Change MySQL Database Password In 2 Easy Steps!
by
7-layers of Security for Your WordPress Site
Your website needs the most comprehensive security to protect it from the constant attacks it faces everyday.

Need to change MySQL database password in WordPress without breaking your site? You’re in the right place.
If you’re here to strengthen password security, clean up after a security scare, or handle a site handoff properly, this is one of the passwords worth taking seriously. It can feel like a high-stakes change, especially if you are worried about downtime, but we’ll help you handle it safely.
A task like this can seem technical at first. It does not have to be confusing. We’ll keep it clear, practical, and focused on what matters.
TL;DR: There are two parts to changing your MySQL database password in WordPress. Start by updating it in your web host or cPanel, and then update the credentials in your wp-config.php file. Before you begin, take a backup, and to help protect your database from hackers, use a security plugin.
MySQL stores your posts, pages, users, settings, and other site data. WordPress needs the correct database password to reach that data. So if you change the password in one place and forget the other, you will likely see Error establishing database connection.
That is why this guide has two parts:
📝 Important: Please take a backup before you make any changes because you will be editing a core WordPress file.
1. Change password in web host or cPanel
The first part happens in your hosting account.
One quick clarification before we start. This is usually the password for the WordPress database user in MySQL. It is not your WordPress admin password. It is not always your cPanel password, either. Those credentials are often separate, and mixing them up is one of the easiest ways to get stuck.
Option 1: Web host
The exact screens depend on your hosting provider. We’re using Cloudways here, but the steps will look similar on most hosts.

Start by logging in to your hosting dashboard and opening the correct WordPress application. In Cloudways, click the Applications tab, then choose the site you want to work on. If you manage more than one site, double-check this now. It saves trouble later.
Access the database section. In Cloudways, under Access Details, find the Password section and click the pencil icon next to it.
Enter a new strong password and save it carefully. If your host offers a password generator, use it. A random password is much safer than something familiar. Keep the new password ready for the next step because WordPress will need the exact same one. A password manager helps here. Copying it into a temporary note works too, as long as you delete it afterward.
Be careful not to change the wrong credential while you are in the dashboard. Hosts often show several access details in one place.
Option 2: cPanel
If your host uses cPanel, changing the database password is usually quick. We’re using Bluehost here as the example.
Log in to your hosting account and open the advanced or cPanel area. In Bluehost, click the Advanced tab. Head to the MySQL database management screen. Scroll to the Database section and click MySQL Databases.
Find the current users section and identify the database user for your WordPress site. If several users look similar, pause and confirm the right one before changing anything.
Check your WordPress database username if you are unsure. You can confirm it in wp-config.php or in phpMyAdmin.
Open the password change option for the correct MySQL user. Click Change Password next to that username.
Set a new password or generate a strong one. Generated passwords are awkward to read, but that is exactly what makes them stronger. Save the new password and keep it safe. Click Change Password to confirm.
At this point, your MySQL user password has changed on the server. Now we need to update WordPress so the site can still connect normally.
2. Change password in wp-config.php
This is the part that tells WordPress about the new password.
The wp-config.php file stores your database connection details, including the database name, username, password, and host. It usually sits in the root folder of your site, often inside public_html.
You can update it with FTP or SSH.
If you are not very technical, WordPress FTP is usually the easier path because it gives you a visual file browser. SSH is quicker if you are already comfortable in Terminal.
Change MySQL database password via FTP client
An FTP client like Cyberduck or FileZilla makes this part easier to follow. You will need your server login details from your host, usually the host name or IP address, plus a username and password.
Open your FTP client and connect to the server. In Cyberduck, click Open Connection, choose FTP or SFTP, and enter your credentials. If SFTP is available, use that because it is more secure.
Go to your WordPress folder and find wp-config.php. This is often in public_html, though some sites use a different directory. Download a copy of wp-config.php and open it in a plain text editor. Keeping a copy of the original file gives you a quick fallback if something goes wrong.
Find the database password line in the file. It will look like this: define('DB_PASSWORD', 'Password');
Replace the old password with the new one from Step 1. Leave the rest of the line exactly as it is, including the quotes and semicolon.
Save the file and upload it back to the server. Confirm overwrite if your FTP client asks. Check your site right away in a browser. Test both the front end and /wp-admin/.
⚠️ A quick warning here. Use a plain text editor, not Word or Google Docs. And watch for extra spaces when you paste the password. Those small mistakes are surprisingly common.
Change MySQL database password via SSH
If you already use SSH, this is often the faster method. You will need your server IP and SSH username.
Open Terminal and connect to your server using your SSH credentials. Run: ssh username@ipaddress. Replace username and ipaddress with your actual details.
Move to the folder that contains your WordPress files and make sure wp-config.php is there. Use ls to list files. If needed, use cd to move into the correct directory first.
Open the config file in a command-line editor so you can update the password. For example: vi wp-config.php
Enter edit mode and find the line that contains the database password. In vi, press I, then look for: define('DB_PASSWORD', 'OldPassword');
Replace the old password with the new one exactly as it appears in your hosting panel. One wrong character is enough to cause a connection failure.
Save the file and exit the editor properly once the change is done. Press Esc, type :wq, and hit Enter.
Leave the SSH session and test the website immediately so you can catch issues early. Type exit, then open your site in a browser.
If you prefer nano, use nano. The editor is not the important part. Getting the value right is.
Troubleshooting
If the site stops loading after the password change, it is usually something small. Annoying, yes. But usually small.
If you are not sure where to start, compare the MySQL username and password in your host panel with the DB_USER and DB_PASSWORD values in wp-config.php. That usually reveals the mismatch fast.
Best practices to follow
If you are changing the database password because something feels off, this is a good time to tighten the rest of your site too.
And one more thing. If you think your site may have been hacked, changing the password is only one part of the fix. You should also scan the site, review admin users, and check for file changes you did not make.
Parting thoughts
Changing a MySQL database password in WordPress comes down to two steps. Update it in your host or cPanel, then update the same password in wp-config.php.
If you are doing this after a security issue, do not stop there. Make sure the site is clean and add protection with MalCare to help block malicious traffic and repeated bad login attempts.
FAQs
How do I change the MySQL password in WordPress?
Change the MySQL password in WordPress by updating it first in your hosting panel or cPanel, then changing the same password in wp-config.php. If the two passwords do not match, WordPress will not connect to the database.
How do I change database settings in WordPress?
Change database settings in WordPress by editing the wp-config.php file in your site’s root folder. Update values like DB_NAME, DB_USER, and DB_PASSWORD carefully, then save the file.
Where do I find user credentials on the database?
You can find WordPress user credentials in the wp_users table inside your database. Usernames are visible there, but passwords are stored as hashed values, not plain text.
What happens if I change the database password but forget to update wp-config.php?
If you change the database password but do not update wp-config.php, your site will lose its database connection. WordPress will usually show the Error establishing database connection message.
Can I change the MySQL password from phpMyAdmin?
Yes, you can sometimes change the MySQL password from phpMyAdmin, but it depends on your host permissions. For most WordPress users, changing it in the hosting dashboard or cPanel is simpler and safer.
Category:
Share it:
You may also like
-
wp_verify_nonce in WordPress: What It Checks and How to Use It Safely
By the time wp_verify_nonce shows up, your WordPress code is usually about to do something that matters. A form may save a setting. A link may delete an item. An…
-
WordPress nonce_failure: What It Means and How to Fix It
Right after the Save button fails, nonce_failure can sound like a serious WordPress problem. The message is shorter than it should be, and it tells you almost nothing about the…
-
WordPress Request Nonce Is Expired: What It Means and How to Fix It
One click should usually be enough to: save the post, submit the form, update the setting, and finish checkout. Instead, WordPress refuses the request and shows: WordPress Request Nonce Is…
How can we help you?
If you’re worried that your website has been hacked, MalCare can help you quickly fix the issue and secure your site to prevent future hacks.
My site is hacked – Help me clean it
Clean your site with MalCare’s AntiVirus solution within minutes. It will remove all malware from your complete site. Guaranteed.
Secure my WordPress Site from hackers
MalCare’s 7-Layer Security Offers Complete Protection for Your Website. 300,000+ Websites Trust MalCare for Total Defence from Attacks.

