During a Ghost blog migration for a friend, the user password turned out to be incorrect. Fortunately, it is possible to update it directly in the database.
Ghost stores passwords hashed with bcrypt. To reset a password, you need to generate a new bcrypt hash and update the database record.
Security: Do not use a third-party website to generate the hash — you would be sending your password to an external server. Use a local method instead:
# Via Node.js (available on any Ghost server)
node -e "const bcrypt = require('bcryptjs'); bcrypt.hash('your-new-password', 10, (e, h) => console.log(h));"
# Via Python
python3 -c "import bcrypt; print(bcrypt.hashpw(b'your-new-password', bcrypt.gensalt(10)).decode())"Copy the generated hash — you will need it in a moment.
Connect to your MySQL server. Ghost users are stored in the users table of the Ghost database. Each user has a unique id — the first user created has id = 1, the second has id = 2, and so on.
Run the following SQL query to update the password:
UPDATE users SET password = '$2b$10$yVfCSRDWv0QxsIPBx1W/p.cFk3tvYlpundxM1WQOL.QwpOPN7SZHe' WHERE id = 1;Replace the hash value with the one you generated, and adjust the id to match the target user.
Once the query is applied, disconnect from the database and log in to your Ghost admin interface with the new password.
Bluesky
Reddit
X
LinkedIn