How to Recover WordPress Password and Username?

Losing access to your WordPress website can feel overwhelming, especially if you’re unsure where to start. Fortunately, WordPress offers several ways to recover your password and username, whether you’re a beginner or a seasoned user. This guide will walk you through all the methods to safely recover WordPress password and username. Plus, you’ll learn best practices to maintain security and prevent future lockouts.

What is WordPress Account Recovery?

WordPress account recovery involves restoring access to your website’s admin dashboard when login credentials are forgotten, lost, or compromised. This includes resetting your password, finding your username, and managing user roles to maintain site security.

Whether you manage a personal blog or run a business website, regaining access quickly is critical to maintaining uptime and avoiding disruption.

Understanding Password Security and Why It Matters

A strong password is your first line of defense against unauthorized access. Weak passwords leave your WordPress site vulnerable to brute-force attacks, where hackers try to guess your login information. So, what makes a strong password:

• Use a combination of uppercase and lowercase letters.
• Include numbers and special characters.
• Avoid using easily guessed information like birthdays or names.
• Don’t reuse passwords from other accounts.

Pro Tip: Use a password manager like LastPass or 1Password to generate and securely store your complex passwords.

Know more: How to Avoid Your Site from Common WordPress Attacks

Methods to Recover WordPress Password and Username

These methods will help you reset and recover your WordPress password and username.

Method 1: Accessing the WordPress Admin Dashboard

Before you can reset anything, you need to attempt logging in through the WordPress login page. The default URL is:

yourdomain.com/wp-login.php

If you remember your username but forgot your password, click on the “Lost your password?” link under the login form.

You’ll receive a reset link via email. Follow the link, enter your new admin password, and regain access to your dashboard.

Learn: How to Disable Content Sniffing in WordPress for Better Security

Method 2: Resetting Your WordPress Password

Resetting your password is the most straightforward way to regain access to your WordPress admin dashboard. WordPress offers a few different methods to accomplish this, depending on your access level and the situation.

Option A: Use the “Lost your password?” Link

The easiest and most user-friendly method is using the built-in password reset feature.

Here’s how you can do it:

• Visit your WordPress login page by navigating to yourdomain.com/wp-login.php.

• Click on the “Lost your password?” link located just below the login form.

• Enter your username or the email address associated with your WordPress account.

• WordPress will send a password reset link to your registered email address.

• Open your email inbox, click the link, and follow the instructions to create a new, secure password.

Once the process is complete, return to the login page and log in using your new credentials.

Note: If you don’t see the reset email in your inbox, check your spam or junk folder. Also, make sure your website is properly configured to send emails. SMTP plugins can help with this.

Option B: Use phpMyAdmin to Manually Reset Your Password

If you’re unable to receive the password reset email, don’t worry. You can reset your password directly from your website’s database using phpMyAdmin, a common tool available in most web hosting control panels like cPanel or Plesk. Follow these steps:

• Log into your web hosting control panel (typically cPanel).

• Look for and open phpMyAdmin under the Databases section.

• In the left sidebar, locate and select your WordPress database.

• Find and click on the table named wp_users (note: the table prefix may vary depending on your installation).

• Look for your username in the list and click the Edit option next to it.

• In the user_pass field, select MD5 from the function dropdown.

• Enter your new password in plain text into the Value field.

• Scroll down and click Go to save your changes.

After you’ve completed these steps, head back to your login page and try logging in with your new password.

Important: Using MD5 to hash passwords is acceptable for this method because WordPress will automatically rehash the password with a more secure algorithm the next time you log in.

Method 3: Recovering or Finding Your WordPress Username

Often, WordPress users forget their exact username but still have access to their email. If you can receive the reset email, it usually includes your username. Alternative methods include:

• Check Your Database: Use phpMyAdmin to find your username in the wp_users table.

• File Manager: Navigate to wp-content/themes/your-theme/functions.php and add:

echo 'Username: ' . wp_get_current_user()->user_login;

Reload your site, note the username, and remove the code immediately after.

Read about: Hire an MSSP for WordPress for Full-Spectrum Security

Method 4: Using the Emergency Password Reset Script

If traditional recovery methods like email reset links or phpMyAdmin access aren’t working, don’t panic. As a last resort, WordPress offers an emergency password reset script that allows you to regain access securely and directly. 

This method is especially helpful if:

• Your email isn’t delivering reset messages.
• You don’t have database access.
• You need an urgent way back into your site.

How to Use the Emergency Password Reset Script

Follow these steps carefully:

• Download the emergency script from the official WordPress support page: Emergency Password Reset Script

• Access your site via FTP or File Manager (in your hosting control panel like cPanel).

• Upload the emergency.php file to your site’s root directory. This is usually the same folder where wp-config.php is located.

• Navigate to the script in your browser by entering: yourdomain.com/emergency.php

• Fill out the form by entering: Your WordPress username and your new secure password.

• Click “Update Options” to reset your password.

• Log in to your WordPress dashboard using your new password.

• Immediately delete the emergency.php file from your server after use. This is critical, as leaving the script online could pose a serious security risk.

Important: Only use this method if you’ve exhausted other recovery options. The script bypasses typical WordPress login protocols, which is why it should be handled with extra caution.

Managing Admin Users and Passwords

Managing admin users effectively is crucial to maintaining your WordPress site’s security. Admin accounts have full control over the website, including access to sensitive settings, plugin management, and user data.

Therefore, it’s essential to monitor who has this level of access and ensure that login credentials remain secure. Here’s how you can manage admin users in WordPress:

• Log into your WordPress dashboard using your administrator credentials.

• In the left-hand menu, go to Users → All Users. This page will display a list of all registered users on your website, along with their assigned roles.

From here, you can:

• Add New Users: Click “Add New” to create new user accounts. Be sure to assign the appropriate role, only assign the “Administrator” role if absolutely necessary.

• Edit Existing Roles: Click “Edit” under a user’s name to change their role. To reduce risk, you can downgrade unnecessary admin accounts to lower privileges such as “Editor” or “Author.”

• Manually Reset Passwords: If a user forgets their password, you can reset it from their profile page. Simply scroll down to the Account Management section and click “Set New Password.”

Check out: WordPress Security Mistakes to Avoid

Limiting Login Attempts for Administrator Password

By default, WordPress allows users to try logging in as many times as they want. Unfortunately, this makes your site vulnerable to brute-force attacks, where hackers repeatedly attempt to guess your username and password until they gain access. To prevent this, it’s important to limit the number of login attempts allowed.

Why Does It Matters?

When login attempts are unrestricted, malicious bots can try thousands of combinations in a short period. However, restricting these attempts can significantly reduce the risk of unauthorized access.

Recommended WordPress Plugins

To implement this security measure, you can use one of the many trusted WordPress plugins. Here are two highly recommended options:

• Limit Login Attempts Reloaded: A popular plugin that allows you to set maximum login attempts and temporarily lock out users after failed attempts. It’s simple to configure and widely trusted.

• WP Limit Login Attempts: Another effective tool that provides customizable settings. It allows you to define the number of retries, lockout durations, and notification preferences.

What These Plugins Allow You to Do?

With either of these plugins, you can:

• Set a limit on the number of login attempts per IP address.
• Temporarily lock out users who exceed the limit.
• Automatically notify you via email when suspicious login behavior is detected.
• Whitelist or blacklist IP addresses, depending on your needs.

How to Configure the Plugin?

Once you’ve installed and activated your chosen plugin:

• Navigate to your WordPress dashboard.

• Go to Settings → Limit Login Attempts (the name may vary slightly depending on the plugin).

• Configure the settings, such as maximum login retries, lockout time duration, number of lockouts before a longer ban, and email alert preferences.

Tip: Be sure to test your configuration to avoid accidentally locking yourself out.

Read more: Best WordPress Malware & Security Scanners

Adjusting WordPress Account Settings

Your WordPress account settings are more than just a place to update your name or email; they play a vital role in maintaining the security and integrity of your user profile. Regularly reviewing and adjusting these settings ensures that your account remains secure and up to date.

How to Access Your Account Settings

To begin managing your settings:

• Log into your WordPress dashboard.

• In the left-hand menu, go to Users → Profile (sometimes labeled “Your Profile” depending on your theme or plugins).

This section contains all of your personal and login-related details.

What You Can Do Here

Once you’re in your profile, you can:

• Update your email address: Make sure your account is linked to an active, secure email address for password recovery and notifications.

• Change your password: Scroll down to the Account Management section and click “Set New Password.” It’s a good practice to update your password every few months using a strong, unique combination.

• Edit personal information: You can update your display name, biographical info, and contact methods. This is important for multi-author sites or user-based permissions.

• Customize the dashboard view: Adjust the visual editor and toolbar preferences to suit your workflow.

Know more: Ultimate WordPress Security Guide

Enhance Security with Two-Factor Authentication

One of the most effective ways to secure your WordPress account is by enabling Two-Factor Authentication (2FA). This adds an extra layer of protection by requiring a second form of verification, such as a code from your mobile device.

To enable 2FA:

• Install a security plugin like WP 2FA or Wordfence.

• Follow the plugin’s setup wizard to connect your account to an authenticator app (like Google Authenticator or Authy).

Test the login process to ensure everything is working correctly.

Tip: Make sure to store your backup codes in a safe place in case you lose access to your authenticator app.

Why Regular Reviews Matter

It’s easy to forget about your account settings after initial setup, but revisiting them periodically helps you:

• Spot unusual changes, such as an unfamiliar email address or altered display name.
• Revoke access for third-party applications or plugins you no longer use.
• Ensure your profile is secure and aligned with best practices.

Troubleshooting Common Issues

Even after trying all the recovery methods, you might still find yourself locked out of your WordPress site. Don’t worry; this section covers some of the most common issues users face during login recovery and practical solutions to resolve them.

Issue 1: Not Receiving the Password Reset Email

One of the most frequent problems is not getting the password reset email. Here’s what you can do:

• Check your spam or junk folder: Email clients sometimes misclassify automated emails. Look for messages from “WordPress” or your domain’s admin email.

• Whitelist WordPress-related emails: Add your site’s admin email address to your email contact list to ensure better delivery in the future.

• Use an SMTP plugin: WordPress’s default PHP mail function can be unreliable. To improve deliverability, install a plugin like WP Mail SMTP. This plugin lets you send emails via a trusted SMTP service like Gmail, SendGrid, or Mailgun.

Tip: After setting up WP Mail SMTP, test your email settings under WP Mail SMTP → Tools → Email Test to confirm it’s working properly.

Issue 2: Incorrect Username or Password

If you’re getting login errors, it’s possible you’re entering the wrong credentials. Here’s how to troubleshoot:

• Double-check your username and password: WordPress usernames are case-sensitive. Be sure there are no typos or extra spaces.

• Try a different browser or use incognito mode: Sometimes browser extensions or cached sessions interfere with login. Switching to private browsing can help isolate the issue.

• Clear your browser’s cache and cookies: This ensures your login form isn’t pre-filled with outdated credentials or session data.

Pro Tip: If you’re unsure of your username, you can find it in your WordPress database using phpMyAdmin under the wp_users table.

Issue 3: Locked Out Due to Too Many Failed Login Attempts

Security plugins like Limit Login Attempts Reloaded are great for blocking brute-force attacks, but they can also lock you out after multiple failed attempts. Here’s how to regain access:

Wait for the lockout duration to expire: Most plugins have a timed lockout (e.g., 15 minutes to 24 hours). Try again later.

Disable the login limiter plugin via FTP or File Manager:

• Access your site files via an FTP client or your hosting panel’s File Manager.

• Navigate to wp-content/plugins/.

• Rename the folder of the plugin causing the lockout (e.g., change limit-login-attempts to limit-login-attempts-disabled).

• Refresh your login page and try again.

Once you’re back in, consider reactivating the plugin with updated settings that balance security and convenience.

Comparison: Malware Removal Services vs Website Security Services

Final Thoughts

Recovering your WordPress username and password doesn’t need to be stressful. From simple password resets to using phpMyAdmin or emergency scripts, you have multiple tools at your disposal.

But prevention is just as important as recovery. By strengthening your passwords, limiting login attempts, and keeping your site updated, you can avoid most issues before they occur. Take action today, and keep your WordPress site safe and accessible.

WordPress Password and Username FAQs