How to Use Emergency WordPress Password Reset Script

By 14-03-2013   BloggingSecurityTutorialsWordPress
Tweet Share Email Share  

Have your ever used the Emergency Password Reset Script to resolve WordPress login errors? Today I had a shock as I could not login to one of our smaller WordPress blogs, and the password stopped working. The Forgot password link which was supposed to send the password to the account email, failed to do so as no email was received  Although the username was same, the password despite repeated tries did not work.

forgot wordpres password

There seemed to be no way to login, as the username and password did not match and the forgot password email never reached. Fearing the worst and a hacking event, I was reminded of the Emergency WordPress Password Reset Script which I have used once earlier, and would like to share my experience of how it works. There are other ways using the MySQL Command Line, PHPMyAdmin which you can try first if you have access to these tools on your hosting server.

Advertisements

Emergency Password Reset Script

Here is the emergency script code  on the official WordPress site. Simply copy the code and paste in a simple text editor like Notepad. Save the file as emergency.php. Then upload this file via FTP to the root of your WordPress installation (This assumes you still have FTP access to your server). So if your WordPress is installed under domain.com, you now need to visit domain.com/emergency.php

Here is what form screen you are greeted with.
wordpress emergency script

Simple enter your same username (this assumes you remember the username) and the new password. Since you have to type the password only once, remember it well (and do not forget the CAPS LOCK key is off). Once you update options, you are greeted with the following message –

password changed

Well the new password again never reached. But you can now login at domain.com/wp-admin and type your username and new password. You should now be able to login.

Why did it happen? We did not change the password but it stopped working. Don’t know why.

Why did the email never reach? When we checked into Users> Profile, there was the email of an ex-admin user!! (he was getting  our password reset emails!) This was a very important lesson learnt and fortunately we were able to recover the password reset the password.

WARNING: It is very important that you now delete emergency.php file on your server right away. Anyone else can simply type your url and reset password of your WordPress blog.

Note: the script message is very clear that it may not work for you and you should use it AT YOUR OWN RISK as a last resort. We and the script makers take no risk and liability for something going wrong on your site by using this script.

2 comments on “How to Use Emergency WordPress Password Reset Script

  1. Carl says:

    Looks straightforward, I usually reset it through database and never had any issue with that.

  2. Never face such a issue but thanks for bring it in front of us so we can next time make sure for such a thing. Though it is at own risk it appears that one should take risk to protect one self from such a disaster

Leave a Reply

Your email address will not be published. Required fields are marked *

css.php