Learn how to effectively protect the administration area of your WordPress blog from hackers and brute force attacks with .htaccess directory protection.How to protect WordPress login with .htaccess
Learn how to change your WordPress username and password from the web-based WordPress admin page, or directly in the database.
- WordPress password security
- Editing users on the web admin panel
- Changing the WordPress Nickname/Display Name
- Changing the WordPress Username/Login Name
- Resetting a lost WordPress password
- Resetting a lost WordPress password if it cannot be emailed
- Changing your WordPress password
- Changing the password for a different WordPress user
WordPress Managed Hosting with IONOS!
Start your website quickly and benefit from the most secure and up-to-date version of WordPress!
WordPress password security
Learn some of the steps you can take to improve your WordPress password security, which can help prevent your site from being hacked.
Don't use "Admin" as a username
Regardless of what username you choose here, you can set it to be displayed as anything you like on your blog. If you want posts to show as being authored by “Admin,” you can set that as the Display Name on the Edit Profile page later.
Forcing a strong password
If you have other users on your blog, you can force everyone to use a strong password with the Force Strong Passwords plug-in.
Limiting the login attempts
By limiting the number of failed login attempts, you can prevent scripts from trying thousands of passwords in an attempt to find one that fits. This can compromise your blog if you have not set a secure password, and the flood of login attempts can seriously impact your web server’s performance.
Securing the WordPress password file
To help prevent people from stealing and potentially using this password, you can block access to it in a .htaccess file in your document root. Add this section to the file:
<files wp-config.php> order allow,deny deny from all </files>
Then restart Apache for the changes to take effect.
Consider using two-factor authentication
Two-factor authentication is extremely secure. To log in to your WordPress blog you will need to enter both your username and password, and a code from your smartphone.
Before setting up two-factor authentication, you will need to balance your desire for security with the hassle of adding an extra step to the login process.
Also, not everyone has a smartphone, and those who do have smartphones may not have them available when they are trying to log in to the blog. For example, some workplaces and school campuses block the use of smartphones on their property.
To enable two-factor authentication for your blog, you can use a plugin like Wordfence, which provides many additional security features.
Editing users on the web admin panel
Begin by logging into your blog at the admin page:
Go to Users -> All Users
Changing the WordPress Nickname/Display Name
Then click the blue Update button at the bottom of the page. This button will say either Update Profile or Update User, depending on whether you are editing your own or another user's account.
Changing the WordPress Username/Login Name
If you are proficient with MySQL, you can change the WordPress username (login name) directly in the database using the IONOS phpMyAdmin interface. Be sure to create a backup of your database before you begin.
An easier and safer way to change the username is to create a new user, give it Administrative privileges, then delete the old user.
First, create a backup of your WordPress database, as mistakes here can be costly. Follow the steps in this article to back up your WordPress database.
Next, return to your WordPress admin panel. Go to Users -> Add New to create a new user.
Resetting a lost WordPress password
The page will prompt you to enter either your username or your email address. The new password will be emailed to the address that is set for the username.
Resetting a lost WordPress password if it cannot be emailed
If you do not have access to the email address for your WordPress account, or there is some other reason that the standard password recovery won’t work, you can change your password directly in the MySQL database from the command line.
Warning: This procedure is risky. Create a backup of your WordPress database first.
The most common reason for this problem is that the email address for the account is no longer valid.
For any user other than the admin user, you can log in to WordPress and update that user’s password. But if you lose your admin password and cannot use the “lost password” reset, you will have to edit the database directly.
Dedicated Hosting - Powerful web hosting with dedicated hardware
Fast and scalable, starting from $55/month!
Backing up the database
Editing your WordPress database directly can damage the database if done incorrectly. Before you begin, back up your database.
Connect vi SSH to your server and create a backup copy of your database from the command line. In the following example, the database is called "mydatabase":
mysqldump –u root –p mydatabase > mydatabase.sql
You will be prompted to enter the MySQL user’s root password. Your backup file (dumpfile.sql) will be created.
Changing the WordPress admin password in the database
Log in to MySQL and use your WordPress database with the command:
mysql –u root –p mydatabase
You will be prompted to enter the MySQL user’s root password.
To update the admin user's password, you will need the login name - not the display name. If you need to find this information, you can display all login names with the command:
select user_login from wp_users;
Next, update the password of the admin user (called “adminuser” in this example) with the command:
This will update the password with an MD5 hash for security reasons.
update wp_users set user_pass = MD5('new_password') where user_login = "adminuser";
Changing your WordPress password
This will generate a new password for the account. Make a note of the new password, then change the password by clicking Update Profile.
Changing the password for a different WordPress user
This will generate a new password for their account. Change their password by clicking Update User.
Caution: Be sure their email address is correct before clicking Update User. This is the email address where WordPress will send the new password.
Be sure their email address is correct before clicking Update User. This is the email address where WordPress will send the new password.