WordPress password reset and recovering hacked WP site

It may happens that you have lost your WordPress admin password. You are unable to reset wp password from the admin login page because the admin email address was not correct. Also you may have lost access to your email or the email is not reaching your inbox. On the other hand hackers has taken control of your WP site. They have changed your WP admin username, password and email. In this case you can not recover your admin credentials through the admin login page. In this article let me explain how you can reset admin and recover your WordPress site from hackers.

First step to recover hacked WP site

Hopefully your hosting and domain account is not hacked. If your domain is registered in different company rather than the hosting company then login to your domain account and disable the domain forwarding to your hosting to prevent further damage by the hackers. Also login to your hosting account or FTP and move all the contents to a newly created folder rather than keeping them on the configured directory. It will make your website unavailable and hackers can not login anymore to your WP website admin panel. If your domain account or hosting account has been hacked then contact the support as soon as possible. When you have access to your hosting and domain account then let us move to the next steps. You may try to change your domain and hosting account credentials to improve more security action.

Reset WP admin from the MySQL database

As you have access to your hosting account please login to your hosting account immediately. From your hosting account please find the PhpMyAdmin or Database and login to your database associated with the hacked WP site. Now browse the wp_users table on the database and here you will see users of your website and their role. Remove the additional users added by the hackers. Select your own user and here you will reset your admin. On the email box put your own email and on the password box put your new password. Select MD5 for password field. Save your data. Okay, you have reset WP password and you can now login to your WP site. You need to revert the changes you have made earlier mentioned above. You should have experience about database. Handling by inexperienced person may cause damage or deletion of your database, thereby by your website.

Make your WP site more secured from further hacking

Change the database username and password and then change the wp-config.php file with the new database credentials. Also change the default table prefix wp_ to something different like this mynewsecured_ . You may do this by using a plugin. Change your default WP login URL. Remove any suspicious plugins and scripts from your site. Always update your plugins and WP core engine.

Recover WordPress site from backup

If you have recent backup of your WP contents and database then you may restore your website and change the credentials from WP login immediately after restore to reset WP password.

Reset WP password through FTP

Login to the FTP or login the hosting panel and from the file manager download the functions.php from your active theme directory. You can find the directory from root (configured directory) >> wp-contents >> themes >> active theme name >> functions.php . Now open the file in notepad and add wp_set_password( ‘yournewpassword’, 1 ); just after the < ?php: . Now upload back the file again there. 1 is the user ID number of the wp_users table. Now login to your admin panel with new password and remove the code from the file and upload again. If you do not remove it will reset WP password each time a URL of your website is requested.

Use emergency WP password reset script

WordPress codex has a emergency script to change your password. You will find the guideline about the script usage and the scripts from Wp codex for emergency WP password reset.