Are you locked out of your WordPress site?
Some errors or cyber attacks prevent you from logging into your admin dashboard. Because of this, you might think that your website is a lost cause.
Don’t abandon your hard work just yet! There are a few reasons why you could be locked out, and fortunately, most of them have simple solutions.
In this guide, I’ll show you the common causes of WordPress lockouts. By the end, you’ll regain access to your site, I promise.
Quick Summary: What To Do When You’re Locked Out of WordPress
One of the easiest ways to get back into your WordPress site is to restore a backup. With Duplicator, you can generate a recovery link for any full site backup. If your website goes down, simply paste the URL into a new browser window and follow the restoration steps.
You can also try to troubleshoot the issue. You may need to reset your password, create a new admin user, or disable security plugins. The solution depends on the cause of the error.
16 Reasons Why You Might be Locked Out of WordPress (And How to Fix It)
If you’re unexpectedly locked out of WordPress admin, you can easily fix the problem and continue managing your WordPress website!
Before you get started, we’d recommend clearing your browser’s cache and cookies. This may fix any browser-side issues that are causing errors on your login page.
You can quickly get your site up and running again by restoring a recent backup. You’ll immediately revert your site to a functioning state and avoid any annoying troubleshooting.
1. Invalid Login Credentials
If you can’t get into your WordPress back-end, there may be a straightforward solution. One common reason for lockouts is simply entering the wrong login credentials.
After entering an incorrect password, click on the Lost your password? button. This will allow you to reset your password through your WordPress email.
Sometimes, you may not be able to get a new password. If you’ve been hacked or no longer access your admin email, you can use phpMyAdmin to reset your password.
Have you just migrated your site? Being locked out of wp-admin is a common post-migration issue. You may need to update the login credentials in your database.
2. Lost Admin Privileges
Although you’re an admin on your website, you may suddenly lose administrator privileges. This can be frustrating as it limits your access to critical site settings.
Usually, this happens during a cyber-attack. However, you can manually add a new admin user to your WordPress database.
To do this, open phpMyAdmin and find the wp_users table. Hit Insert.
Then, add this information:
- ID: choose a unique number
- User_login: the username that you’ll use to log in
- User_pass: add a password and select MD5
- User_nicename: full name of the user
- User_email: user’s email address
- User_url: your WordPress site’s address
- User_registered: the date and time that the user was registered
- User_activation_key: leave empty
- User_status: set at 0
- Display_name: the user’s full name
Next, open the wp_usermeta table. Again, click the Insert option. Add this information:
- Unmeta_id: leave blank
- User_id: use the same user ID
- Meta_key: set at wp_capabilities
- Meta_value: add a:1:{s:13:”administrator”;s:1:”1″;}
Scroll down and add this information:
- Unmeta_id: leave blank
- User_id: the same user ID
- Meta_key: enter wp_user_level
- Meta_value: set at 10
Now, log into your WordPress site using the new user information you specified earlier!
3. Too Many Login Attempts
WordPress won’t limit the number of times you can try to log into your site. So, it’s often vulnerable to brute-force attacks. To access your dashboard, hackers will use automated software that guesses your password until your site is breached.
To secure your website against brute force attacks, it’s often a good idea to limit login attempts. However, if you can’t remember your password, this may lock you out of your own dashboard.
When this happens, you can unblock limited login attempts. If you installed a plugin like Limit Login Attempts Reloaded, you’ll need to simply delete this plugin folder with an FTP client.
To connect to an FTP client, you can find the FTP credentials in your hosting account.
Alternatively, add deactivate_ to the beginning of the folder name. This will disable the plugin so you can log back into WordPress. Then, go back to your files and undo this change to reactivate the plugin.
4. Error Establishing Database Connection
If you encounter the dreaded “Error Establishing Database Connection,” it means your website cannot connect to the database. This could be due to incorrect database login credentials or database server issues.
To fix the “Error Establishing Database Connection” error, open your wp-config.php file with an FTP client or a file manager like cPanel. Find the following lines of code:
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'database_name_here' );
/** MySQL database username */
define( 'DB_USER', 'username_here' );
/** MySQL database password */
define( 'DB_PASSWORD', 'password_here' );
/** MySQL hostname */
define( 'DB_HOST', 'localhost' );
If you’ve recently moved to a new WordPress hosting provider, your wp-config.php file could be still pointing to your old host. You’ll need to update the hostname, database name, database user, and database password to point to the new host.
For more details, check out this beginner’s guide on how to fix the error establishing a database connection in WordPress.
5. White Screen of Death
The White Screen of Death (WSOD) is a blank screen that appears when something goes wrong on your website. It is often caused by PHP errors or memory exhaustion.
Rather than displaying an error code, you’ll usually see a completely white page. It may also say “There has been a critical error on your website.”
If this happens, there are a few different fixes you can try. The WSOD could be caused by poorly coded plugins or themes, so you might need to disable all plugins and activate a default theme.
WordPress also offers a fatal error protection feature that can identify potential solutions. In this case, you’ll see an error that “The site is experiencing technical difficulties.”
Along with this, you’ll get an email that explains the source of the issue. WordPress will also send you a link to help you log into your recovery mode dashboard.
Another possible solution is to increase your WordPress memory limit. This can be helpful when a script overuses your memory and times out.
6. Hacked WordPress Site
If your site has been hacked, regaining access is crucial. You can start by contacting your hosting provider and scanning your site for malware.
To quickly gain control of your site, restore a clean backup. If you’re using a backup plugin like Duplicator Pro, you can set the most recent backup as the disaster recovery point.
Then, copy the recovery URL. You’ll need to save this in a safe place (independent of your WordPress dashboard) just in case you ever get hacked:
All you’ll need to do to recover your site is paste this URL into a new browser window. This will automatically launch the Duplicator recovery wizard.
You can follow these steps to roll back your site to how it was before the cyber attack.
To prevent your website from being hacked again, be sure to follow this WordPress security checklist.
7. 500 Internal Server Error
A 500 Internal Server Error is a generic error message for a server-side issue. Something went wrong, but there’s no clear explanation of what happened.
Since this is a common error, it’s easily fixed. You could try clearing your browser cache, deactivating plugins, or increasing your PHP memory limit.
You may also have a corrupt .htaccess file. To fix this, rename the file to .htaccess_old.
Then, create a new file and name it .htaccess. Open this file and add this code:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
This should resolve the 500 internal server error. Before you start using your site as normal, go to Settings » Permalinks and hit Save Changes. WordPress will automatically generate a new .htaccess file for you.
8. 404 Not Found Error
You might change your WordPress site’s URLs when you’re using a new domain name, migrating a local site to a live server, or moving from HTTP to HTTPS. If you make a mistake in the URL, you may find a “404 Not Found” error when you try to log into wp-admin.
Even if you’re locked out of WordPress, you can manually change your site’s URLs. Using an FTP client, find your theme folder and open the functions.php file.
In this file, add this code. Be sure to replace the demo URLs with your custom site information:
update_option( 'siteurl', 'https://example.com' );
update_option( 'home', 'https://example.com' );
Save the file and try to log into your dashboard again. If everything is functioning normally, go back and remove these lines.
9. 403 Forbidden Error
A 403 Forbidden Error implies that you don’t have permission to access a specific resource on the server. It can prevent you from accessing the WordPress login page or the wp-admin area.
Usually, 403 Forbidden Errors happen when a security plugin blocks your IP address, thinking that it’s malicious. It could also occur because of incorrect file permissions, a corrupt .htaccess file, or wrong server settings.
If you see this 403 Forbidden error, try these troubleshooting methods.
10. 401 Unauthorized Error
Sometimes, you’ll see a 401 Unauthorized error that will lock you out of WordPress. This usually means that your WordPress admin folder is password protected, and you didn’t enter a password.
However, this error can also be caused by security plugins. Additionally, some hosting companies’ security precautions can trigger this error by mistake.
If you added password protection to your admin directory, you can temporarily disable it. Using Bluehost, find the Directory Privacy setting.
Then, deselect the option to Password protect this directory. Be sure to save this change.
You’ll also need to go back to the previous page and delete the username assigned to the password-protected directory. After this, you should be able to log in!
Do you need additional solutions? You may like this comprehensive guide on fixing the 401 error in WordPress.
11. Plugin Problems
Some plugins can cause conflicts that lock you out of your site. If you can’t log in after just installing a new plugin, this is probably the cause.
To fix it, find your wp-content » plugins folder. Add “deactivate” to its name.
This will temporarily disable all plugins on your site. Once you log back into your dashboard, you’ll need to reactivate each plugin one at a time.
If the error happens again, you’ll know which plugin caused it. Then, we’d recommend deleting it and finding a better alternative.
12. Briefly Unavailable for Scheduled Maintenance Error
The Briefly Unavailable for Scheduled Maintenance error appears while your site is updating its core WordPress software, plugins, or themes. It might linger if an update was interrupted.
During an update, WordPress will create a temporary .maintenance folder. Once the update finishes, the file is deleted. However, your site could be stuck in maintenance mode.
All you’ll need to do is delete this .maintenance file manually.
If you don’t see it, it could be hidden. In FileZilla, go into the Server settings and make sure it’s force-showing hidden files.
After you delete the temporary maintenance file, your site will no longer be stuck in maintenance mode!
13. This Has Been Disabled Error
If you see an error that says “This has been disabled,” you probably went to the wrong URL for your admin account.
Many WordPress site owners change their default login URLs to improve security and prevent hackers from accessing common login links like wp-admin and wp-login. If you changed yours, your original URL won’t work.
Need help locating your custom wp-admin link? Check out this tutorial on how to find your WordPress login URL.
14. PHP Syntax Errors
You might accidentally trigger a PHP error after using a code snippet that you found on a WordPress tutorial online. With the wrong code, your entire site could go down.
To get your site up and running again, you’ll need to find the file where you pasted the code snippet. Since you can’t access your built-in WordPress file editor, use an FTP client.
Then, remove the code or adjust the syntax so that it’s correct. To avoid this problem in the future, be sure to use web code snippets correctly.
Do you want to learn how to code better? Here are the best developer tools that only the experts use!
15. Technical Issue
Sometimes, a technical glitch beyond your control can lead to a lockout. Usually, you’ll receive an automated email to help you identify the issue and log back in.
In this case, simply use the login link and troubleshoot the issue. Your site will be in recovery mode, making it easy to find the troublesome plugin or theme.
16. Login Page Refreshing and Redirecting
In the normal login process, WordPress will make sure your username and password are correct and then save a login browser cookie. After this, you’ll automatically be redirected to your WordPress admin dashboard.
However, your login page might keep refreshing and redirecting back to the same login screen. This could be caused by incorrect URL settings or login cookies failing.
To solve this problem, try clearing your browser cache and cookies. Additionally, you could open your wp-config.php file and add this code:
define('WP_HOME','https://www.example.com');
define('WP_SITEURL','https://www.example.com');
For more tips and tricks, check out this guide on how to fix the WordPress login page refreshing and redirecting issue.
Frequently Asked Questions (FAQs)
Why am I locked out of my WordPress site?
You might be locked out of your WordPress site due to various reasons, such as entering incorrect login credentials, too many failed login attempts, a cyber attack, or a technical issue with the site or server. Identifying the specific cause will help you apply the appropriate solution to regain access.
How long does WordPress lock you out for?
WordPress doesn’t have a specific standard time duration for locking users out. It depends on the settings configured by the website administrator or any security plugins installed.
How do I recover my WordPress admin login?
To recover your admin login, reset your WordPress password. If there is a large-scale issue happening with your site, consider restoring a recent backup. This will immediately revert your site to a version before the error happened, and you’ll be able to log in.
How do I regain access to my WordPress site?
To regain access to your WordPress site, make sure to set a backup as the disaster recovery point with Duplicator Pro. Then, copy your recovery link. Paste it into a browser window to launch Duplicator’s recovery wizard.
If you don’t have a backup saved, you’ll need to try other troubleshooting methods. You may need to adjust admin privileges, update your database information in the wp-config.php file, or regenerate your .htaccess file. Ultimately, the solution will depend on the specific problem.
Conclusion
That’s it! You’ve just fixed your website after being locked out of WordPress.
While you’re here, you may like these extra WordPress tutorials:
Ready to Get Your WordPress Site Back Online?
Upgrade to Duplicator Pro automatically save backups and restore them whenever you need to!
Get Duplicator Pro Now
Joella is a writer with years of experience in WordPress. At Duplicator, she specializes in site maintenance — from basic backups to large-scale migrations. Her ultimate goal is to make sure your WordPress website is safe and ready for growth.
