Wordpress Password Hash Generator
Generate a WordPress-compatible password hash to reset a login directly in the database when you're locked out. Enter a password or use Random, copy the hash into your wp_users table, then log in with the plain password. Fast, free, and easy.
Share on Social Media:
WordPress Password Hash Generator (Reset Login)
Locked out of WordPress, or need to reset a user's password through the database? This tool creates a WordPress-compatible password hash that you can paste into your database to set a new password quickly and safely. WordPress never stores passwords as plain text — it stores a hashed version — so updating the database directly requires a valid WordPress hash, which this tool generates for you.
How does WordPress store passwords?
WordPress hashes every password before saving it in the user_pass column. For many years it used phpass portable hashes, which begin with $P$. Newer versions of WordPress (6.8 and later) generate bcrypt hashes for stronger security, while still accepting the older $P$ format for backward compatibility. That's why a hash generated here will work: when you log in with the matching plain password, WordPress verifies it and transparently upgrades the stored hash if needed.
How do I use the tool?
- Enter your own password and generate its hash, or
- Click Random to create a strong password, then generate its hash.
Copy the generated hash and use it in your database update. Remember the plain password — that's what you'll actually log in with.
Steps to update a WordPress password in the database
- Open phpMyAdmin (or your preferred database tool).
- Connect to the database used by your WordPress site.
- Open the users table (usually wp_users — your table prefix may differ).
- Generate a hashed password with this tool and copy it.
- Update the user's
user_passfield with the hash.
Example
Replace the table name if your prefix isn't wp_:
UPDATE `wp_users`
SET `user_pass` = '$P$BXdJzbcCjLnLoXzHS645odEe/BMaBA1'
WHERE `user_login` = 'john';After updating, log in using the plain password you generated, and WordPress will handle the rest.
Is this safe to use?
Yes, when used responsibly on a site you control. A few precautions: always back up your database before editing it directly; treat the generated hash like a credential and don't share it; and prefer the normal "Lost your password?" email reset when you have access to it — the database method is for when you're locked out. Set a strong, unique password (use the Random option or our generator) and change it again from the dashboard once you're back in.
Frequently asked questions
Why doesn't WordPress just store my plain password?
Storing plain passwords is a major security risk. Hashing means that even if the database is exposed, the actual passwords aren't directly readable.
My hash starts with $P$ — is that wrong?
No. $P$ is the long-standing phpass format and is fully accepted by WordPress, including current versions that otherwise create bcrypt hashes.
Do I log in with the hash or the password?
With the plain password. The hash only goes into the database; WordPress checks your password against it at login.
I can access the dashboard — should I still use this?
No need. Change your password from the user profile screen or the email reset; the database method is mainly for lockouts.
Related tools
- Password Generator — create a strong password to hash.
- Password Strength Checker — test the password first.
- MD5 Generator — generate an MD5 hash from any text.
- WordPress Theme Detector — inspect a WordPress site's theme and plugins.