Are you locked out of your WordPress dashboard? Can’t access WordPress admin at all? Yikes! I know that can be a scary situation. You spent all that time building your site and now you can’t even access it!
First off – don’t worry. Your site’s data should still be there safe and secure – you just can’t get at it. So, in the vast majority of cases, you’re not going to lose anything! And that should ease your anxiety a bit, I hope.
There’s more good news, too:
You have plenty of options for diagnosing and fixing the issue. And in this post, I’ll walk you step-by-step through what you can do to get back into your WordPress dashboard.
Because there are a few different scenarios for why you might be locked out of your WordPress dashboard, I’ve broken this post into different sections.
If you know exactly what’s happening to you, you can click below to jump straight to a section. If not, just read through the whole post and you should be able to fix the issue!
- Password And Password Recovery Don’t Work
- Too Many Failed Login Attempts – Locked Out By Security Plugin
- Lost Admin Privileges For Some Reason
- 500 Server Error, White Screen Of Death, Other Errors
Some of these steps involved directly editing your site’s database. For that reason, I would recommend backing up your site before performing any changes (if possible – even if you can’t access your WordPress dashboard, your host should be able to help you with a backup).
If your password doesn’t work, your first step should be to try WordPress’ built-in password recovery feature, which sends a password reset link to your WordPress account’s email:
However, sometimes that feature may not work, either because you no longer have access to that email or the functionality is just plain broken (or sometimes disabled).
If this is your situation, you still have options – don’t worry. But you will need to edit your site’s database directly to fix the issue.
Here’s how to manually reset your password by directly editing your WordPress site’s database.
To edit your site’s database at most hosts, you can use a tool called phpMyAdmin. If your host uses cPanel (which most hosts do), you should be able to access phpMyAdmin directly from your cPanel dashboard:
If not, consult your host’s support.
Once you’re in phpMyAdmin, make sure to select your site’s database (if you only have one site, you’ll see one option. Otherwise, you’ll see multiple options).
If you’re not sure about the name of your site’s database, I recommend consulting your host’s support.
Step 2: Edit User’s Table
Once you’re in your site’s database, click on the wp_users option (the prefix might be different depending on your database – for my example, it’s “wpul”):
Then, find your username by looking at the user_login column and click the Edit button for your username:
Step 3: Update Password And Apply MD5 Encoding
Now, you should see a list of fields associated with your username. Find the user_pass field. Enter your desired password in the Value field. Then – this is very important – choose MD5 from the Function drop-down.
This ensures that your password is securely stored, rather than stored in “plain text”:
Once you’re done, click Go at the bottom to update your password.
Step 4: Log In With Your Existing Username And New Password
Now, you should be able to log in to your WordPress site using your existing username and the password that you just entered in the previous step.
One common WordPress security tip is to use a plugin or tool to limit the number of login attempts a user can try. After a certain number of failed login attempts, the plugin or tool will block the person, either permanently or for a certain amount of time.
Most of the time, that extra security is good. But it’s not good if you forget your password, guess too many times, and get yourself locked out of the dashboard!
To fix this one, you’ll need to connect to your server via FTP to manually disable the security plugin that’s locking you out.
Step 1: Connect To Your Server Via FTP
To get started, use an FTP program like FileZilla to connect to your WordPress site’s server via FTP:
Your host should have a help article explaining how to use FTP if you’re not sure how to do it. For example, here’s SiteGround’s help article.
Step 2: Disable The Plugin That Limits Login Attempts
Once you’ve connected to your server via FTP:
- Browse to wp-content/plugins.
- Find the folder for the plugin that includes the “limit login attempts” functionality
- Right-click on that plugin’s folder
- Rename the folder to pluginname_disable
When you’re done, it should look like this:
Step 3: Log In To Your Account
When you rename the folder, it disables the plugin. As a result, you should now be able to log in to your WordPress account like normal as you’ll no longer be blocked.
Step 4: Rename FTP Folder To Original Name And Reactivate Plugin
Once you’ve successfully logged in, you’ll want to reactivate your security plugin so that your site is protected.
To do that, use FTP to rename the folder to its original name. Then, go to the Plugins area in your WordPress dashboard and reactivate the plugin if needed.
Another reason that you might be locked out of your WordPress dashboard is a loss of privileges. That is, your account might no longer be an Administrator account, which can happen because of a malicious actor or some mix up with another Administrator at your site.
As long as you can access your site’s hosting account and database, you can manually create a new account with Administrator privileges. Here’s how to do it…
Step 1: Edit Database Via phpMyAdmin
To get started, you’ll need to edit your WordPress site’s database via phpMyAdmin. If you’re not sure how to do that, you can follow the same steps for how to change your password via the database (this link will take you to the proper instructions – just come back here when you have your database open in phpMyAdmin).
Step 2: Edit wp_users Table
Once you’re in phpMyAdmin, find the wp_users table (it might have a weird prefix. And you might have a different list of tables than my test site):
First, check the ID column. This will be important in the next step, where you’ll need to provide a unique ID. In this example, 1 and 2 are already in use, so you would want to choose 3 for the next step:
Once you’ve figured out which number isn’t in use already, go to the Insert tab:
Step 3: Create New User Account
In the Insert interface, you can manually create a new user. Here’s how to fill it out:
- ID – Enter a number here that isn’t already in use by another user. You found this number in the previous step.
- user_login – the username this account will use to log in.
- user_pass – once you enter the password, make sure to choose MD5 from the drop-down.
- user_nicename – the public username that shows up in the WordPress backend.
- user_email – your email address.
- user_registered – pick today’s date.
- user_status – leave as 0.
- display_name – the name of the user.
Then, click Go.
Step 4: Edit wp_usermeta And Give Admin Privileges
Now, you have a new account, but it doesn’t have admin privileges yet. To give it admin privileges, you need to go edit the wp_usermeta table:
Then, go to the Insert table and configure the fields like so:
- umeta_id – leave blank.
- user_id – the user ID that you created in the previous step. For my example, it’s 3.
- meta_key – enter
- meta_value – enter
Then, click Go.
And that’s it! You can now log in to your WordPress site with admin privileges by using the username and password that you just created.
With these issues, you’re not locked out of your WordPress dashboard because of password or privilege issues. Instead, it’s an actual error that means you can’t access wp-admin at all.
Unfortunately, there’s no catch-all solution here. But I can link you to some of the other guides that we’ve written on how to fix these errors:
- How to Fix 500 Internal Server Error in WordPress
- How to Fix The Error Establishing a Database Connection in WordPress
Once you use those guides to fix the underlying issue, you should be able to access your WordPress dashboard like normal.
Say Goodbye To Being Locked Out Of WordPress!
By implementing the tips above, I hope that you’re no longer locked out of the WordPress dashboard.
With that being said, I realise that these steps are (unfortunately and unavoidably) a little complex at parts.