Your password is an integral part of your account security. As such, it is recommended to change your WordPress password on a six-month interval to improve security. Luckily, this is easy to do in WordPress.
Since changing passwords is a normal occurrence for any website, there are several ways to accomplish this like using PhpMyAdmin, but that can be a bit complicated for beginners. Instead, there are much simpler ways to do it.
Today, I will demonstrate how to change your password in WordPress using two methods.
Why Change Your WordPress Password?
There are multiple reasons why you should change your password. In fact, changing your password is so important there is an actual Change Your Password Day. The most obvious reason is security.
Did you know that 80% of cyber-attacks are the result of a weak or stolen password?
The truth is that when someone does obtain your password, they may not act on it immediately, or in a way you can detect. As such, if you change your password regularly, there is a chance they will miss your opportunity to take advantage of it.
In fact, sometimes they will just log into the account to verify it works and see what they can do without doing anything. For instance, perhaps they are reading your private information, which may not set off any red flags from the site.
As such, changing your password prevents someone from having constant access to your account if the password is compromised.
Sadly, many users still ignore basic password tips like reusing passwords on multiple websites. Changing your password regularly makes it less likely that you are using a password from another site unless the user goes out of their way to change every password they have.
Regardless, changing your password has a lot of advantages, thus it is no surprise that security experts advise changing your password regularly.
Changing Your Password in WordPress
As I said at the start, changing your password is easy and there are several ways to go about it. The first way is using the built-in method WordPress provides. It is easy to do and really only takes a minute to accomplish.
The second method is using the Frontend Reset Password plugin to do it. This plugin creates a simple interface for users to change their password on the front end. It also only takes a few minutes to set up.
Let’s start with the built-in method.
Method 1: WordPress Password Changer
To accomplish this method, the user simply needs to be logged into WordPress to access their WordPress profile. From there, they can change their password. It is important to point out that an administrator account can use this method to change any user’s password.
On the left-hand admin panel, click on Users and select the Profile option. If you are an admin looking to change another user’s password, simply select the All Users option and select the user you wish to change.
Scroll down until you find the Account Management section. Click on the “Set New Password” button.
WordPress will generate a new strong password underneath this button. You can feel free to use that, or just enter your own password into the box. Just be sure that whatever you choose as your new password, you remember it or write it down.
Note: For more tips on creating a password, check out the Password Tips section at the bottom.
After you have entered the new password, simply scroll down and click on the “Update Profile” button. And that’s it.
Method 2: Using Frontend Reset Password
The Frontend Reset Password plugin is quite a simple tool. All it does is require you to set up pages through its settings or add the appropriate shortcodes to a post or page. This will generate a reset password option where users just need to enter their email.
Once they do, they will receive an email with a URL link to where they can set a new password. It’s incredibly easy and since it is from the frontend, it benefits all users. Just be mindful that emails are not exactly secretive.
As such, it is possible for user to enter someone else’s email. They will still need access to that email to get the link but be aware this can send out some false flags. Either way, let’s get right into it.
Step 1: Install Frontend Reset Password
Let’s start by clicking on Plugins and selecting the Add New option on the left-hand admin panel.
Search for Frontend Reset Password in the available search box. This will pull up additional plugins that you may find helpful.
Scroll down until you find the Frontend Reset Password plugin and click on the “Install Now” button and activate the plugin for use.
Step 2: Set Up the Pages
The plugin is pretty simple to use. The first, and really only thing you need to do is actually tell the plugin what pages it should operate on. In this case, I would recommend taking a minute to create a new page.
You may title this anything you want. In my case, I am just naming it Password Reset Request. On this page, you just need to enter the [reset_password] shortcode. Then just publish the changes. We will use this page in the settings.
Once that is done, click on Settings and select the Frontend Reset Password option.
You will see three drop-down options in the General settings option. They include Reset Password Page, Reset Email Sent, and New Password Saved. You only need to choose the Reset Password Page.
All of the other options are optional if you choose to use custom pages. Simply choose the page you just created with the shortcode.
Below this, you will find some additional options for customizing the messages that users will see. The default options are all more than enough for most sites, but if you would like to customize the message, feel free to. Simply save the changes when you are done.
Step 3: Change Your WordPress Password
Once you have finished with the settings, all that is left is to actually change your password. start by visiting the page you chose for the Reset Password Page (the first option).
When you visit it, you should see a small box asking you to enter the email associated with your account. Do so and click on the “Reset Password” button.
This will see a message appear above this box telling you an email has been sent. Check your email to see a URL link that will lead you to the password reset. Then simply enter the new password and you are done.
This method is easier if you want to help non-tech-savvy users reset their passwords, but otherwise, not worth the trouble.
Password Tips
If there is one thing you will constantly see mentioned whenever you look into any kind of security topic, it is your password strength.
Password strength refers to the complexity of your password. A strong password should contain a random assortment of characters including upper case letters, lower case letters, numbers, and symbols.
The longer it is, the lower the chance that it will be cracked in a brute-force attempt.
Most websites will help you by providing a password generator that will provide a strong password for you. However, as most people know, these passwords are not something you can just memorize on the spot. As such, most users create their own.
Unfortunately, they do a really bad job at it. They typically include common phrases and information that most people know about them like their name, age, date of birth, children, and so on.
Typically, if you know the person well enough, you can guess the password.
These are all examples of things NOT to include in your password.
Instead, you should create a unique phrase that only you will know and that does not contain any personal information. It should also include numbers, symbols, and upper-case letters. If you do this, it is considered a strong password.
Another common mistake users make is using the same password on multiple accounts. Do not do this. Each account should have a unique password. Otherwise, the moment one account is compromised, every account that shares that password can also be cracked.
If you have trouble memorizing passwords, use a Password Manager to help you.
FAQ
The general rule of thumb is every 6 months; however, some security experts also recommend changing your password quarterly.
WordPress has a “forgot your password” option that can help you recover the account. Alternatively, you can change it using PhpMyAdmin as another way to get into your website.
Yes. Web hosting companies are trained for this very occurrence and can help you quickly secure your account. They can also scan your website for malware or any other malicious activity.
Yes. 2FA is a great way to keep your account secure even when the password has been compromised. Without access to an email or your smartphone, they still cannot get in even with the password.
If you still have access to it, immediately change the password. If not, contact the site administrator or web host for additional assistance.
Change Your WordPress Password Today
As you can see, it is pretty easy to change the login credentials in WordPress. While using the built-in method, is my recommendation, the frontend approach offered by the plugin has its advantages.
In either case, I hope you found this tutorial helpful for learning how to change your WordPress password.
Why did you change your WordPress password? How often do you change your WordPress password?