What To Do When You Are Locked Out of WordPress Admin (wp-admin)

Posted on by Martin

Being locked out of the WordPress admin area (wp-admin) can be frustrating and happens for various reasons, including plugin or theme issues, incorrect password attempts, or changes to user permissions. Here’s a comprehensive guide on what to do if you find yourself locked out of WordPress admin:

Clear Your Browser Cookies and Cache

Sometimes, the issue might be as simple as a browser problem. Clear your browser’s cookies and cache to ensure it’s not a session glitch preventing you from logging in.

Disable Plugins

A faulty plugin can cause lockouts, especially if it manages security or user roles.

  • Via FTP or File Manager: Connect to your site using an FTP client or the file manager in your hosting control panel. Navigate to the wp-content folder and find the plugins folder. Rename it to something like plugins_deactivate to disable all plugins. If this resolves the issue, rename the folder back to plugins and then disable plugins one by one in the WordPress admin to find the culprit.

Reset Your Password

If the issue is password-related, try resetting it.

  • Via Email: Use the “Lost your password?” link on the login page to reset your password via email.
  • Via phpMyAdmin: If email reset doesn’t work, you can reset your password directly in the database. Access phpMyAdmin from your hosting dashboard, find your WordPress database, and browse the wp_users table. Edit the user entry, enter a new value in the user_pass field, select MD5 in the functions menu, and save changes.

Check User Permissions

If you suspect your user roles or permissions have been altered:

  • Via phpMyAdmin: Access the wp_usermeta table in your WordPress database. Check the wp_capabilities (the table prefix wp_ might be different) for your user ID to ensure it’s set to a:1:{s:13:"administrator";s:1:"1";}. This string designates you as an administrator.

Verify Your wp-config.php File

Ensure that your wp-config.php file hasn’t been altered, especially the AUTH_KEY and other security keys, as this could affect logins.

  • Via FTP or File Manager: Download and inspect your wp-config.php file. Look for any anomalies or recent changes you didn’t make, especially around the WordPress security keys.

Deactivate .htaccess File

Misconfigurations in your .htaccess file can prevent access to the admin area.

  • Via FTP or File Manager: Rename your .htaccess file to something like .htaccess_old to deactivate it. If this allows access, regenerate a new .htaccess file by going to Settings > Permalinks in the WordPress admin and clicking “Save Changes.”

Check for IP Deny Rules

If your IP has been accidentally added to a deny list in your hosting environment or through a security plugin, you might be blocked from accessing wp-admin.

  • Via cPanel or Hosting Dashboard: Look for “IP Deny Manager” or similar options in your hosting control panel. Ensure your IP isn’t listed.
  • Via Security Plugins: If you have access to your site’s files, you might need to manually edit plugin files that control IP access to remove any deny rules affecting your IP.

Contact Your Hosting Provider

If none of the above steps work, contact your hosting provider. They can check for server-side issues, help identify the cause of the lockout, and may be able to restore access for you.

Restore From a Backup

As a last resort, if you have a recent backup of your website, restoring it might help, especially if the lockout is due to a recent change or update.

When dealing with a lockout, patience and systematic troubleshooting are key. Always take preventive measures like regular backups and cautious plugin/theme updates to minimize these issues in the future.