In this article I’ll show you how to generate a strong password to use for your WordPress site, and how to update WordPress to start using that newer more secure password as well.
These actions are being strongly recommended due to a recent WordPress wp-login brute force attack that has been ongoing affecting multiple web hosts.
Generate secure admin password and apply with phpMyAdmin
The following steps will walk you through logging into cPanel, using the built-in password generator to create a new strong secure password, and then applying that new password to your WordPress admin login directly via phpMyAdmin.
Below these steps, there are also instructions for updating your WordPress admin password via admin dashboard
- Login to cPanel.
Under the Preferences section, click on Password & Security.
Next click on Password Generator.
You can click on Advanced Options to control how your password is generated. Then copy the password given, and click Cancel
Click on the cPanel link at the top-left.
Under the Databases section, click on phpMyAdmin.
Click on the name of your WordPress database.
Next click on the wp_users table.
Click on Edit beside your WordPress admin user.
In the user_pass field, paste your password by pressing Ctrl – V.
From the drop-down, select MD5.
Finally click on Go.
You should now see a success message from phpMyAdmin saying the database record was updated.
Update WordPress admin password via dashboard
If you already know how to create a very secure password, or you’ve generated one using the steps above, you can also update your WordPress admin password directly in the admin dashboard. Just follow these steps and you should have your password updated and secured in no time:
- Login to your WordPress dashboard with your insecure password.
From the left hand menu, click on Users.
Hover over your admin user, then click on Edit
Scroll to the very bottom, fill out your new secure password twice, then click on Update Profile.
- You should now see that your admin profile has been updated:
You should now understand how to update your WordPress admin password, this should help ensure that your website doesn’t become compromised from the recent increase in brute force attack attempts.