Still on Drupal 7? Security support for Drupal 7 ended on 5 January 2025. Please visit our Drupal 7 End of Life resources page to review all of your options.How to reset the administrator (user 1) password in Drupal 7
Drupal 7 will no longer be supported after January 5, 2025. Learn more and find resources for Drupal 7 sites
Request new password via email
You can reset your password by requesting a new password at:
http://www.example.com/user/password
or
http://www.example.com?q=user/password
You may need to find out the details with the following sql statement: SELECT name, mail FROM users WHERE uid = 1;
Recover password with Drush
Drush offers several ways of recovering the administrator's password.
Generate login-link
Drush can generate a one-time login link.
drush uli
Reset password
drush upwd --password="givememypasswordback" "admin"
drush 9:
drush upwd admin "admin123"
(where "admin" is the user name)
When blocked because of maximum attempts
When you tried several times with wrong password, additional attempts will be temporarily be blocked. Drupal stores the attempts on the flood table.
To unblock the user you need to clear the data of flood table. To do so using drush run the following command:
drush sqlq "DELETE FROM flood"This clears all flood data! So if someone else is making malicious login attempts, those will also be cleared. Make the query more-specific with a WHERE clause, if you can. Flood data is temporary, so resetting it is like setting a clock forward.
When other methods don’t work
Attempt to reset the password through the usual ways first. Use the password reset functionality if you can get the email with the password reset link. If another admin account has access to update user 1’s email address, do that so the email can be delivered. If you have ssh access, use drush uli
Follow this documentation if other options have been exhausted.
Some hosting environments do not allow SSH access to the web server where a Drupal site is installed which makes it impossible to recover the administrator account password another way. The following method should be employed as a "last resort" when the command-line based password recovery techniques do not work.
The password reset method described below uses a PHP script that must be uploaded to the web server to reset the administrator password. The ability to upload a PHP file to the server where the site is hosted is required for successful execution of this method.
Under the hood, the PHP script executes a full Drupal bootstrap in order to obtain access to the necessary functions that generate the administrative password and then update the database with the new password that you specify via the URL when you execute the script through the web browser.
Leaving this password reset script on your server after resetting the password is a security hole that enables anyone to reset your administrator password. Use this script carefully, and always delete the script after you're finished using it.
- First, create a file with a random name,
gh34tu9.phpfor example. - Copy and paste the following contents into the file, and save the file.
define('DRUPAL_ROOT', getcwd()); require_once DRUPAL_ROOT . '/includes/bootstrap.inc'; drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL); require_once DRUPAL_ROOT . '/includes/password.inc'; $newhash = user_hash_password('[CHANGE THIS PASSWORD]'); $updatepass = db_update('users') ->fields(array( 'pass' => $newhash, // Uncomment the following lines to reset the administrative username and/or email address, if necessary. // 'name' => 'admin', // 'mail' => 'yourmail@example.com' )) ->condition('uid', '1', '=') ->execute(); print "Done. Please delete this file immediately!"; drupal_exit(); - Upload the file to the root of the Drupal installation directory (i.e., where index.php, update.php, robots.txt and other files and directories exist).
- Execute the script, by requesting the file in a web browser using the following URL pattern:
http://example.com/gh34tu9.php- replace
example.comwith your actual domain name, - replace
gh34tu9.phpwith the actual file name that you specified in step one above,
- replace
- If the script executes successfully, you will see the text "Done" in your web browser. The password of the administrative account created when installing Drupal (i.e., user/1) will be changed to the value you specified.
- Test that the password works, and change it through the Drupal UI to something else that has not been saved anywhere, except for a password manager.
- Finally, delete the file from the Drupal installation root directory.
Reset administrator account username or email
If you can't remember (or simply do not know) the username of the administrator account, in the script above, change // 'name' => 'admin', to 'name' => 'admin', and the username will also be changed to “admin”. You may also reset the administrator's email address in the same way, by “uncommenting” (remove the //) the line for the email address in the script above.
Finally, don't forget to delete the file as soon as you have changed the password.
Help improve this page
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion
