Get the Best WordPress Backup
& Migration Plugin Today
Get Duplicator Now
Announcement remote restores

Introducing New Remote Restores For More Accessible Cloud Backups

Are you securing your site backups in the cloud? You'll need an easy way to restore them. Our new features…
Locked out of WordPress

What To Do When You’re Locked Out of WordPress (16 Easy Solutions) 

Written By: author image Joella Dunn
author image Joella Dunn
Joella is a writer with years of experience in WordPress. At Duplicator, she specializes in site maintenance — from basic backups to large-scale migrations. Her ultimate goal is to make sure your WordPress website is safe and ready for growth.
     Reviewed By: John Turner
reviewer image John Turner
John Turner is the President of Duplicator. He has over 20+ years of business and development experience and his plugins have been downloaded over 25 million times.

Are you locked out of your WordPress site?

Being locked out of your WordPress website can be a nerve-wracking experience. But don’t panic! There are various reasons why this could happen, and fortunately, most of them have simple solutions. 

In this guide, I’ll show you the common causes of WordPress lockouts and help you regain access to your site!

Quick Summary: What To Do When You’re Locked Out of WordPress

One of the easiest ways to get back into your WordPress site is to restore a backup. With Duplicator, you can generate a recovery link for any full site backup. If your website goes down, simply paste the URL into a new browser window and follow the restoration steps.

You can also try to troubleshoot the issue. You may need to reset your password, create a new admin user, or disable security plugins. The solution depends on the cause of the error.

16 Reasons Why You Might be Locked Out of WordPress (And How to Fix It)

If you’re unexpectedly locked out of WordPress admin, you can easily fix the problem and continue managing your WordPress website!

Before you get started, we’d recommend clearing your browser’s cache and cookies. This may fix any browser-side issues that are causing errors on your login page.

You can quickly get your site up and running again by restoring a recent backup. You’ll immediately revert your site to a functioning state and avoid any annoying troubleshooting.

1. Invalid Login Credentials

If you can’t get into your WordPress back-end, there may be a straightforward solution. One common reason for lockouts is simply entering the wrong login credentials.

After entering an incorrect password, click on the Lost your password? button. This will allow you to reset your password through your WordPress email:

Lost WordPress password

Sometimes, you may not be able to get a new password. If you’ve been hacked or no longer access your admin email, you can use phpMyAdmin to reset your password.

Have you just migrated your site? Being locked out of wp-admin is a common post-migration issue. You may need to update the login credentials in your database.

2. Lost Admin Privileges

Although you’re an admin on your website, you may suddenly lose administrator privileges. This can be frustrating as it limits your access to critical site settings. 

Usually, this happens during a cyber-attack. However, you can manually add a new admin user to your WordPress database

To do this, open phpMyAdmin and find the wp_users table. Hit Insert:

Insert wp_users table

Then, add this information:

  • ID: choose a unique number
  • User_login: the username that you’ll use to log in
  • User_pass: add a password and select MD5
  • User_nicename: full name of the user
  • User_email: user’s email address
  • User_url: your WordPress site’s address
  • User_registered: the date and time that the user was registered
  • User_activation_key: leave empty
  • User_status: set at 0
  • Display_name: the user’s full name
wp_users table insert fields

Next, open the wp_usermeta table. Again, click the Insert option. Add this information:

  • Unmeta_id: leave blank
  • User_id: use the same user ID
  • Meta_key: set at wp_capabilities
  • Meta_value: add a:1:{s:13:”administrator”;s:1:”1″;}
wp_usermeta table insert

Scroll down and add this information:

  • Unmeta_id: leave blank
  • User_id: the same user ID
  • Meta_key: enter wp_user_level
  • Meta_value: set at 10
wp_usermeta table insert fields

Now, log into your WordPress site using the new user information you specified earlier!

3. Too Many Login Attempts

WordPress won’t limit the number of times you can try to log into your site. So, it’s often vulnerable to brute-force attacks. To access your dashboard, hackers will use automated software that guesses your password until your site is breached.

To secure your website against brute force attacks, it’s often a good idea to limit login attempts. However, if you can’t remember your password, this may lock you out of your own dashboard.

When this happens, you can unblock limited login attempts. If you installed a plugin like Limit Login Attempts Reloaded, you’ll need to simply delete this plugin folder with an FTP client:

Delete Limit Login Attempts Reloaded plugin folder

To connect to an FTP client, you can find the FTP credentials in your hosting account.

Alternatively, add deactivate_ to the beginning of the folder name. This will disable the plugin so you can log back into WordPress. Then, go back to your files and undo this change to reactivate the plugin. 

4. Error Establishing Database Connection

If you encounter the dreaded “Error Establishing Database Connection,” it means your website cannot connect to the database. This could be due to incorrect database login credentials or database server issues. 

Error establishing database connection

To fix the “Error Establishing Database Connection” error, open your wp-config.php file with an FTP client or a file manager like cPanel. Find the following lines of code:

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'database_name_here' );
/** MySQL database username */
define( 'DB_USER', 'username_here' );
/** MySQL database password */
define( 'DB_PASSWORD', 'password_here' );
/** MySQL hostname */
define( 'DB_HOST', 'localhost' );

If you’ve recently moved to a new WordPress hosting provider, your wp-config.php file could be still pointing to your old host. You’ll need to update the hostname, database name, database user, and database password to point to the new host. 

For more details, check out this beginner’s guide on How to Fix the Error Establishing a Database Connection in WordPress.

5. White Screen of Death

The White Screen of Death (WSOD) is a blank screen that appears when something goes wrong on your website. It is often caused by PHP errors or memory exhaustion:

White Screen of Death

Rather than displaying an error code, you’ll usually see a completely white page. It may also say “There has been a critical error on your website.”

WordPress critical error

If this happens, there are a few different fixes you can try. The WSOD could be caused by poorly coded plugins or themes, so you might need to disable all plugins and activate a default theme.

WordPress also offers a fatal error protection feature that can identify potential solutions. In this case, you’ll see an error that “The site is experiencing technical difficulties.”

WordPress technical difficulties error

Along with this, you’ll get an email that explains the source of the issue. WordPress will also send you a link to help you log into your recovery mode dashboard:

WordPress recovery mode

Another possible solution is to increase your WordPress memory limit. This can be helpful when a script overuses your memory and times out.  

6. Hacked WordPress Site

If your site has been hacked, regaining access is crucial. You can start by contacting your hosting provider and scanning your site for malware. 

To quickly gain control of your site, restore a clean backup. If you’re using a backup plugin like Duplicator Pro, you can set the most recent backup as the disaster recovery point:

Set Disaster Recovery

Then, copy the recovery URL. You’ll need to save this in a safe place (independent of your WordPress dashboard) just in case you ever get hacked:

Disaster recovery link

All you’ll need to do to recover your site is paste this URL into a new browser window. This will automatically launch the Duplicator recovery wizard:

Disaster recovery

You can follow these steps to roll back your site to how it was before the cyber attack.

To prevent your website from being hacked again, be sure to follow this WordPress security checklist.

7. 500 Internal Server Error

A 500 Internal Server Error is a generic error message for a server-side issue. Something went wrong, but there’s no clear explanation of what happened.

500 Internal server error

Since this is a common error, it’s easily fixed. You could try clearing your browser cache, deactivating plugins, or increasing your PHP memory limit.

You may also have a corrupt .htaccess file. To fix this, rename the file to .htaccess_old:

Rename .htaccess file

Then, create a new file and name it .htaccess. Open this file and add this code:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress

This should resolve the 500 internal server error. Before you start using your site as normal, go to Settings » Permalinks and hit Save Changes. WordPress will automatically generate a new .htaccess file for you. 

8. 404 Not Found Error

You might change your WordPress site’s URLs when you’re using a new domain name, migrating a local site to a live server, or moving from HTTP to HTTPS. If you make a mistake in the URL, you may find a “404 Not Found” error when you try to log into wp-admin.

Even if you’re locked out of WordPress, you can manually change your site’s URLs. Using an FTP client, find your theme folder and open the functions.php file:

WordPress theme functions.php file

In this file, add this code. Be sure to replace the demo URLs with your custom site information:

update_option( 'siteurl', '' );
update_option( 'home', '' );

Save the file and try to log into your dashboard again. If everything is functioning normally, go back and remove these lines. 

9. 403 Forbidden Error

A 403 Forbidden Error implies that you don’t have permission to access a specific resource on the server. It can prevent you from accessing the WordPress login page or the wp-admin area.

403 Forbidden error

Usually, 403 Forbidden Errors happen when a security plugin blocks your IP address, thinking that it’s malicious. It could also occur because of incorrect file permissions, a corrupt .htaccess file, or wrong server settings.

If you see this 403 Forbidden error, try these troubleshooting methods

10. 401 Unauthorized Error

Sometimes, you’ll see a 401 Unauthorized error that will lock you out of WordPress. This usually means that your WordPress admin folder is password protected, and you didn’t enter a password.

401 Unauthorized error

However, this error can also be caused by security plugins. Additionally, some hosting companies’ security precautions can trigger this error by mistake.

If you added password protection to your admin directory, you can temporarily disable it. Using Bluehost, find the Directory Privacy setting:

Bluehost directory privacy

Then, deselect the option to Password protect this directory. Be sure to save this change:

Disable password protection for directory

You’ll also need to go back to the previous page and delete the username assigned to the password-protected directory. After this, you should be able to log in!

Do you need additional solutions? You may like this comprehensive guide on fixing the 401 error in WordPress.

11. Plugin Problems

Some plugins can cause conflicts that lock you out of your site. If you can’t log in after just installing a new plugin, this is probably the cause.

To fix it, find your wp-content » plugins folder. Add “deactivate” to its name:

Deactivate WordPress plugins folder

This will temporarily disable all plugins on your site. Once you log back into your dashboard, you’ll need to reactivate each plugin one at a time. 

If the error happens again, you’ll know which plugin caused it. Then, we’d recommend deleting it and finding a better alternative. 

12. Briefly Unavailable for Scheduled Maintenance Error

The Briefly Unavailable for Scheduled Maintenance error appears while your site is updating its core WordPress software, plugins, or themes. It might linger if an update was interrupted.

WordPress maintenance error

During an update, WordPress will create a temporary .maintenance folder. Once the update finishes, the file is deleted. However, your site could be stuck in maintenance mode.

All you’ll need to do is delete this .maintenance file manually:

Delete WordPress maintenance file

If you don’t see it, it could be hidden. In FileZilla, go into the Server settings and make sure it’s force-showing hidden files:

FTP force show hidden files

After you delete the temporary maintenance file, your site will no longer be in maintenance mode!

13. This Has Been Disabled Error

If you see an error that says “This has been disabled,” you probably went to the wrong URL for your admin account. 

Many WordPress site owners change their default login URLs to improve security and prevent hackers from accessing common login links like wp-admin and wp-login. If you changed yours, your original URL won’t work.

Need help locating your custom wp-admin link? Check out this tutorial on how to find your WordPress login URL

14. PHP Syntax Errors

You might accidentally trigger a PHP error after using a code snippet that you found on a WordPress tutorial online. With the wrong code, your entire site could go down.

PHP syntax error

To get your site up and running again, you’ll need to find the file where you pasted the code snippet. Since you can’t access your built-in WordPress file editor, use an FTP client.

Then, remove the code or adjust the syntax so that it’s correct. To avoid this problem in the future, be sure to use web code snippets correctly

15. Technical Issue

Sometimes, a technical glitch beyond your control can lead to a lockout. Usually, you’ll receive an automated email to help you identify the issue and log back in.

WordPress technical issue

In this case, simply use the login link and troubleshoot the issue. Your site will be in recovery mode, making it easy to find the troublesome plugin or theme. 

16. Login Page Refreshing and Redirecting

In the normal login process, WordPress will make sure your username and password are correct and then save a login browser cookie. After this, you’ll automatically be redirected to your WordPress admin dashboard.

However, your login page might keep refreshing and redirecting back to the same login screen. This could be caused by incorrect URL settings or login cookies failing.

To solve this problem, try clearing your browser cache and cookies. Additionally, you could open your wp-config.php file and add this code:


For more tips and tricks, check out this guide on how to fix the WordPress login page refreshing and redirecting issue.

Frequently Asked Questions (FAQs)

Why am I locked out of my WordPress site?

You might be locked out of your WordPress site due to various reasons, such as entering incorrect login credentials, too many failed login attempts, a cyber attack, or a technical issue with the site or server. Identifying the specific cause will help you apply the appropriate solution to regain access.

How long does WordPress lock you out for?

WordPress doesn’t have a specific standard time duration for locking users out. It depends on the settings configured by the website administrator or any security plugins installed.

How do I recover my WordPress admin login?

To recover your admin login, reset your WordPress password. If there is a large-scale issue happening with your site, consider restoring a recent backup. This will immediately revert your site to a version before the error happened, and you’ll be able to log in. 

How do I regain access to my WordPress site?

To regain access to your WordPress site, make sure to set a backup as the disaster recovery point with Duplicator Pro. Then, copy your recovery link. Paste it into a browser window to launch Duplicator’s recovery wizard.

If you don’t have a backup saved, you’ll need to try other troubleshooting methods. You may need to adjust admin privileges, update your database information in the wp-config.php file, or regenerate your .htaccess file. Ultimately, the solution will depend on the specific problem.


That’s it! You’ve just fixed your website after being locked out of WordPress.

While you’re here, you may like these extra WordPress tutorials:

Ready to get your WordPress site back up and running? Download Duplicator Pro to easily save backups and restore them whenever you need to!

author avatar
Joella Dunn Content Writer
Joella is a writer with years of experience in WordPress. At Duplicator, she specializes in site maintenance — from basic backups to large-scale migrations. Her ultimate goal is to make sure your WordPress website is safe and ready for growth.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. We only recommend products that we believe will add value to our readers.