Locked Out of WordPress? 10 Easy Ways to Fix This Error

You’re all set to publish a new blog post or update your store, but—bam!—you can’t get in.

Maybe you recently changed your password in a moment of inspiration and now can’t remember it.

Or perhaps you installed a security plugin for extra protection, and now it won’t let you in.

Getting locked out of WordPress can be a real headache, right? Unsurprisingly though, it is one of the most common WordPress login issues.

Imagine setting time aside to handle specific tasks only to end up troubleshooting WordPress login errors. That article you’ve spent days perfecting is now delayed. If you run an online store, you might be unable to update product pages or handle urgent customer queries. You lose readership or miss out on opportunities and sales. For developers and designers, it might halt crucial updates or changes that keep a site fresh and functional. A seemingly small error could make you miss a deadline or put projects on hold.

TL;DR: Getting locked out of WordPress can stop you from doing important work on your site. Fix the common issues like password trouble, plugin errors, and database problems first. Follow it up by using MalCare for extra security with its reliable CAPTCHA and 2FA features.

But you’re not alone; many WordPress users have faced this challenge. And thankfully, there’s usually a way to fix it. In this article, we’ll walk you through the steps to solve the locked out of WordPress issue and ensure you can access your site with ease.

1. Your password doesn’t work

Forgetting your password is one of the most common reasons people get locked out of WordPress. It can happen to anyone, especially when you have so many passwords to remember. But don’t worry; getting back in is usually easy.

The quickest way to reset your password is by using the Forgot your password? link on the WordPress login page. Clicking this link sends a password reset email to the account’s registered email address.

Once you get the email, follow the instructions to create a new password. Make sure you set a strong password, maybe by using a mix of letters, numbers, and symbols. After resetting, you should be able to log in and access your site again.

If you don’t see the email in your inbox, check your spam or junk folder. Sometimes emails end up there by mistake. With this simple reset, most password troubles are solved quickly.

2. Password recovery doesn’t work

Sometimes, the Forgot your password? option doesn’t work. Maybe you didn’t get the reset email, or it’s not working for some reason. If that’s the case, you can still reset your password using phpMyAdmin. This method takes a few more steps, but it’s a reliable way to regain access.

1. First, log in to your hosting account and open the cPanel. Look for the phpMyAdmin tool and open it.

Your web host might have proprietary site management tools instead of cPanel. The steps are pretty much the same. For the sake of this guide, we will show steps from cPanel.

2. Once in phpMyAdmin, find your WordPress database in the list.

If you have multiple sites, each site will appear with a different prefix to its name. Click on it, and you’ll see several tables appear.

3. Locate the users table. It is usually named wp_users or yoursite_users. Click on it to see a list of users.

4. Find your username and click Edit next to it.

5. Look for the user_pass field. This is where your password is stored.

6. Select MD5 from the dropdown menu under Function. MD5 is used to create a hashed version of your password that other users cannot easily decipher.

7. Type your new password in the Value field. Scroll down and click Go to save your changes.

Now, go back to your WordPress login page and try logging in with your new password. This method gets your password reset without needing email confirmation. It’s a handy trick when usual recovery methods fail.

3. You are having trouble with 2FA or CAPTCHA plugins

Two-factor authentication (2FA) and CAPTCHA plugins can add a strong layer of security to your WordPress site. They help protect against unauthorized access. But sometimes, they can also be tricky to deal with and get you locked out of WordPress. This is especially true if you’re having trouble with the 2FA code or solving the CAPTCHA.

First, double-check that you’re entering the 2FA code correctly. If you’re using an app like Google Authenticator, make sure your device’s time is set correctly. For CAPTCHA, ensure you’re solving the image or puzzle right. Sometimes a simple mistake can keep you logged out of WordPress.

If you’re still locked out of WordPress, you might need to deactivate the 2FA or CAPTCHA plugin temporarily. You can do this by accessing your WordPress files through FTP or your hosting control panel. Locate the wp-content folder, then open the plugins folder. Find the folder for the troublesome plugin and rename it. This action will deactivate the plugin.

After renaming the folder, try logging in again. If you can log in successfully, the issue is likely with the plugin. You can explore other security options or reinstall the plugin and reconfigure it.

4. You made too many invalid login attempts

Getting locked out of WordPress after too many invalid login attempts is a common issue. WordPress may do this to protect your site if it suspects it is under a brute-force attack. If it detects many failed tries, it might block you for about 15 minutes. This security feature helps keep your site safe, but it can be frustrating if you’re locked out. Try again after 15 mins and see if you can log in.

You might also have set login limits using a plugin, like Limit Login Attempts Reloaded. These plugins can lock you out after a certain number of wrong tries. They are meant to protect your site, but sometimes they can be too strict and get you locked out of WordPress by mistake.

If you can’t wait for the block to lift, try disabling the limit login plugin temporarily. Access your site’s files using FTP or your hosting control panel. Go to the wp-content folder, then open the plugins folder. Find the plugin for login limits and rename its folder. This action will deactivate it.

When the plugin is deactivated, try logging in again. If you get in, you’ll know the plugin was the issue. Review its settings to make sure they aren’t too restrictive, or consider different security solutions. This way, you can prevent future lockouts while still keeping your site protected.

5. You set an incorrect WordPress URL

Incorrect WordPress URLs can cause issues with accessing your site and get you locked out of WordPress. This problem often happens when the URL settings in your wp-admin and wp-config.php files don’t match. It’s an easy mistake that can happen after moving your site or making changes to your site’s address.

To fix it, start by checking the URLs in your wp-config.php file. You can access this file via an FTP client or through your hosting control panel. Open the file and look for the lines that say define('WP_HOME', 'your-site-url'); and define('WP_SITEURL', 'your-site-url');. Ensure both URLs are correct and match each other.

If editing the wp-config.php file doesn’t solve the issue, you might need to check your WordPress database. Using phpMyAdmin, go to your database and find the wp_options table. Look for the rows named siteurl and home, and make sure the URLs there match your site’s current address.

After making these changes, try accessing your site again. You should now be able to log in without any trouble.

6. You lost your admin privileges

Losing your admin privileges on WordPress can get you locked out of WordPress and become a serious problem. It usually happens for one of two reasons. You might have accidentally removed your own admin rights, or, more worryingly, a hacker might have gained access and changed your user role. This can leave you unable to manage your site as you usually would.

To solve this, you can create a new admin user directly through phpMyAdmin by following these steps:

1. First, log in to your hosting account and open phpMyAdmin from cPanel.

2. Find your site’s WordPress database and look for the wp_users table. Here, you’ll add a new entry for a new user.

3. Click on Copy to create a new row with your desired username and password (use the MD5 function for the password).

4. After saving these changes, go to the wp_usermeta table.

5. Set the new user’s user_id to match the ID in the wp_users table.

6. Under meta_key, add the entries wp_capabilities with the value a:1:{s:13:"administrator";b:1;} and wp_user_level with the value 10.

These steps will create a new admin account, allowing you back into your WordPress dashboard. To prevent future incidents like this, use MalCare for enhanced security. MalCare offers features like robust malware scanning, a smart firewall, and vulnerability protection.

However, being vigilant is as important as having a security plugin on your site. You must watch out for social engineering or phishing attacks. Adopting a strict security regimen together with a robust security plugin like MalCare can help safeguard your site against hackers and unauthorized access.

7. You are facing the White Screen of Death (WSOD)

Encountering the White Screen of Death (WSOD) can be quite alarming. It leaves you locked out of WordPress and your site blank, with no error message to guide you. This issue could stem from several sources, so it’s important to tackle common problems one at a time until you find the culprit.

First, think about any recent changes you’ve made. Did you install a new plugin? If so, try deactivating it. Access your site files through FTP or your hosting control panel and navigate to the wp-content/plugins folder. Rename the plugin’s folder to deactivate it and check if your site returns.

If you got locked out of WordPress after you installed a new theme, consider reverting to a default WordPress theme. You can do this using phpMyAdmin. Go to your site’s database and find the wp_options table. Look for the template and stylesheet rows and change their values to a default theme like twentytwentyone.

You can also try increasing your site’s memory limit to prevent getting locked out of WordPress. Open your wp-config.php file and add the line define('WP_MEMORY_LIMIT', '256M');. This might help if the WSOD is due to resource exhaustion.

Additionally, if your site recently underwent an update and got stuck, it might be in maintenance mode. Check for a .maintenance file in your site’s root directory. Deleting this file can bring your site back to life.

8. You are facing an error in establishing a database connection

An error in establishing a database connection can prevent your site from loading and get you locked out of WordPress. This error typically happens when there’s something wrong with your database or server. It might be due to corrupt data, incorrect field values, or a server issue. Fortunately, there are ways to fix it and get your site back online.

First, check your wp-config.php file for correct database connection details. Ensure the database name, username, and password match those set in your hosting account. If any of these fields are incorrect, your site won’t connect properly and you will get locked out of WordPress.

If that doesn’t work, you can repair your database. This process usually involves doing it through your web hosts’ cPanel or by editing the wp-config.php file. These steps can resolve the database connection error and restore access to your site.

9. You are seeing a Parse Error/Syntax Error

A Parse or Syntax Error often appears after you’ve added new code or modified existing code in essential files like wp-config.php or .htaccess. Even a small mistake can get you locked out of WordPress and cause your whole site to go down.

If you’ve recently edited code, the first step is to revisit the changes. Use FTP or your hosting control panel to access your site files. Open the file you last modified and carefully review the code. Look for missing semicolons, extra brackets, or typos. These small errors can cause big problems.

If you’re not sure where the mistake is, try removing the most recent changes you made to the code. Save the file and check your site. If the error goes away, then the issue was with the code you added or modified.

Once you’ve resolved the issue, take extra care when editing code in the future. Always take backups before making changes and use staging sites to test new code. This will help prevent similar errors from disrupting your site.

10. You are seeing HTTP errors

HTTP errors, such as 400, 404, 405, 502, and 504, indicate that something is off with your site’s configuration. Each of these errors points to different issues, but they generally mean that the server and your site aren’t communicating properly. These errors can be frustrating for both you and your visitors, and can get you locked out of WordPress. Thankfully, there are ways to address them.

For a 400 error, it often involves a bad request, meaning the server could not understand the request due to malformed syntax. A 404 error happens when a page can’t be found, usually because a URL is incorrect or the page has been moved. A 405 error means a method used in an HTTP request is not allowed by the server. Errors like 502 and 504 often relate to server overload or problems with a gateway.

Address these HTTP errors systematically to improve your site’s performance and ensure a smoother experience for your users.

Final thoughts

Getting locked out of WordPress can be frustrating. But the good news is that most problems behind this issue have simple fixes. Whether it’s a forgotten password or a plugin problem, you can follow easy steps to get back in. Understanding what causes these issues is the first step to handling them efficiently.

To prevent future login troubles, use MalCare. It does more than just protect your login through CAPTCHA and 2FA. MalCare offers a powerful malware scanner and cleaner to keep your site safe. Its smart firewall guards against attacks, and vulnerability protection keeps your site secure. So that you can focus on your site and leave your security worries to us.

FAQs

Why am I locked out of my WordPress site?

You might be locked out of your WordPress site for several reasons. It could be a forgotten password, too many failed login attempts, or issues with a plugin like 2FA or CAPTCHA. Sometimes, changing the site URL or losing admin privileges can also lock you out. Check for recent changes you made, and try to use password recovery or other solutions to fix the problem.

How do I regain access to my WordPress site?

To regain access, start by resetting your password through the Forgot your password? option. If that doesn’t work, use phpMyAdmin to reset it. Check if plugins like 2FA or CAPTCHA are causing issues and deactivate them if needed. Also, make sure the site URL is correct and that you still have admin privileges. Addressing these areas can help you get back into your site.

How long does WordPress lock you out for?

WordPress may lock you out for about 15 minutes after too many failed login attempts. This happens because it thinks it’s under a brute-force attack. After the time passes, you can try logging in again. However, if WordPress feels the brute-force attacks are continuing, it will add on 15-minute locks for as long as the attacks last.