Emergency Password Reset


This plugin does 3 things
1) It will check you don’t have a username called “admin” which is asking to be hacked
2) It will allow you to reset all passwords, with an password reset link sent to all users to warn them.
Following a couple of reviews from v7.0 the plugin will allow you to set the email from address, name, subject and message
3) You can also change the SALTS which forces a logout of all users.


  • The main and only screen!


  1. Upload the emergency-password-reset directory to the /wp-content/plugins/ directory.
  2. Activate the plugin through the ‘Plugins’ menu in WordPress.
  3. Click on Emergency Password Reset in the Users menu
  4. Adjust the settings as required
  5. Click on the ‘Reset Passwords’ button


How does it work?

When you click rest passwords, the plugin recreates random passwords for every user and emails them the reset password link.

Will I be secure now from a hack?

Not necessarily. We advise you change your SALTS in the wp-config.php file which will force logouts for all users. WordPress provide a tool to generate new ones.
You can now reset them automatically from the plugin Dashboard>Settings>Reset SALTs
Check out our blog post on hacked WordPress sites


March 6, 2022
Does it work? Yes. Those subscribed to my Wordpress blog got emails asking them to reset their passwords. But… 1) I was not able to set the text or add to it. The outgoing message looked like spam. The subject was okay: Password reset for [website] The body was not. It only said: We have had to reset your password on [website]. Your username is still [username], please reset your password Thanks. Had I been able to add a personal message, my legit users (a tiny percentage of the total; the rest being bot accounts) would have known it came from me. 2) I was not able to set the From address. It didn’t even go from my address at that website. Rather, it went from my primary email address. 3) Gmail looked at the large volume of emails that went out and blocked me. (And/or people who received the emails marked them as spam.) It’s been a week and I can not send any mail to gmail users (all gmail users, not just ones the email went to). I am deleting this plugin and never ever using it again.
February 18, 2022
This plugin does what it says it does. I used it after we found malware in one of the sites I migrated into my Multsite WP install. All passwords where reset and the “Password reset” email was sent to the users. Definetly helped fixing this emergency. Thanks!
April 15, 2021
Or, if it crashes, some. I’d rate it higher if you could reset passwords for only a group at a time, instead of literally every single account that has ever been made on your website. That’s sending over 2000 (useless) emails for companies using things like woocommerce!
January 24, 2019
As we all know our members may get lazy with maintaining (updating) their passwords. This really is a nice simple way of resetting everyone’s password. I have about 100 user accounts and all of my members were able to quickly and easily change their password. The Password Reset Link they receive in their email is really great! One of the other benefits of this plugin is it quickly helps you identify user accounts with defunct email addresses. I simply deleted these accounts thereby forcing users with outdated email accounts to re-register. A couple of suggestions: #1. Reset All Passwords in the morning. This gives users enough time to reset their passwords before the link expires. #2. When installing the plugin, add the following css code to your Customizer’s Custom CSS. This will nudge your users to choose strong passwords. Note – install this css code before resetting all passwords. .pw-weak { display: none !important; } I will use this plugin to force all of my members to change their passwords on an annual basis. Great job Andy!
Read all 12 reviews

Contributors & Developers

“Emergency Password Reset” is open source software. The following people have contributed to this plugin.




  • Check nonce for settings change to prevent CSRF


  • Emails sent in batches of 10 as BCC, to avoid crashes and email errors


  • Setttings to change email name, from and message


  • Translation ready


  • New username when changing from “admin” properly sanitized.


  • Don’t allow a user to reset admin username to empty field!


  • Added WordPress reset “salt keys” to secure your site – Dashboard>Settings>Reset SALTs


  • Updated deprecated functions


  • Updated reset link


  • Password reset link sent


  • Sends link to reset password page rather than new password


  • Form to change username from “admin”


  • Shows WP 4.0 compatability


  • Add Screenshot


  • Correct the title in readme.txt!


  • Initial release