Laravel is a secure and powerful PHP framework, but many developers face confusion when they need to change the admin password, especially if the password is forgotten or the admin cannot log in.
In this blog post, you will learn multiple safe and practical ways to change the admin password in a Laravel project, applicable to both XAMPP (local server) and cPanel (live server) environments.
Where Is the Admin Password Stored in Laravel?
Laravel never stores passwords in plain text.
By default:
- Passwords are stored as bcrypt hashes
- Common tables used for admin accounts:
usersadminsadmin_users
In many projects, the admin user exists in the users table with a column like:
role = adminis_admin = 1
Method 1: Change Admin Password Using phpMyAdmin (Recommended)
This is the most reliable and commonly used method, especially when:
- You forgot the admin password
- Admin login is not working
- You are working on a live server (cPanel)
Step 1: Open phpMyAdmin
- XAMPP:
http://localhost/phpmyadmin - cPanel: Login to cPanel โ Open phpMyAdmin
Step 2: Select Laravel Database
- Choose your Laravel project database
- Open the
usersoradminstable
Step 3: Locate the Admin Account
- Find the admin record using email, username, or role
Step 4: Generate a New Password Hash
Open terminal or command prompt in your Laravel project directory:
php artisan tinker
Then run:
bcrypt('NewPassword@123')
This will generate an encrypted string starting with $2y$....
Copy this hashed value.
Step 5: Update Password in Database
- Click Edit on the admin record
- Paste the hashed value into the
passwordcolumn - Save changes
โ The new admin password is now: NewPassword@123
Method 2: Change Admin Password Using Laravel Tinker
This method is useful when:
- You have project access
- You prefer not to manually edit the database
Open Tinker
php artisan tinker
If Admin Is in the users Table
use App\Models\User;
$user = User::where('email', 'admin@example.com')->first();
$user->password = bcrypt('NewPassword@123');
$user->save();
If Admin Uses a Separate Model
use App\Models\Admin;
$admin = Admin::where('email', 'admin@example.com')->first();
$admin->password = bcrypt('NewPassword@123');
$admin->save();
โ Password updated successfully.
Method 3: Reset Admin Password Using a Temporary Route
This method should be used only in emergencies.
Step 1: Add Temporary Route
Edit routes/web.php:
use App\Models\User;
use Illuminate\Support\Facades\Hash;
Route::get('/reset-admin-password', function () {
$user = User::where('email', 'admin@example.com')->first();
$user->password = Hash::make('NewPassword@123');
$user->save();
return 'Admin password changed successfully';
});
Step 2: Open the URL Once
yourdomain.com/reset-admin-password
Step 3: Remove the Route Immediately
โ ๏ธ This step is critical for security reasons.
Common Mistakes to Avoid
- Saving passwords in plain text
- Using
md5()orsha1()for hashing - Forgetting to delete reset routes
- Trying to change passwords from the
.envfile
Laravel passwords must always be stored using bcrypt or Hash::make().
Which Method Should You Use?
| Situation | Best Method |
|---|---|
| Forgot admin password | phpMyAdmin |
| Local development | Laravel Tinker |
| Live server (cPanel) | phpMyAdmin |
| Emergency one-time reset | Temporary route |
Conclusion
Changing the admin password in a Laravel project is simple if you follow the correct and secure approach.
For beginners and production servers, phpMyAdmin with bcrypt hashing is the safest method.
Always follow Laravel security best practices to keep your application protected.