WordPress
Online WordPress Bcrypt Hasher Tool
New Online Bcrypt Password Hasher Tool for WordPress 6.8.x – Securely Reset Admin Passwords
How to Reset WordPress Passwords Now That MD5 is No Longer Supported
For years, WordPress site administrators have relied on a simple trick to reset user passwords directly in the database: using MD5 hashing in phpMyAdmin. This method allowed site owners to quickly regain access to a locked-out admin account without needing email access or a password reset link. However, as of WordPress 6.8.x, this is no longer an option.
Why Did WordPress Drop MD5 Hashing?
WordPress has always prioritized security, and as cyber threats evolve, so do the platform’s security protocols. MD5 is an outdated hashing algorithm that is vulnerable to brute force attacks, making it an insecure method for storing passwords. To improve security, WordPress has now switched to bcrypt hashing by default, which provides stronger encryption and better protection against password cracking.
What This Means for WordPress Admins
If you ever need to reset a WordPress password directly via phpMyAdmin, you can no longer simply enter an MD5 hash. Instead, you must generate a bcrypt-encrypted password and update the user_pass field manually.
How to Generate a Bcrypt-Encrypted Password
Since bcrypt hashing is more complex than MD5, you’ll need a way to generate a proper hash before updating the database.
Step 1: Generate the Bcrypt-Hashed Password
– Enter your new password in the form field.
– Click “Hash Password” to generate the hashed version.
– Copy the bcrypt hash that appears.
Step 2: Access phpMyAdmin
– Log into phpMyAdmin (usually found in your web hosting control panel).
– Find and click on the wp_users table (your prefix may be different, e.g., wpxyz_users).
Step 3: Update the Password in the Database
– Locate the user account you want to reset.
– Click Edit next to the user.
– In the user_pass field:
– Delete the existing value.
– Paste the bcrypt hash you copied earlier.
– Ensure the field type is VARCHAR(255) (this should already be set).
– Click Go or Save Changes to apply the update.
Step 4: Log Into WordPress
Go to your WordPress login page (yourwebsite.com/wp-login.php).
– Enter your username and the new password you created.
– You should now be able to log in successfully.
Your password has now been successfully updated! 