How to get back into your website when you’re locked out

Locked out of your WordPress website?[ 6 min read ]

How to get back into your WordPress website when you’re locked out

So, for some reason you’ve managed to lock yourself out of your own WordPress website – hey, we’ve all done it but don’t worry, the following is how you get back in!

It’s a common issue, especially with the need for increased security plugins on WordPress websites, so these steps are for both beginners and those with a bit more technical knowledge.

1. First check your username and password – is that why you’re locked out?

Could you have typed it wrong? Did you change it recently and forget? Could you have put a space at the end – it’s instinctive to put a space at the end of a word when typing quickly and we just don’t notice.

If you’re sure both your username and password are definitely correct, move onto number 2.

Hint: Save your username and password in a password vault like to keep them safe.

2. Try the forgotten password link on your login screen

WordPress comes with a tool to help you change your password, if you do forget or lose it.

Simply click the forgotten password link on your login screen, and follow the wizard. Either your username or your registered email address can be used.
You will then be emailed a link to change your password.

Hint: remember to make sure your password is complex so it can’t be hacked. Learn why here

forgotten password

3. Does your login screen have an unlock button?

Some security plugins have the option to have an unlock button for users who have accidentally locked themselves out. This triggers an email to your registered email address to help you get back in.

unlock button

4. Is someone else an admin on your website?

If you have another administrator registered on your website, ask them to login for you and either change your password, or see if the security software has locked out your computer’s IP address. Usually locked out IPs are shown on the security plugin’s dashboard.

ithemes block
all in one security block
wordfence block

5. Try logging in from another location

If your computer’s IP address is blocked but you don’t have another administrator on your website, then you could try logging in from a completely different location.

Your device will have been connecting to the internet with an IP address which may have been blocked as spam by the website. So simply connect your device to another router, or use your phone’s data to connect to the internet instead, and then try logging in (remembering to use your correct login information or you’ll just get blocked again).

Once you’re in, you’ll be able to unlock your other IP address via the security plugin’s dashboard.

6. Get back in to WordPress via the server

There are two methods available to get in via the server, one is using the files and one is using the database.

The easier option is the files but for either option, you’ll need access to your server/hosting where your WordPress installation is held.

Via the files (if using a security plugin)

When you’ve gained access to your control panel either look for a File Manager (if you have one), or find out how to use FTP to connect to the files.

Either using the File manager or FTP, navigate to the folder wp-content->plugins and find the folder for the security plugin that your website uses. Rename the folder by adding OLD to the beginning or the end of the existing name (don’t change the name completely so you can change it back later with ease).

Now navigate to the login page on your website (which may now have defaulted to the in-built login url of, you should now be able to login.

Important: Once in, before you navigate to anywhere else in the dashboard, go back and rename the folder by removing the word OLD.


Via the database

Hopefully you won’t ever get to this stage as this option will require that you a. Know a bit about WordPress databases and b. Know what your security plugin is called and which database tables belong to it.

As there are far too many security plugin variants to list the instructions here, once you know the name of your security software, simply google ‘nameofsoftware unlocking IP via database’ or ‘nameofsoftware unblock IP via database’ to see if there are any specific instructions to help you.

And, be very careful to follow the instructions exactly so as not to cause any other issues by deleting the wrong thing.

Or, if you don’t have a security plugin and want to change the password of your user via the database, find the wp_users table and then your user. When in, edit your user and change your password – you can use this tool to generate a hashed password. Passwords are not stored in plain text in the database, they’re encrypted or ‘hashed’ so you’ll need to convert the password you want to use into a hashed password before changing it in the database.

Hint: your tables me not start with the standard wp_ so your user table may be something else before the ‘user’ part.

If you’re not sure about the last step, or in fact you need help at any point, then contact a web developer to help you.

Fill in our form below to get help from us here at The Smart Bear.




Suzi Smart Bear

I'm Suzi - the owner of The Smart Bear.

Skip to content