Locked Out of WordPress Admin Dashboard? Here is How to Regain Access

WordPress admin dashboard is a control panel where you can configure all site’s settings. It enables a frontend browser access for creating content, responding to comments, installing themes/plugins and customizing the site’s appearance without accessing core PHP files installed on hosting server. If you are a new user, there are lot of possibilities you might be locked out of WordPress admin dashboard when playing around with the setup. If you ever locked out, here are the options to regain the access.

Locked Out Situations in WordPress

It is not always the case that you lost or forgot the password and not able to login to your dashboard. In most cases, the lock out happens due to other reasons caused by security plugins, mistakes when editing core PHP files or hacked or infected with malware. The solution depends on the following two situations:

• Your site is up and login URL is accessible, it’s an only problem that you are not able to login to dashboard. It is also possible that you forgot the custom login page’s URL/password or lost administrator privileges.
• Entire site is down along with login URL and you are seeing an error when trying to access the login page.

Before making any big changes, go to your hosting account and take a full backup of your site. Almost all hosting companies offer one-click backup to take a snapshot of entire account including database and site’s files. If you have a smaller site, then login with FTP and download site’s content and go to hosting account to download database from phpMyAdmin manually.

1. Reset WordPress Login Password

• Open the login page of your site. It should be generally like https://yoursite.com/wp-admin/ if you have not changed the default setup.
• Click the “Lost your password?” link showing below the login form.

• Enter your username or email address and click on “Get New Password” button.

• This will trigger a confirmation link to your email address.

• Check your email and click the received password reset link.

• This will open a page and generate a new password for you. Click on the “Generate Password” button to generate another password or type your own password.

• Click “Save Password” button and go back to your login page to login to WordPress dashboard.

Note: Some login customization plugins allow to remove the “Lost your password?” link from login page. If have done so, you can directly access the new password page using this URL: https://yoursite.com/wp-login.php?action=lostpassword.

2. Locked Due to Security Measures

There are lot of WordPress plugins allow you to limit the number of login attempts when using wrong password. In addition, you can whitelist only your own IP address and add two-factor authentication to harden the access. These security measures are meant to stop automated bots guess the password and try to login to your site continuously. However, sometimes you might have entered wrong password multiple times to lock IP or lost the mobile needed for additional verification.

Depending upon your plugin’s settings either the login page will be unavailable temporarily for that username or IP will be blocked. In this case, do one of the followings:

• Time delay – Wait for some time (this is the duration set in your security plugin’s settings page) so that your username is automatically unlocked. Now, try again with a correct password. If you forgot the password, try to reset it as explained above.
• IP Locked – Use VPN or another device to change your IP address and try to login with a correct password. After logging into your admin panel, you can unlock the locked IP address (which is your own IP address) from security plugin’s settings page.
• Temporarily Disable Security Plugin – if you are sure the security plugin is preventing you from logging like in the case of two-factor authentication, follow the instructions explained in next section for temporarily disabling the plugin.

3. Disable Custom Login Page

Nowadays, it is common to rename the default WordPress login URL so that no other person can attempt to login. In this case, the default login page will return 404 or redirect to homepage or show a message that the page is disabled.

Though this helps to protect your site from automated bots, problem comes when you forget the new login URL. The only solution here is to temporarily disable the plugin that you used for renaming the login page.

• Login to your hosting account and open File Manager app.
• Navigate to “/public_html/wp-content/plugins/” folder of your site.
• Find the plugin and rename it to some different name like “old_plugin_name”.

Alternatively, use FTP to remotely login to your hosting server using apps like FileZilla. Go to “/public_html/wp-content/plugins/” folder of your site and rename the plugin that causing issue.

Since the plugin is disabled, you should be able to use the default login page to go inside the admin dashboard. Try one of the followings to use the custom login page again:

• Simply delete the renamed plugin from “Plugins” section of your dashboard. You can reinstall the plugin and setup the custom login page again.
• Otherwise, rename the plugin to its original name from FTP/File Manager. Activate it from “Plugins” section of your dashboard and then configure the custom login URL from plugin’s settings page.

Note: Some security plugins also offer a custom function to disable individual features. For example, if you are locked yourselves out with SG Security plugin, you can add the following code in functions.php file using File Manager or FTP to disable the custom login page.

add_action( 'init', 'remove_custom_login_url' );
function remove_custom_login_url() {
    update_option( 'sg_security_login_type', 'default' );
}

After that, login with default WordPress URL and get the custom login page URL from the plugin’s settings page. Finally, you can remove the code from functions.php file to start using the custom login page again.

4. Generate Password from Another Admin Account

If there are multiple administrator accounts for your site, then it is super easy to unlock the locked username.

• Login to dashboard with another admin user account.
• Go to “Users” section from the left sidebar menu.
• Find and click the username that is locked.
• Scroll down to “Account Management” section.
• Click “Set New Password” button to generate a new password which you can use for logging in for that account. Use this option if you own both admin accounts.
• Alternatively, click “Send Reset Link” to trigger a password reset link to the email address linked to the username. You can use this option to request some other admin user to send a link to your admin email address.

5. Rename Admin Username, Email or Password

If you have lost the original admin email address or password and do not have another admin account, then the only option is to change the username/email directly in database. Before modifying database, make sure to take a complete site backup so that you can restore if something goes wrong.

Follow the detailed instructions in this article to reset admin username, email address or password.

6. Fixing Malware or Hacked Site

Hacking or malware attack is another common problem of locking out of WordPress admin dashboard. Here are some of the generic actions you can take in this case:

• Check whether your CDN or hosting company allows you to take the site down offline. For example, you can do this in SiteGround hosting panel with few clicks.
• If you are using Cloudflare, enable “I’m Under Attack Mode” to block visitors to your site based on a challenge page.
• If you can access admin dashboard, use maintenance mode or security plugin to take your site down.

Once the site is taken offline, use a malware scanner to check and remove the malicious code from your site. There are many premium options like third-party service from Sucuri or hosting solution like SiteGround Site Scanner (which also uses Sucuri), etc. for this purpose.

7. Site Down with PHP Errors

If you see a blank white page or PHP errors when trying to login to your dashboard, then the first thing is to check your previous activities on the site. Perhaps you might have installed a plugin, updated theme or edited core PHP files. If you know what you did, simply try to revert the changes from File Manager or using FTP.

If you do not know from where the issue comes, then enable debugging mode as explained in this article. This will show clear error like which line number in the PHP file is causing error from which file. You can simply rename the plugin/theme or remove the specific line from the file if you have added it manually.

Check out WordPress troubleshooting guide for beginners to understand how to fix basic errors and login back to your admin dashboard.

Final Words

Do not get panic if you are locked out of WordPress admin dashboard. In most cases, this happens due to PHP errors or wrong username/password. Resetting password, changing custom login URL, deactivating the plugin and removing the inserted code are easy to fix and regain the access. Even you can fix the PHP errors after finding the source file causing the issue. However, removing malware or fixing hacked site needs a premium solution which will cost you hefty to fix the issue.