How To Change MySQL Database Password in WordPress

Password security is often compromised because of poor passwords, so there are numerous reasons you may want to change your passwords: after a hack, if there has been some employee turnover, simply because it’s a good practice, or if you’re worried about a security breach.

Side note, if you suspect any potential security breaches scan your website now

Either way, changing your MYSQL database password is among the crucial passwords you must manage and secure. It stands as a significant linchpin and works in concert with other vital passwords such as those for user access, phpMyAdmin, and cPanel. In this article, we’ll dive into a couple of different methods you can explore and offer all the information you will need to secure your database password. 

TL;DR: There are two parts to changing your MySQL database password. Start by updating it in your web host or cPanel, and then update the credentials in your wp-config.php file. Finally, to protect your database from hackers, install MalCare

MySQL is what keeps data organized and accessible in WordPress. But to make your WordPress site work well, the site files and the database need to work together. That’s why we use a database password. 

Now, let’s talk about the database password. It’s a crucial piece of the puzzle that helps protect your website’s data. The database password is safely stored in a file called wp-config. Only by having the correct password can someone access and modify the database.

If you need to change or access the password, you usually rely on your web host or cPanel. The issue is that any changes you make there won’t automatically show up in the wp-config file. And if the passwords don’t match, you’ll see an “Error Establishing Database Connection” message, and your WordPress site won’t be accessible.

To navigate this process seamlessly, we’ve divided this tutorial into two parts:

Step 1: How to change your database password on your web host or cPanel 

Step 2: How to change your database password in the wp-config.php file using SSH or FTP

By following these step-by-step instructions, you can ensure a consistent and secure database password, enabling your WordPress site to function optimally without any connectivity hiccups.

Note: Please take a backup before you make any changes because you will be making changes to core files.

Step 1: Change the MySQL database password on Web host or cPanel

To change MySQL database password, you have two viable options: either through your web host or cPanel. The choice between the two depends on whether you have a cPanel associated with your hosting service. Rest assured, both methods will effectively update your database password. 

Option 1: Web host 

The process of changing your database password may vary depending on your web host. For the purposes of this tutorial, we’re using Cloudways as our hosting provider. The steps with your web host will be quite similar or will be in their documentation. 

Login to your Cloudways account.

Click the Applications tab at the top.

Select the application (site) that you want to change the database password for.

Head to Access Details.

Click the pencil icon near MySQL Access.

Type in the new password.

Click Save.

Option 2: cPanel

Not all web hosts utilize a cPanel for managing their hosting services. However, if yours does, you’re in luck! cPanel simplifies the process of managing various aspects of your website, including databases.  We’ve used a Bluehost cPanel for the following tutorial. 

Login to Bluehost

Click the Advanced Tab.

Scroll to the Database section and click MySQL Databases.

Scroll until you see the section for current users.

Click Change Password beside the username of the database you want to modify. You can find this name by checking what your database name is on phpMyAdmin

Add the new password or generate a new password by clicking Password Generator.

Confirm the password and click Change Password. 

Step 2: Change MySQL database password on wp-config.php

You will need to access your site files and edit this core file. It’s important to reiterate that this is a core file. So, backup your site if you haven’t already. Then use either an SSH or an FTP client to make the changes.

Option 1: FTP client

An FTP client like Cyberduck is easy but it does require your server credentials: IP address, username, and password. These credentials are usually found on your hosting dashboard. Cloudways calls them Application Credentials and Bluehost calls them FTP Accounts. Once you’ve got the right credentials, follow these steps:

Launch Cyberduck and click on Open Connection. Enter your FTP server details, including choosing FTP or SFTP, your IP address, username, and password, in the provided fields. Click Connect to establish a connection to your website’s server.

Navigate through the server directory to find the public_html folder, which typically contains your WordPress installation files. Look for the wp-config.php file within this folder.

Download the wp-config.php and open it on a text editor (e.g., TextEdit, Notepad) to make changes to the file. 

Locate the line of code that reads:

define(‘DB_PASSWORD’, ‘Password’);

Replace the existing password (‘Password’) with your new database password. Make sure there are no additional spaces or characters in the password.

After updating the password, save the changes to the wp-config.php file. Then reupload it to your server using Cyberduck. 

Go back to a browser and check if your website looks like it usually does.

Option 2: SSH

You will need your server IP address and the root credentials for SSH access. We will be using Terminal on MacOS for this tutorial.

Open Terminal (on MacOS).

Use the following command to log in through SSH:

ssh username@ipaddress

Replace username and ipaddress with your own and enter the password when prompted to.

Upon successfully logging through SSH, a new window will open. Type the following to see the list of files present:


Look for the wp-config.php file.

To edit the wp-config.php file, enter the following command:

vi wp-config.php

Upon opening the file, enter the Insert mode by pressing the I key on your keyboard.

Look for the password section on the file. It will look something like the following:

/** MySQL database password */
define(‘DB_PASSWORD’, ‘OldPassword’);

In this case, OldPassword will be your old password.

Replace ‘OldPassword’ with the new password you created in Step 1. 

Once done, press the Esc key to exit Insert mode.

To save the changes and quit the editor, enter the following command:


Type in exit to quit the SSH connection and return to your regular terminal.

Check that your website loads as normal, indicating your database can connect with your site using the updated password.


While changing your database password is essential for security, it can sometimes lead to unexpected issues. If you encounter any problems during or after the process, don’t worry, troubleshooting can help you pinpoint and resolve the underlying concerns. 

No root access: If you don’t have root access, you will need to reach out to your web host to change the credentials. 

Error establishing database connection: This is a common error when your website isn’t able to connect to your database and a common cause is that the credentials don’t match. So, check your wp-config.php file to make sure it’s all good. If that doesn’t work, check out some other ways to solve the database error. 

Best practices for password security

In today’s interconnected world, safeguarding your online accounts with robust passwords is crucial to maintaining digital security. Whether you’re managing a website or working collaboratively with team members and contract developers, following best practices for passwords can significantly bolster your overall defense against potential threats. 

Create users for contract employees that are making changes to your site.

Avoid sharing credentials with team members or contract developers.

Use a password manager for generating and storing strong, unique passwords.

Never use the same password twice across different accounts.

Avoid sharing passwords.

Do not save passwords in your browser.

Protect your site from brute force attack bots with a good WordPress firewall, like MalCare. 

In fact, there are many other features that MalCare has to protect sites from bad logins. MalCare limits bad login attempts to prevent brute force bots from bombarding the login page. It also registers bad IPs, so requests are blocked from ever reaching your site. 

Final thoughts

Maintaining online security requires proactive password management. This includes regularly updating passwords for user access and databases. By prioritizing this simple yet significant task, we strengthen digital defenses and protect sensitive data, fostering a safer online environment.

However password security is only one facet of protecting your site database from hackers. Use MalCare, a best-in-class WordPress security plugin to round out your security strategy. 


How do I change the MySQL password in WordPress?

To change the MySQL password in WordPress: 

First make the change on your cPanel or web host. This method will vary depending on our web host. 

Next, update the password in your site configuration file, wp-config.php. Locate this file in the root directory of your WordPress installation. 

Look for this line of code:`define(‘DB_PASSWORD’, ‘old_password’);` and replace ‘old_password’ with your new password. 

Save the changes. 

How do I change database settings in WordPress?

To change database settings in WordPress, including the database name, username, and password, follow these steps:

Access the wp-config.php file in the root directory of your WordPress installation.

Locate the following lines of code:

`define(‘DB_NAME’, ‘database_name’);`,
`define(‘DB_USER’, ‘database_username’);`,
`define(‘DB_PASSWORD’, ‘database_password’);`

Modify the values within the single quotes to match the new database settings you want to use.

Save the changes, and your database settings will be updated.

Where do I find user credentials on the database?

To find user credentials, log in to your hosting account, locate the database section, and access the specific database associated with your WordPress site. Within the database, you can find a table named “wp_users” or similar, which contains the user credentials, including usernames and hashed passwords. Note that passwords are hashed for security purposes and cannot be directly read in plain text. 

The post How To Change MySQL Database Password in WordPress appeared first on MalCare.

Posted in

About Us

I believe that everyone should have a mechanic that they can trust and after spending several years helping out various customers for large companies I've seen my fair share of issues.

Honesty, Integrity, and Compassion are what we share with everyone that we work with. Stop scouring the internet for help and see how we can help you today.

Our Services

Website Migrations

Plugin & Theme Updates

IDX Broker Customizations

Facebook Chatbots

DNS & Email Integrations