There are lots of reasons why you may suddenly find yourself unable to login to your WordPress site. It could be due to something as simple as you forgetting your password. Or, perhaps it’s because of web host maintenance, a database issue, a plugin conflict, etc. In this article, I describe the 5 most common problems and what to do to regain access to your site.
1. Forgot Your Password
SOLUTION: reset your password. Go to the login page (usually mywebsite.url/wp-login.php or mywebsite.url/wp-admin.php) and click on the “Lost your password” hyperlink. In the next screen, you’ll be prompted to provide your email address or username. Instructions on how to reset your password will be then be sent to you.
If you are still unable to login, the site administrator can reset your password. Usually they’re able to do this via the site’s user area. In rare instances, the password needs to be reset via the database.
Log into the web host account and go to the phpMyAdmin section. Find the site’s database and back it up (select it, then “Export”). Then do the following:
- Locate the users table and select it.
- Select the correct username and click “Edit“.
- In the user_pass field, change the function to MD5 and insert a new password.
- Save the changes.
There are 2 ways to reset your password when you are already logged in.
- In the left sidebar, go to Users > Your Profile. Scroll down to the Account Management area and click the “Generate Password” button.
- In the administrative toolbar in upper-right corner of your screen, hover over your username and click on “Edit My Profile“. Scroll down to the Account Management area and click the “Generate Password” button.
2. Login Page Doesn’t Exist
SOLUTION: The URL address may have changed due to any of the following reasons:
- SSL certificate was installed: instead of “http:“, type “https:” in the URL address
- Domain name was changed: use the new name
- Security plugin installed: ask the site administrator to provide you with the new login page URL address
3. Cache Settings and Cookies
SOLUTION 1: Sometimes, old data (old password and/or username) is stored in cache and you end up in an endless, frustrating cycle when trying to login. Refreshing the page simply serves up the same cached version of the page, but trying a forced refresh may do the trick. Here are the keyboard shortcuts:
- Windows and Linux browsers: CTRL + F5
- Apple Safari: SHIFT + Reload toolbar button
- Chrome and Firefox for Mac: CMD + SHIFT + R
SOLUTION 2: If the forced refresh doesn’t work (it affects only the single page you are on), clearing the cache and cookies may eliminate the problem. This resets the cache for the entire site. You also may need to quit and relaunch the browser.
Clearing the cache and cookies in Chrome involves clicking on the 3 vertical dots in the upper-right corner of the window. Scroll down to “More Tools > Clear Browsing Data…“. Another way is to click on the Chrome tab at the top of the screen and scroll down to “Clear Browsing Data…“. The key option to select is “Cached Images and Files“.
Each browser will differ slightly in its method for clearing the cache. You can search for your specific browser and follow the instructions. Kinsta has a good article that covers all the major browsers:
4. WordPress Plugin Locked You Out
SOLUTION: By default, WordPress allows unlimited login attempts. Hackers will use various techniques to find the login credentials. Savvy site administrators recognize this default as a vulnerability and install security plugins to limit the number of login attempts. Contact the site administrator to unblock you and reset your password.
If you are a locked out site administrator, you can disable the plugin via ftp or logging into the web host’s cPanel and using their File Manager tool. Go to the wp-content directory and create a new folder named “plugins-disabled“. Open the wp-content/plugins folder, find the security plugin causing the lock-out, and move its folder to the plugins-disabled folder.
Refresh your login screen and attempt login again. Once you’re logged in, move the plugin back to the wp-content/plugins folder. Take the necessary steps to unblock yourself within the plugin’s settings.
If you’re not sure which plugin is the culprit, move all of the plugins to the plugins-disabled folder. You should be able to login now. One by one, move plugins into the wp-content/plugins folder and attempt login. Eventually, you will find the plugin causing the problem.
5. Corrupted Core WordPress File
SOLUTION 1: When you see an internal server error show up at the login screen, one of the core WordPress files may have gotten corrupted. Start with replacing the wp-login.php. First, make a copy of the existing wp-login.php file via ftp or cPanel’s File Manager tool. Download the copied file to your computer. Alternatively, you can rename the file (something like wp-login_date).
Next, download a fresh set of WordPress files at WordPress.org/download. Make sure you get the same version of WordPress currently installed on the site you’re trying to login to: WordPress.org/download/releases. Decompress the downloaded .zip archive.
Find the wp-login.php file and upload it to the same directory where the original file lives. It will overwrite the original file, but that’s OK because you’ve made a copy of it in case you need it. Refresh the login page and attempt to login.
SOLUTION 2: If a fresh wp-login.php file doesn’t solve the problem, try replacing the .htaccess file. Be extra cautious, as there may be multiple .htaccess files! The correct file is in the WordPress directory of your website. Since the file name begins with a period, you may not be able to view it until you find the setting to show hidden files. In Filezilla, for example, you go to Server > Force showing hidden files.
Create a copy of the existing .htaccess file and download it to your computer. Once you are sure you have a copy of it, delete the .htaccess file from your website’s server. As an alternative, you can rename the file (something like .htaccess_date).
Try logging into your WordPress site. If successful, go immediately to Settings > Permalinks. Click Save without making any changes. This generates a new .htaccess file. Test the login once again. If successful, you can return to Settings > Permalinks, select the setting you originally had before login problems (hopefully, you can remember what it was), and Save.
How Can I Change the Typeface in WordPress?
Migration and Cloning Tools for WordPress Sites
Site Migration From WordPress.com to WordPress.org
Why and How You Create WordPress Child Themes
WordPress Pages vs. Posts