Are you currently locked out of WordPress? I can practically feel the anxiety through the screen. Itโs understandable. There arenโt many more uncomfortable feelings than not being able to access your own WordPress website
However, letโs take a deep breath, ok? We will get through this. You have a backup of your site, right? Never mind that now. Instead, letโs concentrate on making things better.
In this article we will walk you through different scenarios that can result in you being locked out of WordPress. Not only that, we will also provide you with the necessary steps to get back into the WordPress dashboard. So you can start breathing normally again.
Your Password Doesnโt Work (And Recovery Doesnโt Either)
Sometimes you find yourself in the situation that your password stops working. Maybe you forgot it (which can happen if you operate several sites) or maybe someone hacked your site and changed it.
The situation gets even worse if password recovery doesnโt work either. When that happens, the only chance you have is to reset your password in the WordPress database. Donโt worry, itโs not as hard as it sounds.
Access the Database via phpMyAdmin
To reset your password, you need to access your WordPress database first. This typically happens through phpMyAdmin, which gives you nice interface to do so. Your hosting provider should give you access to it.
Once there, find the wp_users table. Note, the name might be different in case you changed your database prefix during installation, however, it should still end in _users.
Hereโs where WordPress saves all users, so when you click on it, you should find a list of all user profiles present on your site.
Change User Password
To change your password click Edit next to your username. In the next screen, find the user_pass field. This is where your user password is saved. However, since it is encrypted, the field will only show gibberish.
To create a new password, just delete what is in there and write down your new password. However, and this is important, before hitting Save at the bottom, make sure you pick MD5 from the drop-down menu named Function in the middle.
Doing so ensures your password is encrypted again. After that, itโs time to save. If this was the problem, you should now no longer be locked out of WordPress and be able to access wp-admin again.
Locked Out of WordPress Due to Too Many Login Attempts
An excellent way to prevent brute force attacks (where hackers use software to automatically try to guess your username and password) is to limit login attempts. The problem: This can also lock you out by accident.
In fact, that very thing happened to me because I forgot to white list my new IP address with the security plugin I was using. Hereโs how to deal with it.
Disable the Lockout in Your Database
If you encounter this problem, you can usually find help with the makers of your security plugin. For example, in my case iThemes Security saves all logged out users in the database under wp_itsec_lockouts and I could just delete the lock on my user name.
That way, I got access to the WordPress backend again, where I could then white list my IP address to avoid problems like this in the future.
If you suspect your security plugin has you locked out of WordPress, google your its name plus โlocked outโ or a similar search phrase do find a solution. It might be just as easy to remedy as it was for me.
Last Resort: Disable Your Security Plugin
If you canโt find anything for your particular security solution, thereโs also a last resort by disabling the plugin completely. For that, establish a connection to your FTP server (for example, via FileZilla) and access your plugins folder inside wp-content.
Once there, you can deactivate your security plugin by renaming its directory. After that, itโs time to try if you are still locked out of WordPress. If you have access again, make sure to take steps to prevent this from happening again as mentioned above.
You Lost Your Admin Privileges
Another thing that might happen when someone hacks your site is that you find yourself without admin privileges. That mean you are able to log into WordPress but have no access to important menus like Plugins and Themes. Of course, thatโs also not an ideal situation. However, luckily, the solution is also not too complicated.
Create a New User
In this case, again, the first step is to access database and navigate to wp_users. Once there, click Insert at the top.
This lets you create completely new user. Hereโs what you need to fill in to do so:
- ID โ You can input any number here as long as it isnโt in use yet. A good way is to count how many users are currently on your site and set the ID to that number plus one. Whatever number you use, remember it for the steps further below!
- user_login โ This is your WordPress login, pick anything except admin.
- user_pass โ As we have settled before, this is your user password. Input a save password and donโt forget to set MD5 under Function.
- user_nicename โ A nicer version of your user name. Shows up in the WordPress backend and on your website, so pick something you are comfortable with others seeing it.
- user_email โ Enter the email address that you want to associate with that user.
- user_registered โ Pick the current date.
- user_status โ Set or leave to 0 (zero).
- display_name โ The name of the user as displayed on the website.
Once you are done, hit Go at the bottom to save the user.
Configure User Meta
From here, we will now go to the table called wp_usermeta. You should be able to access it from the left hand side. Here, again, click Insert to get to this menu:
Then fill it in like this:
- unmeta_id โ You can leave this blank, it will be generated automatically.
- user_id โ Enter the ID number you configured earlier.
- meta_key โ Here, write wp_capabilities.
- meta_value โ Enter a:1:{s:13:โadministratorโ;b:1;}.
Again, hit Go to save your input. After that, click Insert again and fill in the settings with the following information:
- unmeta_id โ Leave this blank, again.
- user_id โ Enter the ID number from before.
- meta_key โ This time, input wp_user_level.
- meta_value โ Enter 10.
Save and you should now be able to log back in to WordPress with your new user. When you do, the first thing to do is edit your user profile (upper right corner, pick Edit My Profile) to make sure everything is as it should be. After that, itโs time to deal with the potential hack.
The Dreaded White Screen of Death
Another reason to be locked out of WordPress can also be the White Screen of Death. As the name suggests, this is when you try to access your WordPress website and all you get is a blank white screen. While thatโs doubly terrifying, there are ways to deal with it.
Deactivate Your Plugin(s)
One common reason to experience WSoD is a malfunctioning plugin. A quick test to see whether that is the case is to access your FTP server, navigate back to the plugins folder and this time rename the entire folder.
Doing so will completely deactivate all plugins on your site. If your site comes back, it was indeed the fault of one of them.
To troubleshoot, you can now name the plugins folder back to its original name and then reactivate your plugins from WordPress backend one by one until you have found the culprit.
Of course, if you already have an inkling which one might be the plugin at fault, you can also start off by only deactivating that.
Check Your Theme
If the above didnโt solve the problem, your theme might be at fault. To see if that is the case, go to the themes folder. Before you do anything further, download the folder so you have a backup for later.
Then, make sure you have a default theme installed. That means one of the Twenty Something series. If you donโt, just download, unpack and upload one into your themes folder.
After that, rename your active themeโs directory. This will deactivate it and cause WordPress to automatically switch to the default theme. If this fixes the issue, your theme is probably at fault and you need to find the problem.
Increase Your Siteโs Memory Limit
Insufficient server memory can also cause the White Screen of Death. There are several things you can do, however, they are beyond this article. Refer to this guide instead to increase the memory limit of your WordPress website. For more solutions for the White Screen of Death, check this article.
Locked Out of WordPress Because of a PHP Parse Error
A tricky thing about websites is that even small things such as a missing semicolon or similar can take them out of commission.
If you find yourself locked out of your WordPress site with a screen similar to above, itโs usually after you inserted a code snippet in one of your files. Especially beginners often use the built-in WordPress editor to do so and then find themselves without means to reverse their actions.
Thankfully, itโs pretty easy to come back from this as long as you remember where you included the snippet (usually functions.php). If you do, you can simply connect to your site via FTP and edit the with a code editor (my favorite is Notepad++). Take out the code snippet you inserted before, re-upload the file and you should be able to access WordPress again.
Did You Make it Back Into Your Site?
Being locked out of WordPress is high on the list of every website ownerโs nightmares. Not having access to your site is not a situation anyone likes to be in. Thankfully, there are solution to every problem, including the inability to log into WordPress.
Above, we have covered how to get back into your site if the lockout is caused by faulty password, too many login attempts, lost admin privileges, the White Screen of Death and PHP parse errors. If your problem was included, you should now be safe and sound back in the WordPress backend. Congratulations!
However, if you experienced other problems with being locked out of WordPress that we didnโt include here, please share in the comment section below.
Were you ever locked out of WordPress for a reason not mentioned above? Please let us know the cause and how you solved it in the comments section below!
Article thumbnail image by Jiw Ingka / shutterstock.com
Hi there – I accidentally saved changes on the user page – where I changed the password – without saving the new password. The Admin for this site is still set to someone I have lost touch with so I am not receiving the Lost Password reset details. How can I reenter my domain without having to go through the admin to reset my password?
Unfortunately, thereโs no other way to retrieve your credentials but to access the database and find your data. If you don’t know how to do that, you can ask assistance from your hosting provider. Just make sure to change your password once you’re able to access the admin again and this time save it. I suggest using password manager tools also like 1Password or LastPass to help you save your passwords.
I changed the site where we login to do admin things and now I cannot access any of my wordpress back office. I added a few words to the login webpage so it was not the same as our site address and I am not sure I was supposed to do that. I know just enough about computers to get in trouble. Please tell me there is a way to access it again. Is there a backdoor to get in? I have tried the admin site and because I changed it I cannot login there either. Even when I get a login screen it does not accept my information and sends me to a broken link.
I changed it to westendacademy.org/wordpress and it is a broken link.
I tried logging in to another screen like you mentioned above but it still says error 404 the page you are searching for is unavailable.
Thanks Nick this post saved my day.
My problem yesterday was not being able to access the login page. Kept redirecting to “page not found” or “Forbidden”. Front-end worked – was able to see the sites. After trying all the usual things – disabling plugins, deleting the htaccess file, checking wp-config file, etc…. nothing was working.
Since I was unable to get to any of my sites on this one server I assumed it was a server issue. I checked with my hosting company. They were able to reach login pages for my sites. Which meant it was something on my end. I was able to reach the login page of one site out of 8 on that server. I was also able to reach login page on my other sites which used a different host – so I ruled out malware (also ran scans). My Sherlock Holmes skills are lacking. Why can I access one site but not others? Why can others access login pages but not me?
The hosting company thought it may be a router caching issue so I unplugged the modem/router (all in one). Did not fix it. Emptied all browser caches. Nata. Tried using the incognito browser to avoid caching issues. Doesn’t work – still get page not found after typing sitename.com/wp-admin.
I had accessed these sites in the past – no problems. So this is new. Hosting company white-listed my IP – so that isn’t being blocked.
Update: I just checked my sites and am now able to login to backend now. Go figure!
I don’t know if anything was done on the hosting end or if caching expired or what. I’ll leave the above in this post in case anyone else runs into this, they will know they aren’t alone. Wish I knew the solution.
This sounds likea browser caching issue / router redirection issue.
I am sometimes running into this after a domain that was redirecting is now pointing to a new directory. My solution is to try and access something more specific in the backend, like yoursite.com/wp-admin/post.php
The browser / router cache is then not kicking in and it often works. ๐
Thanks, Oliver! I’ll give that a try if it happens again. I thought clearing my browser cache and rebooting the router would be enough. I’ll try your solution next time. Thanks.
If you get too many redirects when trying to access wp-admin, something to check are the folder permissions. I’ve been experiencing that when moving sites from one host to another.
Thanks a lot, Nick, for this definitive guide and extremely useful and clear tutorial. I add this in my favorites.
Alberto
I’m currently locked out with the maintenance message permanently displayed, can’t access anything except through ftp.
When this happens to me, I just delete the “maintenance” file in the root directory using FTP. Your case may be more involved if you already tried that. Good luck!
The emergency password reset script method works very well.
https://codex.wordpress.org/User:MichaelH/Orphaned_Plugins_needing_Adoption/Emergency
Anyone have any suggestions on a WordPress.com site? I have an old blog that I can’t access anymore because I don’t have that old email address. Can’t email WordPress for help, can’t reset the pass because I can’t access the email…but the blog’s mine and I could even prove it.
Very easy, just use the cPanel and under the table wp_users, change your email address. Now reset your password throu login interface , lost password.
And good luck ๐
That was certainly a timely article – I just got locked out because of a theme update (Divi), but did manage to get back up and running. And, I got timely support from you guys, so I’m not griping. WordPress can be a little intimidating. Glad to see some workarounds – thanks!
Hi,
I’m also locked out from my site. What have you done to get it working.
Thanks ๐