What to Do If You're Locked Out of WordPress

Being unable to access your WordPress site is frustrating. But don't worry too much — there are some tried-and-true steps you can take to figure out what's going wrong and regain access to your website.

In this post, you'll learn the most common reasons for being locked out of WordPress, along with step-by-step instructions on how to fix all of these issues and get your site working again.

Here's everything that you'll find in this post:

• What does it mean to be locked out of WordPress?
• How You Can Get Locked Out of WordPress
• How to Get Back into Your Site

Let's get started.

In some situations, you might be completely locked out of your WordPress site, including both the dashboard and the front end of your site.

If you can't access any part of your WordPress site, the issue is typically some type of error rather than a problem with your WordPress account. For example, the dreaded WordPress white screen of death.

No matter your situation, you'll find the solutions in this post.

How You Can Get Locked Out of WordPress

There are a few reasons why you might be locked out of WordPress. Understanding which problem applies to your situation is essential and affects which troubleshooting steps you focus on in the next section.

Let's go through the most common reasons people get locked out of WordPress.

Lost/Incorrect Login Credentials

One of the most common reasons for being locked out of the WordPress admin is incorrect login credentials. You might forget your password. Your password might have been reset for some reason, and so on.

If you can't remember your password, you won't be able to log in to your WordPress dashboard even if everything on your site is functioning properly.

WordPress includes a built-in password reset tool, but there are also manual methods to reset your login credentials if that's not working.

Lost Admin Privileges

In some cases, your WordPress account credentials might still work, but your account will have lost its admin privileges for some reason.

That is, while you can still log in to WordPress, you can't perform actions such as adjusting settings, installing plugins, editing content, and so on.

You can diagnose this situation if you see a much more limited version of your dashboard when you log in. Here's an example.

You might also see messages such as "Sorry, you are not allowed to access this page" when you try to access certain areas of your WordPress dashboard.

Unfortunately, this can be a sign of a more serious issue, such as a hacker having access to your site. However, it can also have more innocent causes, so you don't need to automatically panic.

For example, if you hired a developer or agency to work on your site, they might've accidentally removed admin privileges from your account during their work. If this happens to you, you can manually create a new admin account by editing your database.

WordPress Security Plugins

A lot of WordPress security plugins include features to protect the WordPress dashboard and login page from malicious actors. However, if you're mistakenly caught up in this net, you might find yourself locked out of WordPress.

Here are some common issues you might have with security plugins locking you out of WordPress.

• The plugin blocked your IP address because of too many failed login attempts. Most comprehensive security plugins include a feature to limit login attempts. You also might be using a dedicated plugin such as Limit Login Attempts Reloaded.
• The plugin changed your WordPress login URL, and you can't remember the new URL. Most comprehensive security plugins also offer this feature, or you might be using a dedicated plugin such as WPS Hide Login.
• The plugin requires two-factor authentication but you lost access to the authentication method. For example, you might've enabled two-factor authentication via the Authenticator app on your phone. If you lost your phone, you would be locked out of WordPress as a result.
• The plugin has blocked your IP address via its firewall. Rather than just limiting login attempts, your security plugin's firewall might've completely flagged your IP address for some reason.

In this situation, you need to manually disable the security plugin to regain access. More on that below.

Errors That Prevent Any Site Access (or Just Dashboard Access)

A lot of WordPress errors can result in you being locked out of WordPress.

In some situations, your entire site might disappear, including the front end and the admin. Or, some errors might just cause you to be unable to access the dashboard.

Common error messages that can block you from accessing WordPress include the following:

• Error Establishing Database Connection.
• 500 Internal Server Error.
• PHP syntax errors.
• "Briefly Unavailable for Scheduled Maintenance" error.
• White screen of death.

In these situations, you'll need to fix the underlying error before you can access WordPress.

How to Get Back Into Your WordPress Site

How you get back into your WordPress site will depend on why you're locked out. Below, we'll take you through several different troubleshooting guides to fix common issues.

However, before trying any of these methods, we highly recommend that you take a backup of your site via your hosting dashboard.

Some of these methods involve editing your database or connecting directly to your server, so it's a good idea to have a recent backup in hand just in case.

If you're locked out of WordPress, you won't be able to back up your site using a backup plugin. However, your WordPress host should offer a tool or be able to help you manually create a backup without needing any access to WordPress.

1. Reset Your Password

If you're locked out of WordPress because you forgot your password or your password just isn't working for some reason, WordPress offers several ways to reset your password.

Once you reset your password, you should be able to log in again and access your dashboard.

First, you should try using WordPress' built-in password reset feature, which works by sending a message to the email address associated with your account. You can access this tool from the WordPress login page.

However, this method might not always work. For example, you might have problems with WordPress not sending emails or you might no longer have access to that email account. If this is the case, you'll need to use a slightly more technical approach to manually reset your password.

We have a complete guide that covers six different ways to change your WordPress password. For most people, however, using phpMyAdmin is the easiest of the manual approaches.

To get started, you need to access phpMyAdmin, which you should be able to do from somewhere in your hosting dashboard.

If your host doesn't use cPanel, there's still a pretty good chance your host offers phpMyAdmin. However, you might need to dig around your dashboard a bit to find it (or consult your host's support documentation).

Once you open phpMyAdmin, make sure that you've selected the database for your WordPress site. If you only have one WordPress site, this database should be selected by default.

From there, follow these steps to reset your password:

1. Select the wp_users table from the list by clicking on it.
2. Find the row for your username and click the pencil icon to “Edit” it.
3. Find the user_pass field.
4. Enter your desired password in the Value column.
5. Select “MD5” from the “Function” column drop-down to properly hash your password (so that it isn't stored in plaintext).
6. Scroll to the bottom and click “Go.”

If you no longer have access to the email account associated with your WordPress account, you can also fix that problem while you're here. Just edit the user_email field and change the email address to the new email address that you want to use.

2. Create a New WordPress Admin User via phpMyAdmin

If you can access your WordPress dashboard but your WordPress account has lost its administrator privileges, you can get around this by manually creating a new WordPress Admin user via phpMyAdmin.

Again, common signs of this are:

1. You only see very limited parts of your dashboard. For example, you can't see the “Plugins” area.
2. You see the "Sorry, you are not allowed to access this page" message when trying to access parts of your dashboard.

To get started, do the following. You can find more detailed instructions for accessing phpMyAdmin in the previous section.

1. Go to your hosting dashboard.
2. Open phpMyAdmin.
3. Make sure that you've selected your WordPress site's database.

Then, follow these steps:

1. Select the wp_users table from the list by clicking on it.
2. Click the “Insert” button at the top.
3. Fill out the information according to your preferences. When adding the password, make sure to select MD5 as per the previous section on manually resetting your password. Set the user_status to 0 and set the ID to 111 (or any value — just make sure to remember it).
4. Click “Go” at the bottom.

Next, open the wp_usermeta table on the side and do the following:

1. Click “Insert” at the top.
2. Enter 111 as the user_id (or whatever number you used in the previous step).
3. Set the meta_key equal to wp_capabilities.
4. Set the meta_value equal to a:1:{s:13:"administrator";b:1;}
5. Click “Go” at the bottom.

Then, repeat those steps and enter the following information:

• Enter 111 as the user_id (or whatever number you used in the previous step).
• Set the meta_key equal to wp_user_level.
• Set the meta_value equal to 10.

And that's it! You should be able to log in using this new WordPress account, and your account should have the Admin role.

3. Temporarily Disable Your Security Plugin via FTP or cPanel File Manager

If you're locked out of WordPress because of a feature in your security plugin, you can restore access by temporarily disabling the plugin. Once you're able to regain access to your site, you can then reactivate the security plugin or switch to a different plugin that's less likely to cause issues.

Obviously, you can't disable the plugin from your WordPress dashboard if you're already locked out of WordPress. But don't worry, that doesn't mean you don't have options.

Rather than relying on your dashboard, you can manually deactivate the plugin by connecting to your server and editing the files there.

To connect to your server, you have a few options:

• FTP/SFTP. To connect via FTP, you'll need an FTP client like FileZilla and the FTP credentials from your hosting account. All web hosts offer FTP access and you should be able to find/create these credentials from somewhere in your hosting dashboard. If you're not sure, you can reach out to your host for help or consult your host's documentation.
• cPanel File Manager. If your host uses cPanel for its hosting dashboard, you can skip FTP and just use cPanel's File Manager tool.

Here are the basic steps to take with any method. As a note, our screenshots are using FTP.

1. Connect to your server using FTP/SFTP or your host's file manager tool.
2. Navigate to …/wp-content/plugins.
3. Locate the folder that contains your security plugin. For example, if you're using Limit Login Attempts Reloaded, the folder name would be limit-login-attempts-reloaded.
4. Rename the folder and append _deactivate to the end. For example, limit-login-attempts-reloaded becomes limit-login-attempts-reloaded_deactivate. This will deactivate the plugin on your site.
5. Log in using your normal WordPress credentials. You should be able to use the default WordPress login page without any issues now, as long as your username and password are correct.

If you want to reactivate your security plugin after successfully logging into WordPress, here's what to do:

1. Go back to the tool where you edited the folder name (e.g. your FTP client).
2. Remove the _deactivate part from the end of the folder so that it has the original name again.
3. Go to the “Plugins” tab in your WordPress dashboard and reactivate the plugin.

4. Fix Any Errors That Are Blocking Your Site

If you're locked out of WordPress because you're seeing a technical error, you'll need to fix that error before you can log in again.

We have guides on how to fix the most common WordPress errors that might block you from accessing your dashboard:

• "Error Establishing a Database Connection" error troubleshooting.
• WordPress White Screen of Death troubleshooting.
• "Briefly Unavailable for Scheduled Maintenance" error troubleshooting.
• ERR_TOO_MANY_REDIRECTS error troubleshooting.
• 500 Internal Server Error troubleshooting.
• WordPress PHP memory limit troubleshooting.
• 403 Forbidden error troubleshooting.

Choose the guide that matches your issue and follow it to fix the problem. Once you fix the technical error, you should be able to log in to WordPress without any issues.

5. Restore a Backup

If all else fails, you can always restore a recent backup of your site to a time when your site was working, assuming you have one.

Nowadays, most WordPress hosts take regular backups of your site. So even if you haven't set up a dedicated backup plugin, you can reach out to your host's support to learn more about your options.

However, be aware that you'll lose any changes to your site that you made after that backup. For example, if your backup is from October 9 and you published a new blog post on October 10, that blog post would disappear when you restore your backup.

If you make changes to your site regularly, this is why it's always a good idea to try the other methods before restoring a backup.

Getting Back Up and Running

Being locked out of WordPress can be frustrating. However, with the troubleshooting tips from this post, you should now have the knowledge that you need to restore access to WordPress and get your site working.

To avoid encountering issues like this in the future, you might want to also check out our post on common challenges with WordPress.