{"id":43008,"date":"2020-04-08T09:19:49","date_gmt":"2020-04-08T09:19:49","guid":{"rendered":"http:\/\/wordpress-397385-1251243.cloudwaysapps.com\/?p=43008"},"modified":"2021-01-30T11:46:58","modified_gmt":"2021-01-30T11:46:58","slug":"how-to-reset-a-users-password-in-wordpress","status":"publish","type":"post","link":"https:\/\/www.glassmountains.co.uk\/campfire\/how-to-reset-a-users-password-in-wordpress\/","title":{"rendered":"How to reset a user’s password in WordPress"},"content":{"rendered":"
In this post, we’ll talk you through the two methods to reset someone’s password in WordPress: A) get them to do it themselves (via the password reset link), or B) you reset it for them via WP-ADMIN.<\/p>\n
Let’s look at both of those options in turn:<\/p>\n
This is your preferred route – the more users who can self-serve, the less of an admin headache for you. Let’s take a look at the steps you need to take:<\/p>\n
<\/p>\n
1)<\/strong> Ask the user to go to your login page (it should be something like https:\/\/{YOUR DOMAIN{\/wp-login\/<\/strong>)<\/p>\n <\/p>\n 2)<\/strong> Ask them to click the ‘Lost your password?<\/em>” link <\/p>\n 3)<\/strong>\u00a0When they click that link, they’ll see this screen:<\/p>\n <\/p>\n 4)<\/strong> They need to enter their username or email address)* and click [Get New Password]<\/strong>.<\/p>\n (*they’ll more likely remember their email address)<\/em><\/p>\n 5)<\/strong> The website will then send them an email with instructions about how to reset<\/strong> their password:<\/p>\n <\/p>\n Important!<\/strong> For security reasons WordPress does not email the person their new password. Instead, they need to click that link to set a new password.<\/p>\n [adrotate banner=”3″]<\/p>\n 6)<\/strong> The user will need to click the link in the email, this will take them to a screen like this:<\/p>\n <\/p>\n 7)<\/strong> WordPress will automatically generate a random, secure password for them & populate the New password<\/em> field with it. The user needs to make a note of the new password (hopefully in a secure password system like 1Password<\/a>), and then click [Reset Password]<\/strong><\/p>\n Note: If they choose to disregard the generated password and enter their own, WordPress is not going to allow them to enter an easily guessable, simple password – that’s just too great a security risk.<\/em><\/p>\n <\/p>\n 8)<\/strong> Once they have clicked [Reset Password<\/strong>], they shall see this screen\u2026<\/p>\n <\/p>\n 9)<\/strong> The user then needs to simply log back in via the usual login screen<\/p>\n <\/p>\n Bonus tip<\/strong>: if your site uses Google’s reCAPTCHA<\/a> to help protect against hackers, you may sometimes hit a problem where folks say they cannot log in. If you take a close look at the above screenshot, you’ll see that you have to agree to Google’s amended terms and conditions for you to proceed – this catches a lot of people out.<\/em><\/p>\n [adrotate banner=”4″]<\/p>\n Sometimes, for whatever reason, you’re going to need to reset someone’s password on their behalf.<\/p>\n To do that, take the following steps:<\/p>\n 1)<\/strong> Log in to your site as an Administrator<\/p>\n <\/p>\n 2)<\/strong>\u00a0 Go to the Users<\/strong> menu in WP-ADMIN.<\/p>\n <\/p>\n <\/p>\n 3)<\/strong> Click on All Users<\/strong><\/p>\n <\/p>\n 4)<\/strong> You’ll then be presented with a list of all your users.<\/p>\n <\/p>\n Bonus tip<\/strong>: if you have lots of Administrator users (e.g. over 5), you probably need to check who really needs that high level of access, and scale back to better protect your site.<\/em><\/p>\n <\/p>\n 5)<\/strong> If you hover the mouse over the user in question, you’ll see a small menu appears:<\/p>\n <\/p>\n <\/p>\n 6)<\/strong> Click the Edit<\/strong> option.<\/p>\n <\/p>\n 7)<\/strong> You will then be taken to the user edit<\/em> screen for that particular user.<\/p>\n Note: this screen is very long, so we’ll just screenshot the relevant bit this time<\/em><\/p>\n <\/p>\n <\/p>\n 8)<\/strong> Click [Generate Password]<\/strong><\/p>\n <\/p>\n Note As before, WordPress will not allow you to enter simple passwords – they do this to enforce better security on the site. Weak, easily guessable passwords are the simplest route into a WordPress site for hackers. So if the user was hoping for a password of BASEBALL or PASSWORD1234, they are fresh out of luck ;)<\/em><\/p>\n <\/p>\n 9)<\/strong> You will now need to let the user know this new password (as it does not automatically email it to them).<\/p>\n I would advise you text or WhatsApp the new password to the user, as it’s safer than email.<\/p>\n If you can get users to self serve and reset their own passwords, it will save you a management headache. However, as detailed above, sometimes you will have to reset the password for them.<\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" In this post, we’ll talk you through the two methods to reset someone’s password in WordPress: A) get them to do it themselves (via the password reset link), or B) you reset it for them via […] Read more <\/i><\/a><\/p>\n","protected":false},"author":2,"featured_media":43024,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[109,166],"tags":[],"acf":[],"yoast_head":"\nB) Resetting the user’s password for them<\/h2>\n
<\/h2>\n
Closing Thoughts<\/h2>\n