Locked Out of WordPress? Here‘s How to Regain Access to Your Site in 2024

It‘s a frustrating feeling when you try to log in to your WordPress website only to realize you no longer have access. Perhaps you lost your login credentials, your user role was changed, or a security plugin is blocking you. Whatever the reason, being locked out of your own website is stressful — but don‘t panic. In most cases, you can troubleshoot the issue and regain control of your site.

In this comprehensive guide, we‘ll walk through the most common reasons for being locked out of WordPress and provide step-by-step solutions for each scenario. By the end, you‘ll be equipped with the knowledge to get your site back up and running.

What Does It Mean to Be "Locked Out" of WordPress?

First, let‘s clarify what we mean by being locked out of WordPress. This can refer to a few different situations:

1. Unable to log in: You try entering your username and password on the WordPress login page, but it says the login credentials are incorrect. No matter how many times you try, you can‘t seem to get in.

2. Lost administrator privileges: You can log in to your WordPress dashboard, but you‘re missing key functionality like the ability to install plugins, edit pages, and access settings. It‘s like you‘ve been demoted from an Administrator to a lower user role.

3. Blocked from accessing WordPress entirely: You try to open any part of your WordPress site, both the public-facing pages and the /wp-admin/ dashboard area, but you see an error message or blank white screen.

As you can see, being "locked out" can range from a simple login issue to being completely blocked from interacting with your WordPress site. The troubleshooting steps will differ depending on your specific circumstance.

Top Reasons You Might Get Locked Out of WordPress

What causes that dreaded moment of realizing you no longer have access to your site? Let‘s review some of the most common culprits.

1. Lost or Incorrect Login Credentials

Hands down, the most frequent reason for being locked out of WordPress is simply forgetting your password. If your browser logged you out and you can‘t remember your password to get back in, you‘ll be locked out of the dashboard.

This can also happen if your password was changed without your knowledge. For example, maybe a site administrator changed it and forgot to notify you. Or in a worst-case scenario, a hacker got in and locked you out of your own site.

2. Accidentally Removing Admin Privileges

WordPress uses a system of user roles to control what actions each person can take on the site. The Administrator role has the most capabilities — they can do everything from writing content to installing plugins and editing code.

But sometimes user roles get changed unintentionally. A developer might have temporarily switched your role while working on the site and forgotten to change it back. Or you could have demoted your own account while adding new users.

The result is that you can still log in, but you‘ve lost the ability to fully manage your site. Certain key menu items like Plugins, Tools, and Settings will be hidden, and you‘ll get an error message if you try to access those pages directly.

3. Security Plugins Blocking Access

WordPress security plugins are invaluable for protecting your site against hackers, malware, and spam. But sometimes their firewall and login protection features can get a little overzealous and mistakenly lock out legitimate users (like you).

For example, your security plugin might:

• Limit failed login attempts, then block your IP address after too many tries
• Hide the WordPress login page at a secret URL, which you‘ve forgotten
• Require two-factor authentication, but you lost access to the authentication app

If one of your plugins is behind the lockout, you‘ll need to temporarily deactivate it via FTP or your hosting panel‘s file manager.

4. WordPress Errors Preventing Access

In more severe cases, being "locked out" of WordPress could mean your entire site is down. Instead of the WordPress dashboard or public pages you expect to see, you get an error message like "Error Establishing Database Connection" or a blank white screen (the dreaded "White Screen of Death").

With these, the lockout is a symptom of a deeper underlying issue — not with your login credentials, but with WordPress itself. The error is preventing WordPress from working at all, sometimes only the dashboard (backend) and sometimes the entire site (frontend and backend).

How to Regain Access to WordPress

Now that we‘ve covered why you might be locked out, let‘s get into the solutions. Follow the troubleshooting steps for your situation below.

Disclaimer: Before trying any of these fixes, we strongly recommend making a full backup of your WordPress site files and database. Some of the solutions involve editing core WordPress files, so it‘s vital to have a backup in case anything goes wrong.

Your WordPress host may have a built-in backup tool you can use. If not, ask their support team to make a manual backup for you.

Fix 1: Reset Your WordPress Password

If you can‘t log in because you lost your password, you can reset it via email or manually in the database.

First, try the default password reset feature, which sends a link to the email address associated with your WordPress account:

1. On the WordPress login page, click the "Lost your password?" link.
2. Enter your username or email address, then click "Get New Password."
3. Check your email inbox for a message from WordPress with the subject "[Your Site Name] Password Reset."
4. Click the password reset link in the email, which will take you to a Reset Password page.
5. Enter your new password, click "Reset Password," and you‘re back in.

But what if the password reset email never arrives, or you no longer have access to that email account? In that case, you‘ll need to reset your password in phpMyAdmin:

1. Log in to your WordPress hosting control panel.
2. Open the phpMyAdmin tool.
3. Click on your WordPress database in the left sidebar, then open the wp_users table.
4. Hover over the user you need to reset the password for and click "Edit."
5. In the user_pass row, enter your new password in the "Value" field.
6. In the "Function" dropdown on the far right, select MD5.
7. Click the "Go" button at the bottom to save the new password.

Now you can go back to the WordPress login page and sign in with the new password you just set.

Fix 2: Create a New WordPress Admin User

When you can log in but no longer have admin capabilities, the solution is to create a new WordPress user with the Administrator role. Since you don‘t have permission to do this the normal way via the Dashboard, you‘ll go through phpMyAdmin instead:

1. Log in to phpMyAdmin and open your WordPress database, as described in the previous section.
2. Open the wp_users table and click "Insert" at the top.
3. Fill out the fields for a new user:
   • user_login – The username you‘ll use to log in.
   • user_pass – Choose a strong password and select MD5 in the "Function" dropdown to encrypt it.
   • user_email – Enter your email address.
   • user_url – Your website URL.
4. Scroll down and click "Go" to create the new user.

5. Open the wp_usermeta table and click "Insert" again.
6. For meta_key, put wp_capabilities. For meta_value, put a:1:{s:13:"administrator";b:1;}
7. Click "Go" to give the new user administrator privileges.

You can now log into WordPress using the new administrator account you just created.

Fix 3: Deactivate Security Plugins

If your lockout issue stems from a security plugin, you‘ll need to deactivate the plugin‘s code at the server level since you can‘t access the WordPress dashboard.

To do this, you‘ll use either an FTP client or your hosting panel‘s file manager:

1. Connect to your WordPress site via FTP or open the file manager in your hosting account.
2. Navigate to the /wp-content/plugins/ folder.
3. Find the folder for the security plugin causing issues and rename it by adding "-disabled" to the end (e.g. rename "wp-login-security" to "wp-login-security-disabled").
4. Try logging in to WordPress again. With the plugin disabled, the login page should load and accept your normal credentials.

After you‘ve regained access, you can go to the Plugins page in the WordPress dashboard and properly deactivate or delete the plugin. Make sure to also rename the plugin folder on the server back to its original name.

Fix 4: Resolve the Underlying WordPress Error

Dealing with WordPress errors that crash your whole site is a more advanced troubleshooting process that requires digging into WordPress core files and configurations.

We have in-depth guides on fixing common WordPress errors:

• How to Fix the Error Establishing a Database Connection
• How to Fix the WordPress 500 Internal Server Error
• How to Fix the WordPress White Screen of Death (WSOD)

Generally speaking, you‘ll need to:

1. Back up your WordPress files and database
2. Connect to your server via FTP or hosting file manager
3. Check file permissions
4. Deactivate plugins and switch to a default theme to rule them out as causes
5. Test switching back to the default wp-config.php file
6. Check for code errors or conflicts in your theme or plugins
7. Reach out to your hosting provider for server-level troubleshooting

If you can access your WordPress admin area but are locked out of the frontend of your site, try going to Settings > Permalinks and clicking "Save" to refresh the permalinks and .htaccess file.

Fix 5: Restore a Previous Backup

If all else fails and you‘re still locked out of WordPress, your last resort is to restore your site from a backup.

Assuming your WordPress host makes periodic backups, contact them and request a restore to a date when you know you had full access to your site.

Rolling back to an older version of your site should remove whatever change caused the lockout, but it does come with a major caveat: you‘ll lose all the content and changes made after the backup date.

In other words, if you choose a backup from three months ago, any content or settings changes in the last three months will be overwritten. Restoring from a backup should be saved for when you have no other options to regain WordPress access.

Protect Your Site to Avoid Future Lockouts

Being locked out of your own website is a stressful experience, but with some preparation and best practices you can greatly reduce the risk of it happening.

Some tips to avoid WordPress lockouts:

• Use a password manager to store and fill unique passwords for your WordPress login and hosting account. Never use the same password in multiple places.
• Set up two-factor authentication to protect your login with both a password and a second proof of identity.
• If you use a security plugin, choose settings carefully. Avoid changing the login URL and set a reasonable limit for failed logins to allow for human error.
• Regularly test your WordPress backup solution to ensure you can successfully restore your site if needed.
• When troubleshooting, make a fresh backup before making any changes to your live site.

Hopefully this guide has helped you resolve your WordPress lockout issue. For more WordPress tips and tutorials, check out our resource page and subscribe to our newsletter for the latest guides. As always, leave a comment below with your thoughts or questions!