions about how to reset their password:
Important! For security reasons WordPress does not email the person their new password. Instead, they need to click that link to set a new password.
[adrotate banner=”3″]
6) The user will need to click the link in the email, this will take them to a screen like this:
7) WordPress will automatically generate a random, secure password for them & populate the New password field with it. The user needs to make a note of the new password (hopefully in a secure password system like 1Password), and then click [Reset Password]
Note: If they choose to disregard the generated password and enter their own, WordPress is not going to allow them to enter an easily guessable, simple password – that’s just too great a security risk.
8) Once they have clicked [Reset Password], they shall see this screen…
9) The user then needs to simply log back in via the usual login screen
Bonus tip: if your site uses Google’s reCAPTCHA to help protect against hackers, you may sometimes hit a problem where folks say they cannot log in. If you take a close look at the above screenshot, you’ll see that you have to agree to Google’s amended terms and conditions for you to proceed – this catches a lot of people out.
[adrotate banner=”4″]
B) Resetting the user’s password for them
Sometimes, for whatever reason, you’re going to need to reset someone’s password on their behalf.
To do that, take the following steps:
1) Log in to your site as an Administrator
2) Go to the Users menu in WP-ADMIN.
3) Click on All Users
4) You’ll then be presented with a list of all your users.
Bonus tip: if you have lots of Administrator users (e.g. over 5), you probably need to check who really needs that high level of access, and scale back to better protect your site.
5) If you hover the mouse over the user in question, you’ll see a small menu appears:
6) Click the Edit option.
7) You will then be taken to the user edit screen for that particular user.
Note: this screen is very long, so we’ll just screenshot the relevant bit this time
8) Click [Generate Password]
Note As before, WordPress will not allow you to enter simple passwords – they do this to enforce better security on the site. Weak, easily guessable passwords are the simplest route into a WordPress site for hackers. So if the user was hoping for a password of BASEBALL or PASSWORD1234, they are fresh out of luck ;)
9) You will now need to let the user know this new password (as it does not automatically email it to them).
I would advise you text or WhatsApp the new password to the user, as it’s safer than email.
Closing Thoughts
If you can get users to self serve and reset their own passwords, it will save you a management headache. However, as detailed above, sometimes you will have to reset the password for them.