diff --git a/electrum/json_db.py b/electrum/json_db.py
index 38481575c..1c1841bd8 100644
--- a/electrum/json_db.py
+++ b/electrum/json_db.py
@@ -226,7 +226,7 @@ class JsonDB(Logger):
         self.data = StoredDict(data, self, [])
         # write file in case there was a db upgrade
         if self.storage and self.storage.file_exists():
-            self._write()
+            self.write_and_force_consolidation()
 
     def load_data(self, s:str) -> dict:
         """ overloaded in wallet_db """
@@ -381,10 +381,10 @@ class JsonDB(Logger):
 
     @locked
     def write(self):
-        if not self.storage.file_exists()\
-           or self.storage.is_encrypted()\
-           or self.storage.needs_consolidation():
-            self._write()
+        if (not self.storage.file_exists()
+                or self.storage.is_encrypted()
+                or self.storage.needs_consolidation()):
+            self.write_and_force_consolidation()
         else:
             self._append_pending_changes()
 
@@ -402,7 +402,7 @@ class JsonDB(Logger):
 
     @locked
     @profiler
-    def _write(self):
+    def write_and_force_consolidation(self):
         if threading.current_thread().daemon:
             raise Exception('daemon thread cannot write db')
         if not self.modified():
diff --git a/electrum/keystore.py b/electrum/keystore.py
index 72f5fb602..04529ca17 100644
--- a/electrum/keystore.py
+++ b/electrum/keystore.py
@@ -1071,6 +1071,7 @@ def hardware_keystore(d) -> Hardware_KeyStore:
 
 def load_keystore(db: 'WalletDB', name: str) -> KeyStore:
     # deepcopy object to avoid keeping a pointer to db.data
+    # note: this is needed as type(wallet.db.get("keystore")) != StoredDict
     d = copy.deepcopy(db.get(name, {}))
     t = d.get('type')
     if not t:
diff --git a/electrum/wallet.py b/electrum/wallet.py
index 76ac6a55b..96ff5e2cb 100644
--- a/electrum/wallet.py
+++ b/electrum/wallet.py
@@ -2864,9 +2864,9 @@ class Abstract_Wallet(ABC, Logger, EventListener):
         self._update_password_for_keystore(old_pw, new_pw)
         encrypt_keystore = self.can_have_keystore_encryption()
         self.db.set_keystore_encryption(bool(new_pw) and encrypt_keystore)
-        ## save changes
+        # save changes. force full rewrite to rm remnants of old password
         if self.storage and self.storage.file_exists():
-            self.db._write()
+            self.db.write_and_force_consolidation()
         # if wallet was previously unlocked, update password in memory
         if self._password_in_memory is not None:
             self._password_in_memory = new_pw