Change MySQL Database Password In 2 Easy Steps!

by

7-layers of Security for Your WordPress Site

Your website needs the most comprehensive security to protect it from the constant attacks it faces everyday.

Change MySQL Database Password

Need to change MySQL database password in WordPress without breaking your site? You’re in the right place.

If you’re here to strengthen password security, clean up after a security scare, or handle a site handoff properly, this is one of the passwords worth taking seriously. It can feel like a high-stakes change, especially if you are worried about downtime, but we’ll help you handle it safely.

A task like this can seem technical at first. It does not have to be confusing. We’ll keep it clear, practical, and focused on what matters.

TL;DR: There are two parts to changing your MySQL database password in WordPress. Start by updating it in your web host or cPanel, and then update the credentials in your wp-config.php file. Before you begin, take a backup, and to help protect your database from hackers, use a security plugin.

MySQL stores your posts, pages, users, settings, and other site data. WordPress needs the correct database password to reach that data. So if you change the password in one place and forget the other, you will likely see Error establishing database connection.

That is why this guide has two parts:

  • How to change your database password on your web host or cPanel
  • How to change your database password in the wp-config.php file using FTP or SSH

📝 Important: Please take a backup before you make any changes because you will be editing a core WordPress file.

1. Change password in web host or cPanel

The first part happens in your hosting account.

One quick clarification before we start. This is usually the password for the WordPress database user in MySQL. It is not your WordPress admin password. It is not always your cPanel password, either. Those credentials are often separate, and mixing them up is one of the easiest ways to get stuck.

Option 1: Web host

The exact screens depend on your hosting provider. We’re using Cloudways here, but the steps will look similar on most hosts.

Cloudways applications

Start by logging in to your hosting dashboard and opening the correct WordPress application. In Cloudways, click the Applications tab, then choose the site you want to work on. If you manage more than one site, double-check this now. It saves trouble later.

cloudways access details

Access the database section. In Cloudways, under Access Details, find the Password section and click the pencil icon next to it.

NordPass password generator

Enter a new strong password and save it carefully. If your host offers a password generator, use it. A random password is much safer than something familiar. Keep the new password ready for the next step because WordPress will need the exact same one. A password manager helps here. Copying it into a temporary note works too, as long as you delete it afterward.

Be careful not to change the wrong credential while you are in the dashboard. Hosts often show several access details in one place.

Option 2: cPanel

If your host uses cPanel, changing the database password is usually quick. We’re using Bluehost here as the example.

database section in cPanel

Log in to your hosting account and open the advanced or cPanel area. In Bluehost, click the Advanced tab. Head to the MySQL database management screen. Scroll to the Database section and click MySQL Databases.

Edit password for user

Find the current users section and identify the database user for your WordPress site. If several users look similar, pause and confirm the right one before changing anything.

Database creds on wp config

Check your WordPress database username if you are unsure. You can confirm it in wp-config.php or in phpMyAdmin.

Change database user pass

Open the password change option for the correct MySQL user. Click Change Password next to that username.

Set a new password or generate a strong one. Generated passwords are awkward to read, but that is exactly what makes them stronger. Save the new password and keep it safe. Click Change Password to confirm.

At this point, your MySQL user password has changed on the server. Now we need to update WordPress so the site can still connect normally.

2. Change password in wp-config.php

This is the part that tells WordPress about the new password.

The wp-config.php file stores your database connection details, including the database name, username, password, and host. It usually sits in the root folder of your site, often inside public_html.

You can update it with FTP or SSH.

If you are not very technical, WordPress FTP is usually the easier path because it gives you a visual file browser. SSH is quicker if you are already comfortable in Terminal.

Change MySQL database password via FTP client

An FTP client like Cyberduck or FileZilla makes this part easier to follow. You will need your server login details from your host, usually the host name or IP address, plus a username and password.

connect to server

Open your FTP client and connect to the server. In Cyberduck, click Open Connection, choose FTP or SFTP, and enter your credentials. If SFTP is available, use that because it is more secure.

wp config file

Go to your WordPress folder and find wp-config.php. This is often in public_html, though some sites use a different directory. Download a copy of wp-config.php and open it in a plain text editor. Keeping a copy of the original file gives you a quick fallback if something goes wrong.

Database creds on wp config

Find the database password line in the file. It will look like this: define('DB_PASSWORD', 'Password');

Replace the old password with the new one from Step 1. Leave the rest of the line exactly as it is, including the quotes and semicolon.

Save the file and upload it back to the server. Confirm overwrite if your FTP client asks. Check your site right away in a browser. Test both the front end and /wp-admin/.

⚠️ A quick warning here. Use a plain text editor, not Word or Google Docs. And watch for extra spaces when you paste the password. Those small mistakes are surprisingly common.

Change MySQL database password via SSH

If you already use SSH, this is often the faster method. You will need your server IP and SSH username.

Open Terminal and connect to your server using your SSH credentials. Run: ssh username@ipaddress. Replace username and ipaddress with your actual details.

Move to the folder that contains your WordPress files and make sure wp-config.php is there. Use ls to list files. If needed, use cd to move into the correct directory first.

Open the config file in a command-line editor so you can update the password. For example: vi wp-config.php

Enter edit mode and find the line that contains the database password. In vi, press I, then look for: define('DB_PASSWORD', 'OldPassword');

Replace the old password with the new one exactly as it appears in your hosting panel. One wrong character is enough to cause a connection failure.

Save the file and exit the editor properly once the change is done. Press Esc, type :wq, and hit Enter.

Leave the SSH session and test the website immediately so you can catch issues early. Type exit, then open your site in a browser.

If you prefer nano, use nano. The editor is not the important part. Getting the value right is.

Troubleshooting

If the site stops loading after the password change, it is usually something small. Annoying, yes. But usually small.

  • No root access: If your hosting setup does not let you change MySQL credentials directly, contact your host. Some managed hosts keep that locked down.
  • Error establishing connection to database: This usually means the values in wp-config.php do not match the actual database credentials. Check the password first, then confirm DB_USER, DB_NAME, and DB_HOST. If the error remains, look at other ways to solve the database error because the password may not be the only issue.
  • Wrong MySQL user changed: If your hosting account has several database users, make sure you changed the password for the same user listed as DB_USER in wp-config.php.
  • Syntax error in wp-config.php: If you see a blank page or PHP error instead of a database connection error, the config file may have been edited incorrectly. Compare it to your backup.
  • Changes not showing up right away: Browser or server caching can make old errors linger. Hard refresh the page or test in an incognito window before assuming the fix failed.
  • Changed the wrong password entirely: Your hosting login, cPanel password, phpMyAdmin access, and MySQL database password are not always the same thing.

If you are not sure where to start, compare the MySQL username and password in your host panel with the DB_USER and DB_PASSWORD values in wp-config.php. That usually reveals the mismatch fast.

Best practices to follow

If you are changing the database password because something feels off, this is a good time to tighten the rest of your site too.

  • Create separate accounts for contractors and team members instead of sharing one login.
  • Avoid sending passwords in plain text over email or chat.
  • Use a password manager to create and store strong passwords.
  • Never reuse passwords across hosting, WordPress, email, and database access.
  • Do not store sensitive passwords in your browser.
  • Remove old accounts that no longer need access.
  • Protect your site from brute force attack bots with a WordPress firewall, like MalCare.

And one more thing. If you think your site may have been hacked, changing the password is only one part of the fix. You should also scan the site, review admin users, and check for file changes you did not make.

Parting thoughts

Changing a MySQL database password in WordPress comes down to two steps. Update it in your host or cPanel, then update the same password in wp-config.php.

If you are doing this after a security issue, do not stop there. Make sure the site is clean and add protection with MalCare to help block malicious traffic and repeated bad login attempts.

FAQs

How do I change the MySQL password in WordPress?

Change the MySQL password in WordPress by updating it first in your hosting panel or cPanel, then changing the same password in wp-config.php. If the two passwords do not match, WordPress will not connect to the database.

How do I change database settings in WordPress?

Change database settings in WordPress by editing the wp-config.php file in your site’s root folder. Update values like DB_NAME, DB_USER, and DB_PASSWORD carefully, then save the file.

Where do I find user credentials on the database?

You can find WordPress user credentials in the wp_users table inside your database. Usernames are visible there, but passwords are stored as hashed values, not plain text.

What happens if I change the database password but forget to update wp-config.php?

If you change the database password but do not update wp-config.php, your site will lose its database connection. WordPress will usually show the Error establishing database connection message.

Can I change the MySQL password from phpMyAdmin?

Yes, you can sometimes change the MySQL password from phpMyAdmin, but it depends on your host permissions. For most WordPress users, changing it in the hosting dashboard or cPanel is simpler and safer.

Category:

You may also like


How can we help you?

If you’re worried that your website has been hacked, MalCare can help you quickly fix the issue and secure your site to prevent future hacks.

My site is hacked – Help me clean it

Clean your site with MalCare’s AntiVirus solution within minutes. It will remove all malware from your complete site. Guaranteed.

Secure my WordPress Site from hackers

MalCare’s 7-Layer Security Offers Complete Protection for Your Website. 300,000+ Websites Trust MalCare for Total Defence from Attacks.