How do we keep this site running? This post may contain affiliate links — the cost is the same to you, but we get a referral fee. Compensation does not affect rankings. Thanks!
There’s nothing more frustrating than updating your Drupal site only to be unable to login, and not having your admin password, therefore effectively locking you out of your site entirely. So here are some tips on how to reset your Drupal admin password.
The first thing to try is to click on the lost password link, and have the password emailed to you. There is, however, a couple of scenarios where this will fail to work:
- This won’t work if you’re unable to access the retrieve password page.
- This won’t work if you’ve stored an old, no longer in use email address for the admin user (user 1).
In these cases, there are other ways to regain access to your Drupal site. The best method depends on your Drupal version.
In the next couple steps, we will show you how to generate a hash to enter into your database to reset the password for user 1 (the admin user).
Generating a Password Hash
Because Drupal 7 stores your password in a one-way hash in your database, you can’t reverse the hash to find your password. But you can use Drupal’s built-in password function to reset it by uploading a file with the corresponding php code:
require_once DRUPAL_ROOT . ‘/includes/bootstrap.inc’;
Save this code in a file named pw-reset.php (or something similar), and upload it to your public_html folder on your Drupal site. Make sure you substitute TemporaryPassword with a password you’d like to use to regain access to your admin account. Once you’ve uploaded the file, open a browser tab and launch the code by visiting this page in your browser address bar. In this example, you would browse to example.com/pw-reset.php. This will generate a long password hash for you to enter into your Drupal database. Make note (copy) this password for the next step.
Resetting Your Admin Password Using the Hash
You’ll want to access your Drupal database for this step (typically via phpMyAdmin in cPanel for Apache/mySQL installations). Click on the users table, and under the uid column, locate the value 1 (corresponds to user 1). Do an inline edit and copy your generated hash into the corresponding pass field. Once you hit save you should be able to log into your Drupal website with the admin user (user 1) using the TemporaryPassword you specified above.
Once logged in, make sure you change your password again.
For Drupal 6, there’s a couple of alternative methods to resetting your password. The first resets your Drupal admin password (the password used by user 1), the second retrieves it. You’ll need access to your mysql database (via phpMyAdmin, for example) for both methods, but only the first one involves executing a mySQL function.
Resetting your Drupal admin password
To directly reset your password, log into phpMyAdmin and execute the following mySQL statement:
UPDATE users SET pass = md5(‘newpassword’) WHERE uid = 1;
Enter your new password in the md5 function – it will automatically be converted via a one-way hash (this is why we can’t retrieve your old password – the decryption is a one-way process). Note that for earlier versions of Drupal you may need to use SET password, instead of SET pass.
This will effectively reset the Drupal admin password for user 1. Note that you can use this to reset the password of any user, although this is typically unnecessary as you should be able to simply log in as admin user (user 1), under which you have the ability to reset any user’s password.
Retrieving your lost Drupal admin password
An alternative to resetting the password is to retrieve it. This method only applies to the second problem above, that is, you are able to access the retrieve password page, but you’re email address is outdated. To do this, simply update the email field for the admin user (user 1) in the “users” table. Unlike the password field, you can directly edit the email field without consequence. Once you’ve updated your email address for the admin user, simply go to the request password page to have your password emailed to your email address.