Whether it be username or password that you cannot recall, you are not getting past the WordPress login screen without knowing both – that’s the point of login.

If the relevant credentials are known then the process is straightforward. For experienced users it’s a far too common thing to be scratching your head convinced that you entered the correct details even though the stupid computer is telling you that you got it wrong.

Below the input fields you are shown the link ‘Lost your password?‘ to help you in this eventuality. If you’re absolutely certain of the correct username then this route is the quickest way to retrieve the password.

Sometimes the frustration can be that you don’t know which part is incorrect or whether both username and password are the problem. If the username is correct and the password is wrong, the error message will say that your password was wrong. If the username was incorrect then it will say ‘Invalid Username‘.

While these messages may be helpful, the problem for some sites is that hackers can also find this information useful in acquiring login credentials and this is why sometimes the lost password link is removed from the login screen.

How to remove the 'Forgot your password?' link at WordPress Log In

Add this code snippet to functions.php:

function remove_lost_your_password($text) {
return str_replace( array(‘Lost your password?’, ‘Lost your password’), ”, trim($text, ‘?’) );
}
add_filter( ‘gettext’, ‘remove_lost_your_password’ );

So assuming you cannot access WordPress and the Lost your password? link is not available, then you will need to get into the system by another means.

The WordPress files are installed on your own computer if you are running on a localhost or on the server that is hosting your website. Either way the system files are the same and therefore the procedure is the same in both eventualities.

To access the hosting server requires yet another login screen because it has a control interface whereas the localhost server does not.

The Control Interface for managing a hosting account

This interface is installed by the hosting provider and allows you to make changes to your hosting account and manage the files on the server. cPanel, Direct Admin, Power Panel and Plesk are some of the common hosting control panel software. Here we will refer to cPanel examples because it is probably the most common.

cPanel is a Linux based web hosting control panel with a multi architecture that allows web developers, system administrators and resellers alike to manage a website and at the same time enables the hosting provider in an administrative role.

It is installed on Linux based systems (Linux in turn is a UNIX based system,) as it only runs on CentOS, Red Hat and CloudLinux and doesn’t run on Windows. CentOS is a clone of Red Hat Enterprise Linux, RHEL for short, and has long been considered a server operating system.

WebsitePanel, formerly known as DotNetPanel, was an open-source control panel built exclusively for the Windows web technology platform but it was discontinued. To install cPanel on a Windows server you would need to create a virtual server on your Windows server and use CentOS on it.

Alternatively, you would need a GNU/Linux system. GNU/Linux consists primarily of tools developed by the GNU Project. Linux. Ubuntu, Debian, Fedora and RedHat are variations of the GNU Operating System using the Linux kernel.

Enkompass is cPanel’s first and only Windows web hosting control panel and was launched in 2000. Designed to be used in a distributed server environment, Enkompass is able to manage many web servers across a Windows domain. So on Windows based servers Enkompass enables cPanel. However, development of this product was discontinued by cPanel in 2012.

So this is why we say that cPanel doesn’t run native on a Windows based environment but instead thrives on the Linux platform. Linux today runs on the top 500 largest computers in the world, it operates across governments, banks, military departments, universities and businesses. IBM uses Linux on its desktops and servers and they ran a TV advertising campaign in 2006 called ‘IBM Supports Linux 100%.’

Windows server control panels are by no means finished. There are plenty of hosting providers offering Windows based technologies as you would expect. Godaddy for example offer both cPanel and Plesk accounts.

So for the majority of people it is the hosting provider that takes care of the control interface whether that be a virtual private server or a dedicated server. Most use Apache, the most widely used web server software, as it is open source like Linux and runs on most UNIX-based OS such as Solaris, AIX and of course Linux, and even on Windows 2000.

In order for the Apache server to run a WordPress website it needs PHP running on it otherwise PHP files would simply pass to the calling computer like any other. PHP scripts must be dynamically interpreted by the web server each time they are accessed so that appropriate output can be generated. PHP support is added to Apache in the form of a PHP module.

When you purchase a hosting package you will have a username and password for that hosting providers client area where you can make transactions and manage your services such as domain names.

There are two other areas that require a username and password, one is the Log In screen for your server space, which is essentially what you are paying for. And the other is the Log In for Webmail to handle the addresses you have set up under this hosting account. Both Log Ins are handled by cPanel (or Plesk etc.)

When you’ve logged in to cPanel you’ll see the various sections that allow you to manage things. You’ll see the PHP module there which can give you helpful information about the server environment and you can create databases for WordPress installations and email accounts.

The ideas is that you create email addresses here then Log In to Webmail to read and write email and you would create a database here and then Log In to WordPress to use it.

You’re not tied to using Webmail, if you want to download email to an email program on your computer then you simply provide the program with the server details. Likewise once you’ve tied the database to WordPress you don’t get involved with it anymore, WordPress handles all the working of your site, media, and the database, this is why WordPress is described as a CMS, Content Management System.

For this example a hosting provider is running an Apache web server with cPanel for the user interface, in which case you would Log In at the cPanel screen to manage your space or Log In at a cPanel Webmail screen to send and receive email.

If you regularly use the same credentials for most logins then you will now have the same problem here at the server cPanel Log In screen, but you should be able to reset the password. If it’s the wrong username that is still preventing you, then try using any created email addresses, as these are usually used for usernames, but if this also fails then it’s time for a quick call to the hosting provider.

For a localhost setup, you always have access to the WordPress files because the installation is housed in the XAMP or WAMP server root, which is the directory/folder of /www.

Pause for a moment and collect your thoughts

Great, so you’ve sorted that out and got past the cPanel Log In screen and you’re now looking at the sections and modules. There is no cPanel on a localhost (as explained in the toggle above,) but phpMyAdmin is provided and accessible from the WAMP (Windows/Apache/MySQL/PHP) panel which looks like the image below:

Every WordPress install uses a database to keep the various components that make up pages, posts and information about plugins and the usernames and passwords of registered users. We are going to locate and examine the MySQL database that WordPress is using and retrieve our user credentials.

cPanel keeps the various modules in sections, so in cPanel look for the ‘databases’ section and select the phpMyAdmin module. phpMyAdmin is a relational database management system (RDBMS). If you have a shared hosting account then you will find all the databases here that relate to any WordPress installations that you are operating. A reseller package may well offer multiple cPanels with their own dedicated phpMyAdmin so that each of your clients can have their own closed environment.

To add speed and flexibility, relational database management systems (RDBMS), such as MySQL, store data in separate tables rather than in one giant pot. This structure makes them easily accessible and fast and because most of the information is stored in one file, they can be easily transferred for other purposes.

Inside phpMyAdmin, look to the left sidebar panel and there is a list of any databases that exist. If there is more than one database then you have to identify the one that corresponds to the WordPress install that you are investigating.

Determine the correct database in phpMyAdmin

Back at the cPanel main screen look for the ‘files’ section and select File Manager.

Now locate the WordPress root and view the file wp-config.php. Right click on it and select ‘View’.

You will see a declaration of the database name, database password and database user. Look for the following lines:

define(‘DB_NAME’, ‘wp208’);
define(‘DB_USER’, ‘webpapa’);
define(‘DB_PASSWORD’, ‘password’);

In this example the database name is wp208.

In the phpMyAdmin panel, expand the relevant database and look for a users table. The default prefix for tables in WordPress is wp_ but this is often changed, so if custom prefixes exist then look for a users table. In the above example the database wp208 is expanded and at the bottom can be seen the wp_users table.

Click on wp-users to go to yet another control panel. Generally you will see a lot of organisational structures when working with databases, such is their nature.

The first tab in the wp_users table is ‘Browse’. It contains a record for each registered user. At this screen you can recover the username and password or change it. In this example there are two users; tonyboy and admin.

But wait a minute! You’re looking at your username but what’s that elaborate password that you don’t recognise? It is your password, but the plain text has been encrypted for security in case the database is hacked.

This security feature only goes as far as protecting the existing password, as far as the database itself is concerned, hackers can change the password too if they get this far.

The WordPress Log In screen will only accept the plain text version and not the encrypted version that you see here in wp_users, you cannot simply cut & paste it from here to the login screen. Neither can you reset the password here using plain text. Yes, it will accept plain text without validating it, but ultimately it will not work because only a cyphered version is accepted.

So we need one more step, to decrypt/decypher the existing password that we see here in wp-users or we can encrypt a new one. There are many algorithms that are used for encryption security and WordPress uses the MD5 method.

What is MD5 encryption

MD5 stands for ‘Message Digest algorithm 5’. The MD5 algorithm is an extension of MD4, which was considered to be fast but not absolutely secure. MD5 is not as fast but offers higher integrity of data security.

The hash generated is often used to encrypt database passwords and this algorithm is also used for the encryption of files. An MD5 hash is composed of 32 hexadecimal characters.

Enter plain text into an encryptor to know the MD5 hash or enter a hash string into a decryptor to know the plain text equivalent. You can enter as many characters as you wish but the output hash value will always be fixed at 32 hexadecimal characters.

A good place to do this is MD5 Online. I say good because there is an MD5 Encryptor and an MD5 Decryptor there.

So now that you understand a bit more about encryption and security let’s recap and look at the example below. This time you can see two users; canada100 and admin, and you can identify their encrypted passwords in MD5 format.

If you’re on a locahost you might install Notepad++ just in case you are in this situation again and not connected to the internet, because Notepad++ has an inbuilt MD5 encryptor under Tools > MD5 > Generate.

This means the MD5 code generated in Notepad++ can be placed directly into the user_pass field in the wp_users table to effectively change the password. (you would of course use the plain text version back at the WordPress Log In screen.)

To convert a code back to plain text, IOW to decrypt it, you need a plugin like NppCrypt, an open source program that works on all versions of Notepad++. This would be useful if you wanted to keep the existing password and therefore pasting the hash into NppCrypt would reveal the plain text version.

Entering in plain text, the word ‘abracadabra’ into the MD5 Encryptor generates the following hash code:

ec5287c45f0e70ec22d52e8bcbeeb640

If we have done this correctly, we would have this hash code in our database user record, and the plain text version used in the WordPress Log In screen as demonstrated below.

WordPress Log In