1. Your login credentials are incorrect
One of the simplest reasons that you might be locked out of WordPress is that your login credentials are incorrect. While this seems basic, it’s happened to all of us at some point or another.
You might’ve forgotten your password, another user at your site might’ve changed it for some reason (if you have multiple admins), or, in very rare situations, a malicious actor might’ve gotten a hold of your account and changed the password.
So – let’s get you a new password.
Try this first: Use the WordPress password reset feature
If your admin credentials are incorrect, your first step should be to use WordPress’ built-in password recovery feature. You should see a “Lost your password?” option on the WordPress login page:
If this feature works, you should receive an email that lets you reset your password and log in. If the password reset feature doesn’t work, no worries! You can also manually reset your password from your hosting account, it’ll just require a few extra steps.
If that fails: Manually reset your password by editing your database
If the password reset email isn’t working, you can manually change your password or create a new WordPress admin user by editing your site’s database with a tool called phpMyAdmin (which virtually all WordPress hosts offer).
There are a few steps here, so we wrote entire guides on how to do this:
- How to manually change your WordPress password via phpMyAdmin
- How to add a new WordPress admin user via phpMyAdmin
2. Your security plugin is blocking you
If you’re using a WordPress security plugin, you might be unintentionally blocking yourself. For example, many WordPress security plugins include a feature to limit login attempts by temporarily banning you if you enter an incorrect username/password too many times.
Here, you have two options:
- You can wait – usually you’ll only be blocked for a period of time before you can try again.
- You can manually deactivate the security plugin so that you can log in right away.
So how can you deactivate your security plugin if you can’t access the WordPress dashboard? You can use FTP (or cPanel File Manager, if your host has that).
To get started, connect to your site’s server. Then, navigate to /wp-content/plugins
and find the folder for your security plugin. For example, here, you can see the limit-login-attempts-reloaded
plugin. Or, you might see wordfence
, etc:
Now, just rename the folder and append -disabled
. This will automatically disable the plugin and you should be able to log in again.
Once you’ve logged in, you can rename the folder again and remove the -disabled
part. Then, you’ll be able to activate your security plugin:
3. You (or a plugin) changed your login URL
One common WordPress security tip is to change the URL of your login page, which you can easily accomplish with a variety of plugins.
It’s a great tip…until you forget the new URL and can’t access wp-admin! To fix this and reset your original WordPress login URL, you can follow the same steps as manually deactivating a security plugin:
- Connect to your server via FTP or your host’s file manager.
- Go to the
/wp-content/plugins
folder and find the folder of the plugin that’s changing the login URL. - Rename it to append
-disabled
. - Log in via the default WordPress login URL.
- Rename the folder and reactivate the plugin. Make sure to remember your custom login URL this time!
4. You’re seeing the white screen of death or 500 Internal Server Error
So far, the troubleshooting steps have been assuming that your WordPress site is functioning properly, there’s just something stopping you from accessing the WordPress dashboard.
However, another common reason why you can’t access wp-admin is that your site is experiencing some type of error. The two biggest ones are:
- White screen of death – as the name suggests, you just see a white screen with no content when you try to log in.
- Internal server error – you’ll see a message that says something like “500 Internal Server Error” when you try to log in.
5. There’s something wrong with your .htaccess file
Your site’s .htaccess file controls important functions, like redirects and how your permalinks are structured. If something goes wrong with this file, it can prevent you from accessing your WordPress dashboard. You might see something like ERR_TOO_MANY_REDIRECTS
when you try to access your dashboard in Chrome. Or, it might present as another problem.
The solution here is to delete your existing .htaccess
file and force WordPress to generate a new one.
To do that, connect to your server via FTP or cPanel File Manager:
- Download the existing
.htaccess
file to your local computer so that you have a backup. - Once you’ve backed up that existing
.htaccess
file, delete the.htaccess
file on your server.
If you can log in after deleting the file, go to Settings → Permalinks and click Save. This forces WordPress to generate a new .htaccess
file. You don’t need to change any settings – just click the Save button.
If you still can’t log in, that means the problem probably wasn’t with your .htaccess
file. You can reupload the backup version and try some of the other methods on this list.
6. Your site URL is wrong
Your site URL configures what WordPress “thinks” is your proper URL. If your site URL is wrong, you won’t be able to log in because WordPress will try to redirect you to the wrong URL when you try to access the WordPress login page.
For example, if your site is https://yoursite.com
, WordPress might try to redirect you to https://NOTyoursite.com/wp-login.php
if your site URL is wrong, which will lock you out of WordPress.
To fix this, connect to your server via FTP or cPanel File Manager. Then, edit the wp-config.php
file and add the following lines above the /* That's all, stop editing! Happy publishing. */
line:define('WP_HOME','https://yoursite.com'); define('WP_SITEURL','https://yoursite.com');
Make sure to replace https://yoursite.com
with the actual URL to your WordPress site.
Note – once you add this to your wp-config.php file, you’ll no longer be able to change your site URL from the WordPress dashboard – remember this if you need to change domain names in the future.
7. There’s something wrong with your file permissions
A less common problem has to do with file permissions on your server. If you have the wrong file permissions for the wp-login.php
file and wp-admin
folder, that can make you unable to access the WordPress dashboard.
In general, all WordPress files should be 664
(except for the wp-config.php file) and all folders should be 775
.
To check and change file permissions, you can connect to your server via FTP. Then:
- Make sure that
wp-login.php
is set to664
. - Make sure that the
wp-admin
folder is set to775
.
8. There’s something wrong with your core WordPress files
Finally, it’s rare, but there might be something wrong with the core wp-login.php
file, which is what controls the WordPress login process.
To make sure this isn’t the case, you follow these steps:
- Download the latest version of WordPress from WordPress.org
- Extract the ZIP folder
- Upload the
wp-login.php
file to your server using FTP or your host’s File Manager - When prompted, choose to overwrite the existing version of the file on your server
Still can’t access wp-admin? Last resort: restore from a backup
If all else fails, you can always try restoring your site from a working backup. While this is somewhat of a nuclear option, it might be able to fix small errors that are unique to your site.