How to Perform a Mass User Password Reset in WordPress

Every website, large and small, runs the risk of being a target of hacking attempts. And when your site gets hacked, it’s advisable to change the password of every user. If you have a lot of users on the site, it can be quite daunting without a mass user password reset.

This is to make sure that whoever gained access to the website doesn’t have direct access to any account.

In this tutorial, I’ll show you how to quickly perform a mass user password reset in WordPress. It’s always better to err on the side of caution than to put your data at further risk.

Using Emergency Password Rest

Today, I’ll demonstrate a bit of the Emergency Password Email plugin. This is a simple tool that will perform a bulk password reset in WordPress automatically for you.

It’s a time saver, especially if you have a large number of accounts in the system. For instance, what if you have an eCommerce site with thousands of registered customers?

Install and activate “Emergency Password Reset.”

Emergency Password Reset

This plugin doesn’t have settings to customize. It simply adds a new function to reset passwords for all users in WordPress.

Go to Users and click, “Emergency Password Reset.”

User Password Reset

There are two options on this screen: one for donations and the other to do the mass user password reset. Click the “Reset all passwords” button.

Reset All Passwords

WordPress will send a password reset email to all of your registered users. This includes the admin account which initiated the reset. In fact, once the WordPress heartbeat pings, you’ll be logged out of WordPress as well.

Users will receive an email stating the password has been reset while providing a link they can use. This link acts just like the reset option on the login screen of WordPress.

This link will only be valid until midnight on the day the email was sent.

What if the user password reset link is invalid?

If you modified the reset password link or have certain security plugins running, you might see an invalid reset password link error.

If this is the case, the user simply needs to add their username to the login screen to request a new link. WordPress will then send the correct password reset link to the person’s registered email address.

At which point, he or she can click the new link and input the new password of their choice.

4 Ways to Keep the Site Protected

Like the saying goes, an ounce of prevention is worth a pound of the cure. By using best practices for security, you are less likely to need an emergency password reset.

However, no system is 100% infallible. The best you can do is make it far more difficult for hackers to gain access to the system. Here are several of the easiest methods to implement on the website.

Always Keep a Backup

Always keep backups of your site and data. In the worst case scenario, using something like UpdraftPlus can help you recover quickly without losing pertinent data due to hackers trying to destroy the site.

Of course, you’ll want to make sure you plug up any security holes that might be in the backup itself.

Lock Down the Site with Wordfence

Wordfence is a powerful and free security plugin that protects the site from a myriad of attacks. File scanning, brute force blocking, blacklisting and more are available in the tool.

It’ll even send you an email regarding certain types of activity regarding the site. No matter what you’re doing, you can get an instant update if there is a problem.

Enforce Complicated Passwords

A lot of problems from hackers arise when users don’t use secure passwords. Things like “123456” are incredibly common around the world. Enforce the use of unhackable passwords and practices.

While they may be more difficult to remember, it’s worth the effort if it prevents someone from gaining access to key areas of your data.

Add Two-Factor Authentication

Adding two-factor authentication makes hacking a user account far more difficult. One example of this is how you can set up to require an SMS text code as part of the login process.

Users would need their phone as well as the password of the account.

This process increases the security of a website exponentially.

There is No Such Thing as Being Too Secure

Learning how to change a WordPress password is only a stop gap. You need to practice the best security methods if you truly want to protect your site and its users. Never assume you’re doing enough to shield WordPress.

What are some of your favorite security plugins? Have you ever completed a mass user password reset on your site?

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.