Trusted WordPress tutorials, when you need them most.
Beginner’s Guide to WordPress
WPB Cup
25 Million+
Websites using our plugins
16+
Years of WordPress experience
3000+
WordPress tutorials
by experts

How to Reset Passwords for All Users in WordPress

Website security is essential for any WordPress site owner. If there is a security breach, then compromised user credentials can pose a significant risk.

At WPBeginner, we have written hundreds of tutorials about site security and data protection. And we recommend changing passwords regularly to add an extra layer of security to your website. However, the process can be time-consuming.

In this article, we will show you how to easily reset the passwords for all WordPress accounts and automatically notify users about their new passwords via email.

This will let you prioritize website security, minimize disruption, and encourage your users to maintain strong passwords for ongoing account protection.

Reset passwords for all users in WordPress

Why Reset Passwords for All Users in WordPress?

If you think that your WordPress website has been hacked, then it is a good idea to reset the passwords of all users as soon as possible. This will help prevent the hacker from accessing your website or your users’ accounts.

You should also reset passwords for users if you are migrating your site to a new host to prevent any problems with your users’ accounts during the migration process.

Resetting passwords to replace them with stronger ones is also beneficial for overall WordPress security.

Having said that, let’s see how to easily reset passwords for WordPress users.

How to Reset Passwords For All Users in WordPress

First, you need to install and activate the Emergency Password Reset plugin. For detailed instructions, you may want to see our beginner’s guide on how to install a WordPress plugin.

Upon activation, head over to the Users » Emergency Password Reset page from the WordPress admin sidebar.

Once you are there, you can start by typing the email subject for the email that will be sent to your users upon password reset next to the ‘Email Subject’ option.

Type email subject and from name before password reset

After that, type the From Name and message that will be sent to the subscribers in the email.

By default, the plugin uses the admin email address to send password reset emails to all the users. However, if you don’t want to use the administrator email, then you can type any email address of your choice into the field.

After that, just click the ‘Save Settings’ button to store your settings.

Click reset all passwords button to reset password for all users

Finally, click the ‘Reset All Passwords’ button.

The plugin will now automatically change passwords for all users (including the admin user who initiated the password reset). It will also send an email notification to all users containing their new password.

If, for some reason, the user does not get their password in the email, then they can easily recover it. All they need to do is click on the ‘Lost your password’ link on the user login page.

Click the Lost your password? link

For detailed instructions, you may want to see our WordPress tutorial on how to recover your password in WordPress.

After resetting all passwords, we recommend that you change your WordPress security keys, also known as SALTs. To learn more about them, please see our beginner’s guide on WordPress security keys and how to change them.

Changing the security keys will end all sessions for logged-in users, so if a hacked user was logged in, then they will automatically be logged out.

Bonus: How to Improve WordPress Login Security

There are a lot of things you can do to improve your WordPress login security.

First, you need to enforce strong passwords for users on your WordPress site. You can also add an extra layer of security by password-protecting your WordPress admin (wp-admin) directory.

Another common technique used by hackers is to run scripts that use random passwords in an attempt to crack your WordPress password.

One possible solution to slow down most (if not all) such attacks is by limiting login attempts or adding Google Authenticator’s 2-Step verification to your site.

You can also use Sucuri on your website. It is one of the best WordPress security plugins that helps you harden WordPress security and scan your website for common threats.

Sucuri

For more details on protecting your website, you may want to see our ultimate WordPress security guide.

We hope that this article helped you learn how to reset passwords for all users in WordPress. You may also want to see our step-by-step guide on how to back up your WordPress site and our expert picks for the most popular WordPress themes.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us. Here's our editorial process.

Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi with over 16 years of experience in WordPress, Web Hosting, eCommerce, SEO, and Marketing. Started in 2009, WPBeginner is now the largest free WordPress resource site in the industry and is often referred to as the Wikipedia for WordPress.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit - a collection of WordPress related products and resources that every professional should have!

Reader Interactions

4 CommentsLeave a Reply

  1. Mrteesurez

    Thanks for sharing this.
    If I reset password for all user, I hope all of them will receive emails and change it accordingly, but can it reset it for me also as Administrator ??

    • WPBeginner Support

      It would also reset your password :)

      Admin

  2. Richard Garuba

    Great article. Thank for exposing various ways ensuring security in WordPress website

  3. Ian

    Thanks for sharing.

Leave A Reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.