How do I change the password for a MySQL database?
You can change the password for an existing MySQL database using your account management control panel.
On this page:
- Changing the password
- Remember to update your script configuration files
- A warning about password security
- Change a password within MySQL
Changing the password
To change the password:
- Login to the “My Account” control panel (having trouble?)
- Click MySQL Databases
- Locate the database you want to change and click Change
- Type the new password (twice) in the boxes and click Save
Your database will use the new password within two minutes.
Remember to update your script configuration files
If any scripts on your Web site use the database, you’ll need to tell the script about the new password. If you don’t, the script won’t be able to use the database and won’t work any more.
Different scripts have different ways of storing the password, but in many cases, it’s stored in a file named something like “config.php”. (WordPress uses a file named “wp-config.php”, for example.) You’ll need to put the new password in the correct file and publish it to your site.
A warning about password security
Never use the same password for MySQL and something else (for example, don’t use the same password as your master account password, or your e-mail password, or your online banking password).
That’s because you’ll probably have to put the MySQL password in a “plain text” configuration file on your Web site so that your script can find it. If your script has a programming bug (“security vulnerability”), it might be possible for a “hacker” to see that file and read the password.
If the MySQL password is different from your other passwords, the damage that a hacker could do knowing the MySQL password is fairly limited. But if the password is the same as your other passwords, the hacker could use it to cause much more damage.
Change a password within MySQL
It’s also possible for advanced users to use the MySQL command line to change the password for a database, like this:
SET PASSWORD = PASSWORD('new_password');
Technically speaking, this does work on our systems. However, we don’t recommend doing it this way, for two reasons.
The first is that changing it within MySQL allows you to completely remove the password by doing this:
SET PASSWORD = ''; -- DO NOT DO THIS!
That allows anyone to connect to your database, which is a really bad idea. If you do this, our security systems will automatically notice and reset it to the last password you chose through our control panel.
The second reason is more subtle. Assuming you haven’t enabled remote connections to your database (and most people shouldn’t), changing the password this way when you’re connected to “localhost” does not immediately change the password for connections from other locations (and vice-versa). This means the password is different depending on where you connect to your database from. If you do this, our system will notice and force all the passwords to be changed to the new one you set — but this doesn’t happen right away, potentially causing a great deal of confusion.