WordPress · Free tool

WordPress Password Generator with WordPress hash.

Generate a strong password or enter your own – and get the WordPress-compatible hash ($P$) you can paste into phpMyAdmin when you're locked out. Everything runs in your browser, nothing is transmitted.

20
WordPress hash ($P$ / phpass)

Paste directly into the wp_users.user_pass column (e.g. via phpMyAdmin). Valid on all WordPress versions; WP 6.8+ upgrades it to bcrypt on the next login.

Runs entirely in your browser

This tool sends nothing to a server. Password and hash are generated locally with your browser's Web Crypto API and are never stored or transmitted.

What is the WordPress hash for?

WordPress never stores passwords in plain text – it stores a hash in the wp_users.user_pass database column. If you've lost dashboard access (forgotten password, broken email delivery, hacked site), you can recover by setting the hash directly in the database.

Copy the $P$ value generated below and set it as the user_pass value of your user in phpMyAdmin (or via SQL). Then log in with the plain-text password.

UPDATE wp_users SET user_pass = '$P$…' WHERE user_login = 'admin';

Why a strong WordPress password matters

Compromised credentials are one of the most common ways WordPress sites get hacked. Bots hammer /wp-login.php around the clock with default and dictionary passwords.

A random password of at least 16 characters mixing upper/lowercase letters, numbers and symbols makes brute-force practically hopeless. Use a unique password per account and a password manager – and enable two-factor authentication.

FAQ

Frequently asked questions

01Is the generator secure?

Yes. Password and hash are created exclusively in your browser (Web Crypto API). There is no server endpoint; nothing is transmitted or stored.

02What is the WordPress hash ($P$…)?

It's the phpass "portable hash" WordPress itself uses (MD5-based, 8192 rounds). The value fits exactly into the wp_users.user_pass column and is what WordPress expects when checking a password.

03How do I set the password directly in the database?

Copy the $P$ hash, open phpMyAdmin (or your DB), and set the user_pass field of your user in the wp_users table to this value. Then log in with the plain-text password.

04Does the hash work on all WordPress versions?

Yes. The $P$ hash is accepted by all WordPress versions. From WordPress 6.8 it is automatically upgraded to bcrypt on the next successful login.

05Are my passwords stored?

No. The tool is fully client-side – whatever you generate or enter stays on your device.

WordPress trouble? We help.