The Onist

The Onist


Manually resetting your Ghost blog password via MySQL

Instructions on how to reset your Ghost blogs password via a MySQL update command.

I must make a confession. I haven't written a blog post in over a year because I had forgotten my password to log into the admin portion of my blog.  #shameEmoji

Not only had I forgotten my password but I was lazy and hadn't configured email support on the server running my blog and therefore I could not reset my password via traditional methods.  

So for over a year I did nothing except guess at the password on and off to no avail. Earlier today I sat down to reset my Ghost users password the old fashioned way by manually updating the MySQL database powering this blog.  

I found that there was very little resources on how to do this online so I figured I should share how I did it for the other unfortunate souls who my be in my position.

Resetting the Password

For this tutorial, I am going to assume you have the following:

If you don't have the following, you should resolve them first before continuing.

  1. Once you have SSH'd into your server with sufficiant privlidges, navigate to the directory of your ghost installation. In my case this was var/www/ghost.
  2. Find your production configuration file most probably named config.production.json. View and save the contents of this file as we need it later. The contents of the file should like similiar to the following:
  "url": "",
  "server": {
    "port": 1236,
    "host": ""
  "database": {
    "client": "mysql",
    "connection": {
      "host": "localhost",
      "user": "ghost",
      "password": "hashed_password",
      "database": "blog_prod"
  1. Enter the MySQL monitor via mysql -u root -p. You will be prompted for the DB admin password at this point.
  2. Set the Ghost database via USE your_db. In this example, the command would be use blog_prod.
  3. Find your user record via SELECT * from users;. Take note of id of your user as we will use this later in the update command for your user.
  4. Ghost does not store passwords in plain text (obviously). Instead it hashes your password using an NPM package known as bcrypt. This means we must enter a hashed version of your desired new password. Luckily there is a great online tool to help us with this! Open the tool, enter your new plaintext password, use the default number of hashing rounds (probably 4) and then generate your hash. It should look something like this $2a$04$Hx5JtNu4sJlvSHnzQSp7nOv.QYl9MX57p80zT.JCFTyKfCVAZWxHu. Copy this hash.
  5. We will now update your user record with this new hash. Again from the MySQL monitor, enter the following command UPDATE users SET password = '$2a$04$Hx5JtNu4sJlvSHnzQSp7nOv.QYl9MX57p80zT.JCFTyKfCVAZWxHu' WHERE id = 1;. Continuing using this example, my command would be UPDATE users SET password = '{your_hash}' WHERE id = {your_user_id};. Run the command you get a success message that shows the update password hash and a 1 row set (0.00 sec) message.

NOTE: If you are getting errors such as the following:

Try breaking up the command by entering just one SQL statement at a time. For example, first you would enter UPDATE users, press enter, then type SET password = '{your_hash}', press enter, finally type WHERE id = {your_user_id};.


If you managed to make it through the above steps your password should now be reset.  You should now be able to go to your blogs admin login portal, enter your users email and your new password and be able to log in.

I really hope this helped someone else out there.  Comment below if this either helped you or you have more questions!

Share Post
View Comments