I forgot my WordPress password. For the life of me, I couldn’t remember what it was, because it had always been stored in the browser cache and I never bothered to write it down anywhere. In order to reset it, I clicked the “Forgot password” link offered on the WordPress login page. However, apparently my server can’t send emails, since the password reset mail never arrived. What now?

Luckily, the server is under my control. I used PHPMyAdmin to access the WordPress database, and looked at the rows in the wp_users table. Shame – the passwords are encrypted (probably using MD5) so I couldn’t see what my original password was. Now I could just overwrite the password with a new one – properly MD5 encrypted – but I wasn’t quite sure what sort of encryption WordPress really uses.

Then I thought of something else. In the wp_users table, I found a column named user_activation_key. I figured that this must be the key that WordPress sends you in the password reset email, which I never received. If I could just figure out what link is given in the password reset email, then I could force the reset. A little googling and it turns out that the password reset email contains the link:

http://www.myserver.com/wp-login.php?action=rp&key=key&login=login

For the key, I put in the user_activation_key, and for the login, my login name. And it worked – the link opens the WordPress password reset screen and I was able to pick a new password.