Manual:Resetting passwords

There are any number of situations where a user may need to reset their password. Typically, people either forget their password or experience some kind of security breach that may have disclosed their password. For most situations, they can reset their own password using "Email new password".

In situations that are complicated by the user forgetting their account name or losing access to their email, additional measures may need to be taken by an administrator or system administrator.

Use Special:UserLogin
If you know the username for an account, you can use the "Email new password" feature on the Special:UserLogin page. To use the feature, visit the Special:UserLogin page for the relevant wiki, fill in the Username field of the form and press the 'Email new password' button. A temporary password, along with instructions on how to reset the account's password, will be sent to the email address associated with the username.

Finding the username for a given email address
If you know the email address for a user, but not their username, query the  table of the MediaWiki database to find the associated username. For example, to find the username for user@example.com, run the following query:

SELECT user_name FROM user WHERE user_email = 'user@example.com';

Use the changePassword.php maintenance script
The changePassword.php maintenance script allows system administrators to change the password for an account from the command line of the server that MediaWiki is installed on. For complete usage details, review changePassword.php. If you are already familiar with maintenance scripts, then simply run the following command:

Use Special:PasswordReset
Special:PasswordReset allows accounts with the 'passwordreset' permission to reset account passwords for the local installation of MediaWiki.

To use:


 * Type username you want to reset in box provided and click "Reset password"
 * An automatically generated password will be emailed to the user

For automatically inserting the username in links, use

Direct database modification
To reset a password you can change the value of  field, in   table. However, it's generally far easier and safer to use "Email new password" or use the changePassword.php script.

If your MediaWiki installation uses a memory cache, such as APC, memcached or Redis, then the user object is cached. Thus after making SQL changes you must flush the cache before a user can log in with the new password.

For MediaWiki Version 1.13 and above
You should choose the salted or unsalted method depending on the value of $wgPasswordSalt in LocalSettings.php

UPDATE `user` SET user_password = CONCAT(':A:', MD5('somepass')) WHERE user_name = 'someuser';
 * MySQL unsalted:

UPDATE `user` SET user_password = CONCAT(':B:somesalt:', MD5(CONCAT('somesalt-', MD5('somepass')))) WHERE user_name = 'someuser';
 * MySQL salted (make sure both instances of "somesalt" are the same):

update mwuser SET user_password = text(':A:') || MD5('somepass') WHERE user_name = 'someuser';
 * PostgreSQL unsalted:

update mwuser SET user_password = text(':B:somesalt:') || MD5(text('somesalt-') || MD5('somepass')) WHERE user_name = 'someuser';
 * PostgreSQL salted (make sure both instances of "somesalt" are the same):

For MediaWiki Version 1.12 and below
MySQL: UPDATE user SET user_password = MD5(CONCAT(user_id, '-', MD5('somepass'))) WHERE user_name = 'someuser';

PostgreSQL: UPDATE mwuser SET user_password = MD5(text("user_id") || text('-') || MD5('somepass')) WHERE user_name = 'someuser';