What to Do When You’re Locked Out of the WordPress Admin Area

by Jason Cosper
What to Do When You’re Locked Out of the WordPress Admin Area thumbnail

Nothing can bring your workday to a screeching halt like not being able to access your WordPress dashboard. Without that ability, you can’t create or publish posts, respond to comments, or perform any other task on your website. Unfortunately, there are a wide variety of reasons why you might be locked out of your site.

However, the good news is that WordPress’ flexibility means there are various solutions to diagnose and fix this problem. Plus, most of them are relatively straightforward, even for beginners. You should be able to troubleshoot and resolve the issue in no time.

In this article, we’ll explore the common reasons why you might get locked out of the WordPress dashboard. Then we’ll walk through seven methods you can follow to fix the problem. Let’s dig in!

Get Content Delivered Straight to Your Inbox

Subscribe to our blog and receive great content just like this delivered straight to your inbox.

Common Reasons for Getting Locked Out of WordPress

There are several ways the issue of being locked out of WordPress can present itself. Although the exact page and message that you see when you try to log in might vary, the result is the same: You can’t get into your WordPress admin area.

In this section, we’ll briefly run through some of the possible presentations you may encounter, along with an explanation of why you might be seeing that specific error. We’ll also include a handy link to the solution for each, so you can jump down to the appropriate fix.

It’s important to note that while each of these errors might look the same on the surface (that is, you can’t log in), the solutions can be quite different. There’s not necessarily a one-size-fits-all fix. For that reason, we recommend that you match up the specific error you’re seeing.

With that out of the way, here are some of the possible issues you might encounter when you can’t log into your dashboard:

  • You see “This has been disabled.” The most likely cause of this error is that you have the wrong login URL for your site. You’ll need to restore your WordPress site’s login URL.
  • Your WordPress password doesn’t work, and password recovery fails. Sometimes a problem with your site’s email system prevents sending the recovery email. To fix it, you can reset your password with phpMyAdmin.
  • You’ve lost administrator privileges. In this scenario, your login works, but you can’t perform any of your administrative functions. Therefore, the next step is to create a new user with administrative privileges.
  • You’re locked out due to too many login attempts. Some security plugins do this to prevent unauthorized access. You’ll need to disable your security plugin.
  • There’s a blank white screen (the “White Screen of Death”). There are several causes for this, but generally, it’s a problem with a plugin. PHP memory issues can also cause it. You’ll need to troubleshoot the White Screen of Death.
  • You see an “Error establishing a database connection” message. This notification indicates a problem with the MySQL database used by WordPress for data storage. You’ll need to resolve the database connection error.
  • The message indicates a “Parse error: syntax error.” Code entered incorrectly usually causes this issue. The solution is to undo any recent code changes.

These cover the vast majority of login issues you might come across. However, if you run into a problem other than the above or you can’t seem to get your login working, you can always reach out to your hosting provider. If you’re a DreamHost customer, we offer 24/7 expert support — simply click on the Support button in the upper-right corner of the DreamHost Control Panel.

Ad background image

Skip the Stress

Avoid troubleshooting when you sign up for DreamPress. Our friendly WordPress experts are available 24/7 to help solve website problems — big or small.

Check Out Plans

What to Do Before Troubleshooting This Issue

If you’re a DreamPress user, we recommend trying the auto-login feature available in your DreamHost panel before trying anything else. This feature lets you log in directly from the panel and may help to bypass whatever issue is preventing you from logging in normally.

To use this feature, head to your DreamHost panel and navigate to WordPress > Managed WordPress. Then click on Manage to the right of your DreamPress site. Finally, select the Manage WordPress button.

Next, check to see if you have a recent backup of your site. If so, restoring it could fix the issue. If you’re a DreamPress user, you get a fresh backup every day.

If restoring doesn’t work or your backup is too old, you’ll want to make a new backup before attempting any troubleshooting. This way, if something goes wrong, you can easily restore your site to its present condition.

If you’re a DreamHost customer, creating a backup is simple. Log in to your DreamHost control panel and navigate to WordPress > Managed WordPress in the sidebar.

The DreamPress Control Panel.

Click the Manage button. Select Backups from the menu along the top, and click on Create Backup.

The Backup section of the DreamPress Control Panel.

If you’re using a different hosting provider, they likely also have a similar backup function. Consult the relevant documentation to create a backup.

How to Fix the Common Causes of Being Locked Out of WordPress (7 Methods)

At this point, you’ve identified the most likely reason why you’re locked out (based on the error message you’re receiving). You should have also created a fresh backup. Now it’s time to dig into troubleshooting.

Note that these are not steps you should try in order. Instead, each fix corresponds to the specific issue and presentation you see when you attempt to log in. Here we go!

1. Restore Your WordPress Site’s Login URL

If you’re receiving a “This has been disabled” message when you attempt to log in, the most likely reason is that you’re using the wrong login URL.

A “This has been disabled” error message when trying to login to WordPress.

Some sites use a custom URL for logins as a security measure, so hackers can’t guess the URL and try to brute force their way in. Typically, you would set this up using a plugin such as WPS Hide Login.

The tool works well, but if you’ve forgotten the correct URL, you can end up in a situation where you can’t log in. To fix this, you’ll need to disable the plugin temporarily. Since you can’t access your admin dashboard, the easiest way to do this is by using the Secure File Transfer Protocol (SFTP).

If you’re a DreamHost customer, you can access your sites via our WebFTP function. If you have a different hosting provider, you’ll need an SFTP client, such as FileZilla, along with your FTP credentials, which you can obtain from your provider.

To use WebFTP, head to your DreamHost control panel and navigate to Domains > Manage Domains. You can find the WebFTP button under the name of each site in the first column.

The WebFTP option in the DreamHost Control Panel.

Clicking on it opens up your site in the file manager. Here, you’ll want to head into the folder that matches your site’s name and navigate to wp-content > plugins.

The wp-content/plugins folder of a WordPress site.

Find the folder that corresponds to your security plugin and click on the arrow next to it. In the drop-down menu, choose Rename and change the name of the folder to something else. We recommend simply adding a “-disabled” to the end of the folder name, so you can easily recognize it later.

Changing the plugin name deactivates it since WordPress won’t be able to recognize it. Now, you should be able to log into your site properly. Once in, you’ll want to rename the plugin folder back to its original state and ensure you have the correct login URL in the future.

Related Article
How to Create Your First WordPress Plugin
Read More

2. Reset Your Password With phpMyAdmin or WP-CLI

Typically, if you’ve forgotten your WordPress admin password, you have the option of resetting it via email.

The password recovery option on a WordPress login page.

However, with this issue, when you click on that button, the email never comes. Often, this is the result of a temporary issue with the email system on your site. However, if you’re trying to reset your password and aren’t receiving the recovery email, you’re not out of luck — you can reset your password directly in the database using phpMyAdmin.

To access phpMyAdmin from your DreamHost Control Panel, navigate to WordPress > Managed WordPress.

The DreamPress Control Panel.

Locate the domain you’re locked out of and click on the blue Manage button. At the bottom of the next page, select the Manage Database button to open the phpMyAdmin utility.

On the left side of the screen, you’ll see a list of databases. The one you want will have a name that matches your domain name. Click on it to open it.

On the next screen, scroll down until you find the wp_users table.

The wp-users table in phpMyAdmin.

This contains all of the user data for your site. Click on wp_users to open it.

The user list in phpMyAdmin.

On this screen, you can locate your username (or the admin’s username, if it’s not you), and then click on Edit.

The user editing screen in phpMyAdmin.

Finally, locate the user_pass field. In the Function box, select MD5 to ensure that your password is hashed (meaning not readable by humans). In the value box, you can enter your new password.

When you’re finished, click on Go. Now you can enter this password on your WordPress login page, and you should be all set.

If you don’t feel comfortable using the phpMyAdmin interface, you can also use the WP-CLI command line tool to update your password. WP-CLI is available on all DreamHost servers.

To use this tool, you’ll first need to ensure that your username is registered as a Secure Shell (SSH) user. If you’re unsure how to do this, check out our instructions on creating a user with SSH access. If you’re not familiar with using SSH to access your site, we also have a guide on using SSH that you can review.

Once you’re logged in with SSH, navigate to your WordPress directory with the following command.

Navigating to the user directory in the WP-CLI tool.

Next, run the command ‘wp user list’ to see a list of currently registered users and make a note of the ID number you need to reset the password for.

The user list displayed in the WP-CLI tool.

Finally, run the following command to reset the password.

The command to update a user’s password in the WP-CLI tool.

Change the number in the command to match the user ID you need. You’ll be prompted to enter a new password. You’ll also receive an email notification informing you of the change.

3. Create a New User With Administrator Privileges 

With this particular problem, you actually can log in, but you don’t have your usual administrator privileges. This may mean that you can’t perform the critical functions necessary to keep your site running.

This issue is most often the result of malicious activity — either your site was hacked, or someone with access to your account has made some changes. Security and recovering from a hack is another topic, so we won’t get into that here. However, we will show you how to restore your administrator access.

Head to the phpMyAdmin interface and pull up your website from the list on the left (see the previous step for exactly where to find this). Scroll down until you see the wp_users table in the list.

The wp-users table in phpMyAdmin.

Click on the Insert link. Next, fill out the form. Each field corresponds to a field in the WordPress user settings:

  • ID: Choose a number that isn’t already taken by one of the other users on your site. For example, if you have five users, your new user should be at least number six.
  • user_login: The username for your new administrator account.
  • user_pass: The password for the new user.
  • user_nicename: A nickname for the user.
  • user_email: The email address for the account.
  • user_url: Your website’s URL.
  • user_registered: The current date.
  • user_status: Should be zero.
  • display_name: The name you want to be displayed on your website for this user.

When you’re finished, you can click on Go to save this new user.

Next, you need to give this new user administrator access. Scroll down to the wp_usermeta entry and click on Insert. Fill in these fields as follows:

  • unmeta_id: Leave this blank.
  • user_id: The ID number of the new user (from above).
  • meta_key: Enter “wp_capabilities”.
  • meta_value: Type in “a:1:{s:13:”administrator”;b:1;}”.

When you’re done, click on Go. Now repeat the above process, but with the following values:

  • unmeta_id: Leave this blank.
  • user_id: The ID number of the new user (from above).
  • meta_key: Type in “wp_user_level”.
  • meta_value: Set this to “10”.

Once again, you can select Go. You’ve now successfully given the new user administrator rights. You can use this user to log in and have full access to your site and WordPress dashboard.

If you’re not comfortable with phpMyAdmin, or you just prefer the command line, you can also use WP-CLI to create your new user. To create a new user with administrator privileges, access your site via SSH, navigate to the WordPress directory, and enter the following code:

wp user create newusername admin@example.com --role=administrator

Replace “admin@example.com” with the desired username and domain of your site.

Related Article
WordPress Installation Tutorial — Learn How to Set up the CMS
Read More

4. Disable Your Security Plugins

Many security plugins, such as Sucuri Security, limit the number of failed login attempts. When the limit is reached, no further attempts can be made.

This functionality is handy since it prevents hackers or malicious users from brute-forcing their way into your site. However, if it’s triggered, it can also prevent you from getting into your site.

To regain access, you’ll need to disable your security plugin temporarily. To do this without access to your dashboard, you can use SFTP. You can follow the instructions from Step 1 above — the procedure is identical.

Once you have access, you’ll want to re-enable the plugin and remove yourself from any blacklists (if your plugin provides this feature). Then you can log in normally.

Ad background image

Hacked Site? We'll Fix It Fast

With our Hacked Site Repair service, we'll remove any malicious code and restore your website so it's back up and running fast.

Learn More

5. Troubleshoot the White Screen of Death (WSoD)

“White Screen of Death” is a phrase used in the WordPress community to describe a blank white screen you may see when trying to access your site. There are several potential causes for a WSoD. Generally, it’s either a rogue plugin or a lack of PHP memory on your site. We’ll walk through troubleshooting each scenario.

Disable All WordPress Plugins

First, you should check to see if a plugin is the culprit. To do this, you’ll need to disable all of your plugins. If this grants access to your site, you can then turn them back on one at a time until you’ve isolated the specific plugin causing the issue.

To disable all plugins without access to your WordPress dashboard, you’ll need to use SFTP. Again, you can follow the instructions in Step 1.

However, instead of renaming the folder for a particular plugin, you’ll want to rename the entire plugins folder. This disables all of them. Then you can refresh your page and see if you can log in. If not, proceed to the next step.

If disabling all plugins does resolve the issue, open up your site in SFTP again and restore the plugins folder to its original name (don’t log out of the WordPress dashboard while you do this). They should appear in the normal plugins list now, located at Plugins > Installed Plugins in the dashboard.

Next, disable the plugins from within the dashboard by selecting all of them and choosing Deactivate from the Bulk actions menu.

Deactivating all plugins in the WordPress dashboard.

Now, you can go back down the list and enable each plugin one at a time. After each one, refresh your site and check to see if the WSoD returns. If it does, you’ll know which plugin was responsible. At this point, you can check for updates that may resolve the issue, or search for an alternative.

Increase Memory for Your Site

If a plugin wasn’t the problem, the next step is to try increasing the available memory for your website. To start, open up your site in SFTP again and locate the wp-config.php file in the root directory.

The wp-config.php file in SFTP.

You’ll need to edit that file. If you’re using the DreamHost file manager, you can click on the arrow next to the site name and select Edit. Then add the following line of code to the file:

define('WP_MEMORY_LIMIT', '64M');

Here’s what it looks like in action:

Code added to the wp-config.php file in SFTP.

Click on Save, and then refresh your site to see if it resolved the error. If not, you can try a few more troubleshooting steps in our article on fixing the White Screen of Death. If all else fails, contact your host’s support.

6. Resolve Database Connection Errors

If you see “Error establishing database connection” when you attempt to log in, it indicates that WordPress can’t connect to the MySQL database.

An “Error establishing a database connection” message.

WordPress sites use these databases to store nearly all of the information on your site. Your site can’t load if a connection isn’t established.

The good news is that the causes of this issue are relatively easy to fix. However, since there are multiple options, troubleshooting to find which one applies can be time-consuming. Here, we’ll cover the fix for the most common scenario: a mismatch of login credentials.

The MySQL database has its own set of login data, separate from what’s used for your WordPress site. Troubleshooting involves making sure WordPress has the correct credentials for the database.

The first step is locating those credentials. Using SFTP, open up your site’s wp-config.php file.

The MySQL database details in the wp-config.php file.

Note the database name, username, and password. Now, you can head to your DreamHost Control Panel and navigate to More > MySQL Databases. Scroll down until you find the hostname that corresponds to your site’s domain name.

Check to ensure that the database name matches the wp-config.php file. If it doesn’t, you can update wp-config.php with the correct database name.

Next, look under the Users Access column to verify that the username matches the wp-config.php entry. You can click on this name to find the password. Again, if there is a mismatch, update your wp-config.php file.

Now you can determine whether you’re able to reach your login page. If you still see a database error, you can consult our guide on fixing WordPress database connection errors.

7. Undo Recent Code Changes

If you load your site and see a “Parse error: syntax error” message, it means there is some code entered incorrectly on your site that is preventing WordPress from loading. This most commonly occurs when code is copied and pasted from the internet without double-checking it. Technically, more recent WordPress versions should automatically prevent this from happening, but if your site runs on an older version, you may still see this error.

Fixing it is simple — you can simply undo the most recent change you made to your site’s code before this error appeared. Alternatively, you can also restore a recent working backup. If you still want to use the code, you can check out our complete guide on fixing syntax errors in WordPress.

To prevent the issue from happening in the future, we recommend ensuring that any code you pull from an online source is validated. You can use a tool such as the W3C Markup Validation Service to quickly check any HTML or CSS for errors. It’s also smart to create a fresh backup before changing any code in case something goes wrong.

WordPress Troubleshooting Resources

Say goodbye to the WordPress White Screen of Death! We’ve put together several tutorials to help you troubleshoot every kind of WordPress issue:

If you’re looking for more information on WordPress best practices, click over to our WordPress Tutorials, a collection of guides designed to help you navigate the WP admin dashboard like a pro.

Unlock the WordPress Admin Panel

If you’ve ever been locked out of your WordPress admin dashboard, you know it can be a frustrating experience. There are many potential causes, and since the exact error message can vary depending on the underlying problem, troubleshooting can be a challenge.

In this article, we laid out all the most common causes of this issue, with detailed walkthroughs for fixing each one. You can simply find the presentation you’re seeing when attempting to log in and follow the accompanying steps to regain access.

If you’d rather focus less on troubleshooting and more on creating amazing content, consider switching to DreamPress. Our managed WordPress hosting ensures that your site is always available when you need it.

Jason is DreamHost’s WordPress Product Advocate, based out of Bakersfield, CA. He is currently working on making our DreamPress product even better. In his free time, he likes to curl up on the couch and watch scary movies with his wife Sarah and three very small dogs. Follow him on Twitter.