Skip to content
Read For Learn
Read For Learn
  • Database
    • Oracle
    • SQL
  • C
  • C++
  • Java
  • Java Script
  • jQuery
  • PHP
Read For Learn
  • Database
    • Oracle
    • SQL
  • C
  • C++
  • Java
  • Java Script
  • jQuery
  • PHP

Cant login, Password MUST be reset error, after reset

There’s a whole article on this in the Codex:
http://codex.wordpress.org/Resetting_Your_Password

I’m partial to the Emergency Password Script, but the FTP method is probably also equally as easy. Upload the following as a file to your server. Visit its URL and follow the prompts. Immediately delete the file from your server. 

<?php
/*
    This program is free software; you can redistribute it and/or modify
        it under the terms of the GNU General Public License as published by
        the Free Software Foundation; either version 2 of the License, or
        (at your option) any later version.

    This program is distributed in the hope that it will be useful,
        but WITHOUT ANY WARRANTY; without even the implied warranty of
        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
        GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
        along with this program; if not, write to the Free Software
        Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
*/

require './wp-blog-header.php';

function meh() {
    global $wpdb;

    if ( isset( $_POST['update'] ) ) {
        $user_login = ( empty( $_POST['e-name'] ) ? '' : sanitize_user( $_POST['e-name'] ) );
        $user_pass  = ( empty( $_POST[ 'e-pass' ] ) ? '' : $_POST['e-pass'] );
        $answer = ( empty( $user_login ) ? '<div id="message" class="updated fade"><p><strong>The user name field is empty.</strong></p></div>' : '' );
        $answer .= ( empty( $user_pass ) ? '<div id="message" class="updated fade"><p><strong>The password field is empty.</strong></p></div>' : '' );
        if ( $user_login != $wpdb->get_var( "SELECT user_login FROM $wpdb->users WHERE ID = '1' LIMIT 1" ) ) {
            $answer .="<div id='message' class="updated fade"><p><strong>That is not the correct administrator username.</strong></p></div>";
        }
        if ( empty( $answer ) ) {
            $wpdb->query( "UPDATE $wpdb->users SET user_pass = MD5('$user_pass'), user_activation_key = '' WHERE user_login = '$user_login'" );
            $plaintext_pass = $user_pass;
            $message = __( 'Someone, hopefully you, has reset the Administrator password for your WordPress blog. Details follow:' ). "\r\n";
            $message  .= sprintf( __( 'Username: %s' ), $user_login ) . "\r\n";
            $message .= sprintf( __( 'Password: %s' ), $plaintext_pass ) . "\r\n";
            @wp_mail( get_option( 'admin_email' ), sprintf( __( '[%s] Your WordPress administrator password has been changed!' ), get_option( 'blogname' ) ), $message );
            $answer="<div id='message' class="updated fade"><p><strong>Your password has been successfully changed</strong></p><p><strong>An e-mail with this information has been dispatched to the WordPress blog administrator</strong></p><p><strong>You should now delete this file off your server. DO NOT LEAVE IT UP FOR SOMEONE ELSE TO FIND!</strong></p></div>";
        }
    }

    return empty( $answer ) ? false : $answer;
}

$answer = meh();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <title>WordPress Emergency PassWord Reset</title>
    <meta http-equiv="Content-Type" content="https://wordpress.stackexchange.com/questions/127003/<?php bloginfo("html_type' ); ?>; charset=<?php bloginfo( 'charset' ); ?>" />
    <link rel="stylesheet" href="https://wordpress.stackexchange.com/questions/127003/<?php bloginfo("wpurl' ); ?>/wp-admin/wp-admin.css?version=<?php bloginfo( 'version' ); ?>" type="text/css" />
</head>
<body>
    <div class="wrap">
        <form method="post" action="">
            <h2>WordPress Emergency PassWord Reset</h2>
            <p><strong>Your use of this script is at your sole risk. All code is provided "as -is", without any warranty, whether express or implied, of its accuracy, completeness. Further, I shall not be liable for any damages you may sustain by using this script, whether direct, indirect, special, incidental or consequential.</strong></p>
            <p>This script is intended to be used as <strong>a last resort</strong> by WordPress administrators that are unable to access the database.
                Usage of this script requires that you know the Administrator's user name for the WordPress install. (For most installs, that is going to be "admin" without the quotes.)</p>
            <?php
            echo $answer;
            ?>
            <p class="submit"><input type="submit" name="update" value="Update Options" /></p>

            <fieldset class="options">
                <legend>WordPress Administrator</legend>
                <label><?php _e( 'Enter Username:' ) ?><br />
                    <input type="text" name="e-name" id="e-name" class="input" value="<?php echo attribute_escape( stripslashes( $_POST['e-name'] ) ); ?>" size="20" tabindex="10" /></label>
                </fieldset>
                <fieldset class="options">
                    <legend>Password</legend>
                    <label><?php _e( 'Enter New Password:' ) ?><br />
                    <input type="text" name="e-pass" id="e-pass" class="input" value="<?php echo attribute_escape( stripslashes( $_POST['e-pass'] ) ); ?>" size="25" tabindex="20" /></label>
                </fieldset>

                <p class="submit"><input type="submit" name="update" value="Update Options" /></p>
            </form>
        </div>
    </body>
</html>

Related Posts:

  1. Check for correct username on custom login form
  2. Right practice to edit WP reset password email
  3. Forgot Password/ Password Reset Page does not exist
  4. How can I change the email sender name from wordpress to (myblogname) on the “lost password” email?
  5. WordPress password reset not working
  6. Customize From and email address on password reset
  7. How to login with email only no username?
  8. Disable user registration password email
  9. Missing URL in password reset email
  10. What are the differences between wp_users and wp_usermeta tables?
  11. Editing ‘Password Reset’ E-mail
  12. How can I send a welcome email to a user AFTER they login for the first time?
  13. Customize wp_new_user_notification_email()
  14. Login email after registration never sent or received
  15. Add Confirm Password field in wp-login.php Password Reset page
  16. How can I modify the default reset (lost) password email text?
  17. How to customise wp-login.php only for users who are setting a password for the first time?
  18. Give visitor access to password protected page/post via external script
  19. Send reset password link to user from custom lost password form
  20. How can I retrieve the username and password from my WordPress installation?
  21. password protect individual pages
  22. Problem with logging in WP users automatically
  23. How to determine if a user has not changed default generated password
  24. Private page protected with username and password
  25. reset password link redirect to login page
  26. Password protect media attachment – share across guests
  27. Password reset – Disabled for LDAP accounts
  28. Why wp_update_user doesn’t update user_activation_key on users with apostrophes in their email?
  29. Correct passwords keep appearing as incorrect
  30. Forgot password needs to redirect from wp-login to a custom page
  31. Redirect login page except on reset pass
  32. How can I change the email that is inside the default email texts of wordpress?
  33. How to password-protect everything except the logo
  34. Generate email on meta value update
  35. Why is wp-login trying to send an email?
  36. Is there anyway to get the inputted password string from the login form?
  37. Invalidate username if it contains @ symbol
  38. How can I password protect a WordPress site without requiring users to log in?
  39. Password not resetting on wordpress?
  40. autocomplete=”off” WordPress Login
  41. WordPress not logged in locally with correct username and password
  42. wordpress login without password just email address (NO 2 factor authentication with email)
  43. Sending new registration meta values to admin by email
  44. Can I protect a type of content site-wide with a single password?
  45. Password recovery URL has error – but not found in code or db
  46. Log in with email but no password
  47. Temporally disable password to login with empty password?
  48. I need to find which is the file that checks the DB for correct login (username, password)
  49. Updated : how to make email optional while user registration using default wordpress form
  50. Login form does not store/remember/suggest users password
  51. How to invalidate `password reset key` after being used
  52. New user password confirmation sending wrong URL
  53. Locked out of WordPress admin area [closed]
  54. Global login to password protected pages
  55. Disable / Remove Password for Login WordPress
  56. WordPress does not send email confirmation to newly registered users
  57. How to password protect pages in WordPress
  58. confirmation email is send from my local host registration of a user but mail will not display in there email account?
  59. Chosen user password in registration is not being accepted on Login
  60. User login without username, only password
  61. wp-login.php just refreshes the form fields
  62. Login just resets/reset password link also does not work
  63. wp_lostpassword_url not escaped
  64. Trouble logging in and/or changing password
  65. Cannot login with correct username and password anymore
  66. Log in a user upon password reset?
  67. password reset link not being sent
  68. In Django, how do I know the currently logged-in user?
  69. Can I programmatically login a user without a password?
  70. Can’t log in: “ERROR: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress.”
  71. Is there any way to rename or hide wp-login.php?
  72. How can I redirect user after entering wrong password?
  73. Increase of failed login attempts, brute force attacks? [closed]
  74. Login page ERROR: Cookies are blocked due to unexpected output
  75. Separate registration and login for different roles
  76. SSO / authentication integration with external ‘directory service’
  77. Preventing session timeout
  78. How reduce wordpress login session timeout time?
  79. How to prefill WordPress registration with social details
  80. wordpress redirect after password reset
  81. Disallow user from editing their own profile information
  82. I can’t access my site via wp-admin
  83. ‘Password field is empty’ error when using autofill in Chrome
  84. Removing username from the ‘wordpress_logged_in’ cookie
  85. How to show ‘login error’ and ‘lost password’ on my template page?
  86. How do I require authorization / login to view a specific set of posts / pages?
  87. What is $interim_login?
  88. Custom login form
  89. How to prefill the username/password fields on the login page
  90. wp_signon returns user, but the user is not logged in
  91. How to protect pages with double authentication: password + email (in custom field)
  92. Adding extra authentication field in login page
  93. How do I create a password reset link?
  94. Email user when password is reset by admin
  95. Replacing the WordPress password validation
  96. Prevent wp_login_form() from redirecting to wp-admin when there are errors
  97. Redirect user using the ‘wp_login_failed’ action hook if the error is ’empty_username’ or ’empty_password’
  98. wp_signon() does not authenticate user guidance needed
  99. What exactly is ReAuth?
  100. Login members using web services
Categories login Tags email, login, password, Reset
Read more button not working
Fixing plugin for wpdb::prepare

Recommended Hostings

Cloudways: Realize Your Website's Potential With Flexible & Affordable Hosting. 24/7/365 Support, Managed Security, Automated Backups, and 24/7 Real-time Monitoring.

FastComet: Fast SSD Hosting, Free Migration, Hack-Free Security, 24/7 Super Fast Support, 45 Day Money Back Guarantee.

Recent Added Topics

  • Bug in translation system: load_theme_textdomain() returns true, files are available and accessible but the language defaults to english
  • Custom Elementor controls not appearing in the widget Advanced tab using injection hooks
  • Get the name of the template/*html file used
  • Trying to Add Paging to Single Post Page
  • Sharing media files between live and staging servers
  • How to display the description of a custom post type in the dashboard?
  • Critical error on image display
  • Copying WP data and files into new install?
  • How to determine the DirectAdmin WordPress backup date?
  • How to get list of ALL tables in the database?
© 2026 Read For Learn
  • Database
    • Oracle
    • SQL
  • algorithm
  • asp.net
  • assembly
  • binary
  • c#
  • Git
  • hex
  • HTML
  • iOS
  • language angnostic
  • math
  • matlab
  • Tips & Trick
  • Tools
  • windows
  • C
  • C++
  • Java
  • javascript
  • Python
  • R
  • Java Script
  • jQuery
  • PHP
  • WordPress