Locked Out of WordPress? 4 Solutions When You Can’t Access wp-admin

Posted on September 15, 2017 by in Tips & Tricks | 16 comments

Locked Out of WordPress? 4 Solutions When You Can’t Access wp-admin

Are you currently locked out of WordPress? I can practically feel the anxiety through the screen. It’s understandable. There aren’t many more uncomfortable feelings than not being able to access your own WordPress website

However, let’s take a deep breath, ok? We will get through this. You have a backup of your site, right? Never mind that now. Instead, let’s concentrate on making things better.

In this article we will walk you through different scenarios that can result in you being locked out of WordPress. Not only that, we will also provide you with the necessary steps to get back into the WordPress dashboard. So you can start breathing normally again.

Your Password Doesn’t Work (And Recovery Doesn’t Either)

Sometimes you find yourself in the situation that your password stops working. Maybe you forgot it (which can happen if you operate several sites) or maybe someone hacked your site and changed it.

The situation gets even worse if password recovery doesn’t work either. When that happens, the only chance you have is to reset your password in the WordPress database. Don’t worry, it’s not as hard as it sounds.

Access the Database via phpMyAdmin

To reset your password, you need to access your WordPress database first. This typically happens through phpMyAdmin, which gives you nice interface to do so. Your hosting provider should give you access to it.

Once there, find the wp_users table. Note, the name might be different in case you changed your database prefix during installation, however, it should still end in _users.

wp_users table in wordpress database

Here’s where WordPress saves all users, so when you click on it, you should find a list of all user profiles present on your site.

Change User Password

To change your password click Edit next to your username. In the next screen, find the user_pass field. This is where your user password is saved. However, since it is encrypted, the field will only show gibberish.

encrypted user password inside phpmyadmin

To create a new password, just delete what is in there and write down your new password. However, and this is important, before hitting Save at the bottom, make sure you pick MD5 from the drop-down menu named Function in the middle.

create new wordpress user password inside phpmyadmin

Doing so ensures your password is encrypted again. After that, it’s time to save. If this was the problem, you should now no longer be locked out of WordPress and be able to access wp-admin again.

Locked Out of WordPress Due to Too Many Login Attempts

An excellent way to prevent brute force attacks (where hackers use software to automatically try to guess your username and password) is to limit login attempts. The problem: This can also lock you out by accident.

In fact, that very thing happened to me because I forgot to white list my new IP address with the security plugin I was using. Here’s how to deal with it.

Disable the Lockout in Your Database

If you encounter this problem, you can usually find help with the makers of your security plugin. For example, in my case iThemes Security saves all logged out users in the database under wp_itsec_lockouts and I could just delete the lock on my user name.

That way, I got access to the WordPress backend again, where I could then white list my IP address to avoid problems like this in the future.

If you suspect your security plugin has you locked out of WordPress, google your its name plus “locked out” or a similar search phrase do find a solution. It might be just as easy to remedy as it was for me.

Last Resort: Disable Your Security Plugin

If you can’t find anything for your particular security solution, there’s also a last resort by disabling the plugin completely. For that, establish a connection to your FTP server (for example, via FileZilla) and access your plugins folder inside wp-content.

Once there, you can deactivate your security plugin by renaming its directory. After that, it’s time to try if you are still locked out of WordPress. If you have access again, make sure to take steps to prevent this from happening again as mentioned above.

You Lost Your Admin Privileges

Another thing that might happen when someone hacks your site is that you find yourself without admin privileges. That mean you are able to log into WordPress but have no access to important menus like Plugins and Themes. Of course, that’s also not an ideal situation. However, luckily, the solution is also not too complicated.

Create a New User

In this case, again, the first step is to access database and navigate to wp_users. Once there, click Insert at the top.

create new wordpress admin user in phpmyadmin

This lets you create completely new user. Here’s what you need to fill in to do so:

  • ID — You can input any number here as long as it isn’t in use yet. A good way is to count how many users are currently on your site and set the ID to that number plus one. Whatever number you use, remember it for the steps further below!
  • user_login — This is your WordPress login, pick anything except admin.
  • user_pass — As we have settled before, this is your user password. Input a save password and don’t forget to set MD5 under Function.
  • user_nicename — A nicer version of your user name. Shows up in the WordPress backend and on your website, so pick something you are comfortable with others seeing it.
  • user_email — Enter the email address that you want to associate with that user.
  • user_registered — Pick the current date.
  • user_status — Set or leave to 0 (zero).
  • display_name — The name of the user as displayed on the website.

Once you are done, hit Go at the bottom to save the user.

Configure User Meta

From here, we will now go to the table called wp_usermeta. You should be able to access it from the left hand side. Here, again, click Insert to get to this menu:

create wordpress admin user user meta

Then fill it in like this:

  • unmeta_id — You can leave this blank, it will be generated automatically.
  • user_id — Enter the ID number you configured earlier.
  • meta_key — Here, write wp_capabilities.
  • meta_value — Enter a:1:{s:13:”administrator”;b:1;}.

Again, hit Go to save your input. After that, click Insert again and fill in the settings with the following information:

  • unmeta_id — Leave this blank, again.
  • user_id — Enter the ID number from before.
  • meta_key — This time, input wp_user_level.
  • meta_value — Enter 10.

Save and you should now be able to log back in to WordPress with your new user. When you do, the first thing to do is edit your user profile (upper right corner, pick Edit My Profile) to make sure everything is as it should be. After that, it’s time to deal with the potential hack.

The Dreaded White Screen of Death

Another reason to be locked out of WordPress can also be the White Screen of Death. As the name suggests, this is when you try to access your WordPress website and all you get is a blank white screen. While that’s doubly terrifying, there are ways to deal with it.

Deactivate Your Plugin(s)

One common reason to experience WSoD is a malfunctioning plugin. A quick test to see whether that is the case is to access your FTP server, navigate back to the plugins folder and this time rename the entire folder.

Doing so will completely deactivate all plugins on your site. If your site comes back, it was indeed the fault of one of them.

To troubleshoot, you can now name the plugins folder back to its original name and then reactivate your plugins from WordPress backend one by one until you have found the culprit.

Of course, if you already have an inkling which one might be the plugin at fault, you can also start off by only deactivating that.

Check Your Theme

If the above didn’t solve the problem, your theme might be at fault. To see if that is the case, go to the themes folder. Before you do anything further, download the folder so you have a backup for later.

Then, make sure you have a default theme installed. That means one of the Twenty Something series. If you don’t, just download, unpack and upload one into your themes folder.

After that, rename your active theme’s directory. This will deactivate it and cause WordPress to automatically switch to the default theme. If this fixes the issue, your theme is probably at fault and you need to find the problem.

Increase Your Site’s Memory Limit

Insufficient server memory can also cause the White Screen of Death. There are several things you can do, however, they are beyond this article. Refer to this guide instead to increase the memory limit of your WordPress website. For more solutions for the White Screen of Death, check this article.

Locked Out of WordPress Because of a PHP Parse Error

A tricky thing about websites is that even small things such as a missing semicolon or similar can take them out of commission.

locked out of wordpress due to php parse error

If you find yourself locked out of your WordPress site with a screen similar to above, it’s usually after you inserted a code snippet in one of your files. Especially beginners often use the built-in WordPress editor to do so and then find themselves without means to reverse their actions.

Thankfully, it’s pretty easy to come back from this as long as you remember where you included the snippet (usually functions.php). If you do, you can simply connect to your site via FTP and edit the with a code editor (my favorite is Notepad++). Take out the code snippet you inserted before, re-upload the file and you should be able to access WordPress again.

Did You Make it Back Into Your Site?

Being locked out of WordPress is high on the list of every website owner’s nightmares. Not having access to your site is not a situation anyone likes to be in. Thankfully, there are solution to every problem, including the inability to log into WordPress.

Above, we have covered how to get back into your site if the lockout is caused by faulty password, too many login attempts, lost admin privileges, the White Screen of Death and PHP parse errors. If your problem was included, you should now be safe and sound back in the WordPress backend. Congratulations!

However, if you experienced other problems with being locked out of WordPress that we didn’t include here, please share in the comment section below.

Were you ever locked out of WordPress for a reason not mentioned above? Please let us know the cause and how you solved it in the comments section below!

Article thumbnail image by Jiw Ingka / shutterstock.com

16 Comments

  1. That was certainly a timely article – I just got locked out because of a theme update (Divi), but did manage to get back up and running. And, I got timely support from you guys, so I’m not griping. WordPress can be a little intimidating. Glad to see some workarounds – thanks!

    • Hi,

      I’m also locked out from my site. What have you done to get it working.

      Thanks 🙂

  2. Anyone have any suggestions on a WordPress.com site? I have an old blog that I can’t access anymore because I don’t have that old email address. Can’t email WordPress for help, can’t reset the pass because I can’t access the email…but the blog’s mine and I could even prove it.

    • Very easy, just use the cPanel and under the table wp_users, change your email address. Now reset your password throu login interface , lost password.
      And good luck 😉

  3. I’m currently locked out with the maintenance message permanently displayed, can’t access anything except through ftp.

    • When this happens to me, I just delete the “maintenance” file in the root directory using FTP. Your case may be more involved if you already tried that. Good luck!

  4. Thanks a lot, Nick, for this definitive guide and extremely useful and clear tutorial. I add this in my favorites.
    Alberto

  5. If you get too many redirects when trying to access wp-admin, something to check are the folder permissions. I’ve been experiencing that when moving sites from one host to another.

  6. My problem yesterday was not being able to access the login page. Kept redirecting to “page not found” or “Forbidden”. Front-end worked – was able to see the sites. After trying all the usual things – disabling plugins, deleting the htaccess file, checking wp-config file, etc…. nothing was working.

    Since I was unable to get to any of my sites on this one server I assumed it was a server issue. I checked with my hosting company. They were able to reach login pages for my sites. Which meant it was something on my end. I was able to reach the login page of one site out of 8 on that server. I was also able to reach login page on my other sites which used a different host – so I ruled out malware (also ran scans). My Sherlock Holmes skills are lacking. Why can I access one site but not others? Why can others access login pages but not me?

    The hosting company thought it may be a router caching issue so I unplugged the modem/router (all in one). Did not fix it. Emptied all browser caches. Nata. Tried using the incognito browser to avoid caching issues. Doesn’t work – still get page not found after typing sitename.com/wp-admin.

    I had accessed these sites in the past – no problems. So this is new. Hosting company white-listed my IP – so that isn’t being blocked.

    Update: I just checked my sites and am now able to login to backend now. Go figure!

    I don’t know if anything was done on the hosting end or if caching expired or what. I’ll leave the above in this post in case anyone else runs into this, they will know they aren’t alone. Wish I knew the solution.

    • This sounds likea browser caching issue / router redirection issue.

      I am sometimes running into this after a domain that was redirecting is now pointing to a new directory. My solution is to try and access something more specific in the backend, like yoursite.com/wp-admin/post.php

      The browser / router cache is then not kicking in and it often works. 🙂

      • Thanks, Oliver! I’ll give that a try if it happens again. I thought clearing my browser cache and rebooting the router would be enough. I’ll try your solution next time. Thanks.

  7. Thanks Nick this post saved my day.

  8. I changed the site where we login to do admin things and now I cannot access any of my wordpress back office. I added a few words to the login webpage so it was not the same as our site address and I am not sure I was supposed to do that. I know just enough about computers to get in trouble. Please tell me there is a way to access it again. Is there a backdoor to get in? I have tried the admin site and because I changed it I cannot login there either. Even when I get a login screen it does not accept my information and sends me to a broken link.

    • I changed it to westendacademy.org/wordpress and it is a broken link.

      • I tried logging in to another screen like you mentioned above but it still says error 404 the page you are searching for is unavailable.

437,821 Customers Are Already Building Amazing Websites With Divi. Join The Most Empowered WordPress Community On The Web

We offer a 30 Day Money Back Guarantee, so joining is Risk-Free!

Sign Up Today

Pin It on Pinterest