Locked out of your WordPress website?[ 6 min read ]

So, for some reason you’ve managed to lock yourself out of your own WordPress website – hey, we’ve all done it but don’t worry, the following is how you get back in!

It’s a common issue, especially with the need for increased security plugins on WordPress websites, so these steps are for both beginners and those with a bit more technical knowledge.

Could you have typed it wrong? Did you change it recently and forget? Could you have put a space at the end – it’s instinctive to put a space at the end of a word when typing quickly and we just don’t notice.

If you’re sure both your username and password are definitely correct, move onto number 2.

Hint: Save your username and password in a password vault like lastpass.com to keep them safe.

WordPress comes with a tool to help you change your password, if you do forget or lose it.

Simply click the forgotten password link on your login screen, and follow the wizard. Either your username or your registered email address can be used.
You will then be emailed a link to change your password.

Hint: remember to make sure your password is complex so it can’t be hacked. Learn why here

Some security plugins have the option to have an unlock button for users who have accidentally locked themselves out. This triggers an email to your registered email address to help you get back in.

If you have another administrator registered on your website, ask them to login for you and either change your password, or see if the security software has locked out your computer’s IP address. Usually locked out IPs are shown on the security plugin’s dashboard.

If your computer’s IP address is blocked but you don’t have another administrator on your website, then you could try logging in from a completely different location.

Your device will have been connecting to the internet with an IP address which may have been blocked as spam by the website. So simply connect your device to another router, or use your phone’s data to connect to the internet instead, and then try logging in (remembering to use your correct login information or you’ll just get blocked again).

Once you’re in, you’ll be able to unlock your other IP address via the security plugin’s dashboard.

There are two methods available to get in via the server, one is using the files and one is using the database.

The easier option is the files but for either option, you’ll need access to your server/hosting where your WordPress installation is held.

Via the files (if using a security plugin)

When you’ve gained access to your control panel either look for a File Manager (if you have one), or find out how to use FTP to connect to the files.

Either using the File manager or FTP, navigate to the folder wp-content->plugins and find the folder for the security plugin that your website uses. Rename the folder by adding OLD to the beginning or the end of the existing name (don’t change the name completely so you can change it back later with ease).

Now navigate to the login page on your website (which may now have defaulted to the in-built login url of yourwebsite.com/wp-login.php), you should now be able to login.

Important: Once in, before you navigate to anywhere else in the dashboard, go back and rename the folder by removing the word OLD.

Via the database

Hopefully you won’t ever get to this stage as this option will require that you a. Know a bit about WordPress databases and b. Know what your security plugin is called and which database tables belong to it.

As there are far too many security plugin variants to list the instructions here, once you know the name of your security software, simply google ‘nameofsoftware unlocking IP via database’ or ‘nameofsoftware unblock IP via database’ to see if there are any specific instructions to help you.

And, be very careful to follow the instructions exactly so as not to cause any other issues by deleting the wrong thing.

Or, if you don’t have a security plugin and want to change the password of your user via the database, find the wp_users table and then your user. When in, edit your user and change your password – you can use this tool to generate a hashed password. Passwords are not stored in plain text in the database, they’re encrypted or ‘hashed’ so you’ll need to convert the password you want to use into a hashed password before changing it in the database.

Hint: your tables me not start with the standard wp_ so your user table may be something else before the ‘user’ part.

If you’re not sure about the last step, or in fact you need help at any point, then contact a web developer to help you.

Fill in our form below to get help from us here at The Smart Bear.