Skip to main content

Managing User Passwords in WordPress

This article guides you how to reset your password from login page. There are also instructions how administrator can reset users password within the dashboard and how to manage passwords within command line with SSH connection.

WordPress has powerful built-in tools for managing user passwords from within the dashboard, command line and the login page itself. These secure and easy to use password management tools are useful in multiple situations, for example in the case of a forgotten or stolen password. The command line tools are especially useful with sites that have tens or even hundreds of users and managing the passwords one by one would become too time consuming.

Forgotten Password

The forgotten password feature is the easiest way for a user to create a new password on their own. The tool can be found on the login page of WordPress, which can be accessed by adding /wp-admin to the end of the WordPress home URL, for example https://example.com/wp-admin

After clicking the forgotten password link below the login form, the user is asked for their username or email, after which a password reset link is email to them and they can create a new password for their account.

The Administrator Resets the Password

An administrator can change the password for any user on the site and send the new password to the user. This is done in the dashboard under the "Users" tab. The administrator can also prevent a user from logging in without deleting the user by changing their email address and password. As a result, the posts written by the user remain, but the user cannot login or reset their password anymore.

Command Line Password Management

It is also possible to manage passwords by command line with SSH connection. Use this command to check users ID number for the site:

wp user list

You can reset the password for the desired user using the following command (in this case ID number is 4):

wp user reset-password 4 --show-password

Now the password has been reset and you may login to dashboard with the new one shown in the command line.

In a case where a site has multiple users and, for example, all the passwords need to be reset, the command line is the best way to do this. To reset the password of all the users on the site, start by connecting to the WordPress site with SSH and using the command:

wp-reset-all-passwords

The passwords have now been reset. We recommend that you also run the following command to log everyone out, in case a user was logged in at the time of the password change:

wp-reset-all-sessions

After completing these steps, all users must create a new password when they log in again. This type of measure is necessary, for example, when you want to ensure that only authorized parties have access to the site.

Related Articles
How to Use WP-CLI Tools?
Logging in to the WordPress Site
Restoring a Website Backup
Migration Method 2: SSH & WP-CLI
List of Commands and Tools
Did this answer your question?