Last updated 22 August 2016. Created on 11 January 2011.
Edited by rhuffstedtler, wdouglascampbell, myglobaldata_gil, ssiruguri. Log in to edit this page.

When, in Drupal 7, the password for user 1 (the administrator) is lost and the email notification or drush methods don't work, it is possible to set the password via a database query.

But first, you have to generate a password hash that is valid for your site.

Execute the following commands from the command line, in the Drupal root directory:

./scripts/ newpwd

Check the first line of this script. It will read something like #!/usr/bin/php. Confirm that the filename listed in this line is located on your machine. Typically if /usr/bin/php is not available, then /usr/local/bin/php will be.

or for Windows:

php .\scripts\ newpwd
NOTE: If you receive an error that PHP is not a recognized command then you need to add php to the system PATH. For example: ;c:\wamp\bin\php\php5.3.8\ . This will then work in the Command Prompt. Once completed right click in Command Prompt window to mark the text and copy the hash code.

NOTE: If you receive an error about include not being able to find a file, you will need to use the --root parameter to specify the root directory of your Drupal installation.

Of course, change "newpwd" to the desired password. If the password contains special characters such as a space, * or ? you must escape them, or wrap the password in quotes appropriate for the shell used.

The script will output a password hash that is valid for the site. Copy this to the clipboard or write it down somewhere; you'll need it for the next step. Be careful not to include more or less characters as the hash. These hashes look somewhat like $S$CTo9G7Lx28rzCfpn4WB2hUlknDKv6QTqHaf82WLbhPT2K5TzKzML

Then execute the following query on the Drupal database:

UPDATE users SET pass ='$S$CTo9G7Lx28rzCfpn4WB2hUlknDKv6QTqHaf82WLbhPT2K5TzKzML' WHERE uid = 1;

To execute this query it will be necessary to login to the database. This is typically done through the command line or through a GUI interface such as phpMyAdmin.

Clear flood table (Drupal 7 only)

If you have reset password either by using script or "request new password" but still receive "Sorry, there have been more than 5 failed login attempts for this account. It is temporarily blocked." then you may delete the corresponding entry in flood table.

This flood table records username and ip which has failed login attempts.

Reset using a PHP-file

No command-line access? You can reset the password using a PHP-file as well, but keep in mind that this opens the potential to a huge security issue if not handled correctly.

Pass root param

If you're on windows and you want to pass the root param to the script, you'll need this:

php -f -- --root "C:\wamp\www\" newp@ss

Anything that follows the double-dash will be passed to

Looking for support? Visit the forums, or join #drupal-support in IRC.


toni.mueller’s picture

Hello community,

I installed a Drupal7 filesystem and MySQL database dump from a preinstalled Drupal site. The site looks gorgeus, but I can't login with user1. I have no user account data for the administrator. Therefor I tried to reset the administrator password with sql-query.
After carrying out the command ./scripts/ newpwd I get no password hash.

Instead of a hash I got this one:
root@t:/var/www/x/scripts# ./ newpwd
PHP Warning: include_once(/var/www/x/scripts/includes/ failed to open stream: No such file or directory in /var/www/x/scripts/ on line 83
PHP Stack trace:
PHP 1. {main}() /var/www/x/scripts/
PHP Warning: include_once(): Failed opening '/var/www/x/scripts/includes/' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/x/scripts/ on line 83
PHP Stack trace:
PHP 1. {main}() /var/www/x/scripts/
PHP Warning: include_once(/var/www/x/scripts/includes/ failed to open stream: No such file or directory in /var/www/x/scripts/ on line 84
PHP Stack trace:
PHP 1. {main}() /var/www/x/scripts/
PHP Warning: include_once(): Failed opening '/var/www/x/scripts/includes/' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/x/scripts/ on line 84
PHP Stack trace:
PHP 1. {main}() /var/www/x/scripts/
PHP Fatal error: Call to undefined function user_hash_password() in /var/www/x/scripts/ on line 87
PHP Stack trace:
PHP 1. {main}() /var/www/x/scripts/

Could you help, please?

Thank you!

Best regards,


jimurl’s picture

Hi Toni,

I got the same error, but it appears for some reason that script is looking for the includes folder inside the scripts folder, rather than in drupal root. Not sure why that was.

To get around it, I created a symlink in the scripts folder to the includes folder:

from in scripts folder,

ln -s ../includes includes

akuma6099’s picture

I received the same error. I'm using WAMP server and am using the built in PHP bin to execute the password script. After browsing I noticed it takes an argument of --root
. You simply need to supply your drupal path and it will work correctly. ex:

C:\wamp\bin\php\php5.4.16>php.exe ..\..\..\www\scripts\ --root "C:\wamp\www" PaSsWoRd

prakashsingh’s picture

Thanks akuma6099

This hint worked for me.. another useful way of doing the same is

donkaisen’s picture

I also had the same issue. It works when you execute the command from the drupal root directory. So go to your main folder and execute the script with a relative path from the root directory./scripts/

rajatgusain’s picture

Use drupal's root directory to write the below script :
php ./scripts/ NewPassword

Note* php should be installed to execute this shell script

It will return :

password: NewPassword hash: $S$DRSUIz9NFfxOXKPveQ00UTGMzsJe62LjYvVHfYJ8I8wuy4zRqVBK

Then we just need to update this password to user table with the help of following command :

UPDATE users SET pass = '$S$DRSUIz9NFfxOXKPveQ00UTGMzsJe62LjYvVHfYJ8I8wuy4zRqVBK' WHERE uid = 1;


cesar ll’s picture

Gracias me funciono a la perfeccion

Umair Yousaf’s picture

I've follow the same procedure to get hashed password for admin user with id 1 . But still Im unable to login as admin on drupal 7

thomasmurphy’s picture

Yeah, I also got no errors but the user/pass combination has not been changed.

revathich’s picture

Thanks! this worked.

srikanth.g’s picture

drush is not available for me but this hash code update through phpmyadmin worked fine..thanks

newme154’s picture

Updated the password in phpMyAdmin and tried to log in with the new credentials. Still wont let anyone in. Any ideas? BTW, this is on my localHost.

dibyadel’s picture

I copied one of the known password in MD5 format from the DB and inseeted into the admin password. Now it is working.


d dutta

Stephen Winters’s picture

Thank you d dutta for posting your simple solution to getting a new admin password. This was so simple and so easy to do. I've spent a couple hours researching and trying various other solutions. Either they didn't work for me, or I didn't have enough knowledge to make them work. But your solution was quick and simple. Thank you again for posting this. Now I have a work admin password.

Best Wishes,

apatchforum’s picture

Great simple, quick solution!

John Ching’s picture

This solution by dibyadel is good. Might I add instructions, go to your database

table: users
column: pass
copy and paste something like this: $S$PspXfU/A1E8cel7HyncwAerf92Iet4c2nOOxhwFFNZmhJY3uPWvD’s picture

worked just fine for me on linux server

dewesh’s picture

Please use
1. For WAMP
C:\wamp\bin\php\php5.4>php.exe ..\..\..\www\scripts\ --root "C:\wamp\www" PaSsWoRd
define('DRUPAL_ROOT', getcwd());
require_once DRUPAL_ROOT . '/includes/';
echo user_hash_password('mypassword');
3. Use following link(XAMPP)


Philip.Rudy’s picture

I am getting permission denied when running


is there a workaround for this?

frazac’s picture

quoting Philip.Rudy.
permission denied.

Alireza Tabatabaeian’s picture

This is the Hash code of "Admin_12345" => $S$DifCVXg9tNtHadziyyQJQVLAaZzW5EgS6OjR56D.mk8MpNQs1II2
Copy and paste it in password column for your user and the password will be "Admin_12345", now you can enter and change your password.

grinder3011’s picture

You can easily change the password on drupal 8 at least and the command is very simple if you know your username. Lets assume your username is admin and you want to change your password to admin2, (you need to be somewhere within your drupal root directory obviously) use the following line of code:

drush upwd admin admin2

Change admin in the example above with your username you want to reset the password for and admin2 with the new password you want for your user. It is as simple as that. Haven't tried it with drupal 7 but the command is likely to be the same or similar.

masterkyle79’s picture

Thanks this was very helpful, it worked for me...

Vako’s picture

Another and safer way of changing the password is the following:
- Login to cPanel
- Open myPHPAdmin
- Expand the DB and find the table called Users
- In users, find the Admin or any user you want to reset the password for
- Edit the entry and change the email to your email
- Save and Close
- Go the {website}/user
- Click on Request new password
- Enter the username and click on Email new password button

You will get a link in your email to choose a new password.
This is safer because finding and entering the hashtag can be a hassle...