WPBeginner - WordPress Tutorials for Beginners

Beginner's Guide for WordPress / Start your WordPress Blog in minutes

How to Reset Passwords for All Users in WordPress

Last updated on by Editorial Staff | Reader DisclosureDisclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us.

Shares 95 Share Facebook Messenger WhatsApp

When your website gets hacked, it is recommended that you reset password for all users. This can take a long time if you have a lot of users. In this article, we will show you how to reset passwords for all users in WordPress and automatically notify them about their new passwords via email.

Video Tutorial

Subscribe to WPBeginner

If you don’t like the video or need more instructions, then continue reading.

First thing you need to do is install and activate the Emergency Password Reset plugin. Once you have activated the plugin, you can go to Users » Emergency Password Reset and click on the Reset all passwords button. The plugin will automatically reset passwords for all users (including the admin user who initiated the password reset). It will also send an email to all users containing their new password.

Reset all passwords

If for some reason, the user does not get their password in the email, then they can easily recover it. All they need to do is click on the Lost your password link on the login page. We have a detailed tutorial on how to recover your password in WordPress.

After resetting all passwords, we recommend that you change your WordPress security key also known as SALTs. Learn more about WordPress Security Keys and how to change them. Changing the security key will end all sessions for logged in users, so if a hacked user was logged in, then they will automatically be logged out.

How to Improve WordPress Login Security

There are a lot of things you can do to improve your WordPress login security. First thing would be to force strong passwords. You can also add an extra layer of security by password protecting your WordPress admin (wp-admin) directory. Another common technique used by hackers is to run scripts that use random passwords in an attempt to crack your WordPress password. One possible solution to slow down most (if not all) such attacks is by limiting login attempts. Another thing you can do is add Google Authenticator’s 2-Step verification to your site.

Last but not least, you can start using Sucuri. Here are 5 reasons why we use Sucuri.

We hope that this article helped you learn how to reset passwords for all users in WordPress. Note, this is not the same as expiring user passwords after a certain period of time. For feedback and questions, please leave a comment below.

Popular on WPBeginner Right Now!

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit – a collection of WordPress related products and resources that every professional should have!

Download Now

Reader Interactions

2 CommentsLeave a Reply

Leave A Reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.

Featured in

Copyright © 2009 - 2023 WPBeginner LLC. All Rights Reserved. WPBeginner® is a registered trademark.

Managed by Awesome Motive | WordPress hosting by SiteGround | WordPress Security by Sucuri.

I need help with…

Popular searches:

Starting a
Blog WordPress
SEO WordPress
Performance WordPress
Errors WordPress
Security Building an
Online Store