Passwords
Contents
Related
Passwords are very important to user accounts, but there may come a time when you need to change your password or maybe you forgot your password. We’re here to help.
Change Your Password
If you know your current password and would like to change it to something different follow these steps:
1) Visit your Personal Settings.
2) Scroll to the bottom of the page to the New Password area.
3) Type your new password into both boxes and click the Update Profile button when you are done.
4) Your password has been updated!
Lost Password
It is very important to keep your passwords secure and to remember them, but there might come a time when you forget a password. Follow these steps if you need to reset a forgotten password. We’ll have you back into your account in no time!
1) Visit the Lost Password Page
2) Enter your WordPress.com username or email into the text box and click Get New Password.
3) We’ll send an email to your Primary Email Address and an SMS to your SMS Number, if you specified one, to help you recover your account.
Reset Your Password Using Your Primary Email Address
An email will be sent to your Primary Email address that includes a password reset link.
Just click the link in your email, and you’ll be able to enter a new password.
Enter your new password, and you’ll be ready to go!
Reset Your Password Using Your SMS Number
We’ll send an SMS with a short code to the SMS Number you specified.
Just enter this code in the text input that appears.
Finally, set a new password. You can then login to your account using your new password.
If You Don’t Have Access To Your Recovery Methods
Lost access to your primary email address, or didn’t add an SMS number for recovery? No problem! Just click Need More Help? on the Lost Password page. We’ll prompt you for the following pieces of information:
- Account Information – If you remember your WordPress.com username or email address, enter it. If not, check I don’t know my registered email or username, and enter your blog’s web address.
- Contact Email Address – We’ll need to contact you to help you regain access to your blog. Enter your desired contact email address here. Be sure to double check your spelling!
- Proof of Account Ownership- We use a variety of information to verify your account ownership. Please provide all information that you can.
- Paypal Transaction ID – If you’ve purchased an upgrade for your blog, you can use the upgrade’s Paypal Transaction ID number to regain access to your account. You can find out how to locate a Paypal Transaction ID using this guide.
- API Key – Your WordPress.com Welcome Email may have included a WordPress.com API Key for tools like Akismet. If it did, you can provide this API key, and we’ll restore access to your account for you! If you registered for an account with Akismet, you can provide this API key as well.
- Private or Draft Post Titles – If you have a private or draft post affiliated with one of your blogs, let us know the post’s title. This will allow us to verify that you are the blog’s administrator, and have access to the administrator account.
- Extra Details – Please enter any other information you believe to be relevant.
4) We will automatically contact our Happiness Engineers to help you recover account access. They will review your account, and contact you (via the Contact Email Address you specified) with recovery options.
Security
Your security is important to us at WordPress.com. You have dedicated a lot of time and energy to developing your website, and using a strong password will help you to keep your work safe. While we handle all of the necessary backups of your content, keeping your login information secure ensures that you’ll never lose control over your online accounts.
The best way to keep your online identities secure is to use strong passwords, and a unique password for each account. If you need help, we have a few tips available for selecting a strong password for your site, including password managers to help you securely keep track of your login information.
Please note that we rely on your account email address, API key, or transaction information, if you’ve bought an upgrade, to prove your account ownership. Should you ever lose access to your account, we will need one of these pieces of information to help reset your password and prove your account ownership. For this reason, it’s important to always make sure that the email address on your account is up-to-date. You can update your email address via your Users > Personal Settings page from your Dashboard.
Signing Out
You can protect your account by signing out when you are finished working. To log out of your WordPress.com account, hover over your account name on the gray toolbar at the top right of any WordPress.com page and click on Sign Out.
This is a particularly important precaution when you are working on a shared or public computer. If you don’t sign out, someone may be able to access your account just by viewing the browser history and accessing the WordPress.com pages.
Choosing and using good passwords
Every password you use has to be easy to remember and hard to guess. A random set of numbers and characters make for a hard-to-guess password, but they’re also hard to remember. On the other hand, you’ll probably never forget your birthdate or the name of your first pet, but these make for very bad passwords, as they are increasingly easy to guess or research.
On WordPress.com, you can use very long password with any combination of letters, numbers, and special characters, so the security of your password – and by extension, of your blog – is really up to you.
To choose a memorable password that will be hard to guess, come up with a word or two that are not in any dictionary, yet are easy to pronounce. It’s easier to remember a pronounceable word then a string of random characters. Then, mix in some numbers, capital letters, or special characters.
You can also use passphrases – whole sentences, such as quotes or favorite song lyrics. Passphrases are harder to guess yet easier to remember. They take longer to type, but are considered more secure, especially if you pepper them with some random numbers and special characters.
However, even if you manage to think of a good password, it will only be as secure as the number of sites you use it on. If you always use the same password on every site you sign up for, the chances of your password getting compromised are greatly increased.
Instead of trying to keep track of dozens of passwords in your head or in unsecured text documents on your desktop, use password management software. They will lock all your information down behind one single password. If you only have to remember one password, you can make it as random and as hard to guess as you want.
These are some password managers we use ourselves:
- Keepass – Open Source, free to download and use. Available for Windows, Mac and Linux.
- LastPass – Free service with premium option. Available for all major OSs, browsers and mobile devices.
- 1Password – Paid download. Available for Windows, Mac and iOS, with support for all major browsers.
Your data – your responsibility.
Still confused?
Help us improve:
We're always looking to improve our documentation. If this page didn't answer your question or left you wanting more, let us know! We love hearing your feedback. For support, please use the forums or contact support form. Thanks!
