There are 4 places where you need to change your passwords:
- Hosting Server User Area login (often same as cpanel password)
- Admin login to WordPress Admin area
- Database passwords for MySQL DB
- FTP passwords
Make sure you generate strong passwords, and then store your passwords safely. Both of these tasks can be done in a secure, cloud-based password manager like the brilliant Lastpass
Here are steps to do each one of these:
1. Hosting Server User Area login (often same as cpanel password)
- Log in to your hosting user area. Find the place where you can change your password. E.g. Siteground > My Details (at top right) > User Area Password > Change
2. Admin login to WordPress Admin area
- The best place to change this is in your user profile inside the WordPress dashboard Admin
You can also change it in your user area e.g. SiteGround > cpanel > AutoInstallers > Softaculous > All Installations icon (brown cabinet). Sometimes the sites are not listed here though. The list does not seem to stay in sync.
3. Database passwords for MySQL DB
- Change db password using cPanel > Databases section > MySQL Databases > scroll down to the list of Current Users > find the correct one > click Set Password.
- You must then change the password to match in wp-config.php file (Cpanel > File Manager is the fastest, or you can use your FTP software such as DreamWeaver).
Note that a good security setting for the wp-config.php file is 400 rather than 644. (ManageWP Security tips). This can be done in cpanel > File Manager.
You can also change your password Authentication hash keys if you want as well. Each time you refresh that link, it generates a new set of random keys. Just copy the lines into your wp-config file and replace the existing lines. Any logged in users will need to log in again as all cookies are refreshed.
4. FTP passwords
- Go to cpanel > Files section > FTP Accounts > scroll down to the FTP Accounts list.
- Find the site in the rows, then click Set Password to change to a new password.