Locked Out of WordPress Admin? Here's How to Get Back In

You're locked out of WordPress. Maybe you forgot your password, lost access to email, got hacked, or your login page just loops back to itself. Here's how to get back in — no matter the cause.

Password reset works, but I never get the email

Most common issue. Your WordPress site can't send email. Fix:

Reset password via phpMyAdmin 1. Log in to your hosting control panel 2. Open phpMyAdmin 3. Find the wp_users table 4. Edit your admin row 5. In user_pass field, choose MD5 from the function dropdown 6. Enter your new password in the value field 7. Save

You can now log in with the new password.

Reset via FTP (one-time login link)

Add this to your theme's functions.php:

``php add_action('init', function() { $user = get_user_by('login', 'admin'); if ($user) wp_set_password('NewPassword123', $user->ID); }); ``

Upload, visit your site, log in with the new password, then remove that code immediately.

"Too many login attempts"

Security plugins (Wordfence, Limit Login Attempts, etc.) lock out IPs that fail to log in too many times.

• Fix:
• Wait the timeout period (usually 30 minutes)
• Connect via different network/VPN (resets IP detection)
• Via FTP, disable the security plugin by renaming its folder
• Clear the lockout table in the database

Redirect loop on login

You enter credentials, login briefly, then redirect back to login. Usually a cookie or site URL issue.

• Fix:
• Clear all browser cookies for the site
• Check wp_options in database — siteurl and home should match your actual URL
• Check wp-config.php doesn't have conflicting WP_HOME definitions

"Error establishing database connection"

• Not a login issue per se, but looks like one. Check:
• Database credentials in wp-config.php
• Database server is running (ask your host)
• Database isn't out of space or max connections

Admin dashboard loads but you're kicked out

User role corruption. Common after plugin conflicts.

1. Fix via phpMyAdmin:
2. Find wp_usermeta table
3. For your user_id, find the row with meta_key wp_capabilities
4. Value should be: a:1:{s:13:"administrator";b:1;}
5. If not, update it

Hacked — admin account locked

• If you were hacked, the attacker may have locked you out. Signs:
• You're suddenly demoted or deleted
• New admin users you don't recognize
• Password reset emails going nowhere

• Fix:
• Recreate your admin user via phpMyAdmin (insert into wp_users and wp_usermeta)
• Delete any suspicious admin users
• Change all passwords (WP, FTP, hosting, database)
• Scan for malware

2FA broken

• Lost access to your 2FA app/codes? Via FTP:
• Disable the 2FA plugin (rename folder)
• Log in with password
• Reconfigure 2FA
• Save backup codes somewhere this time

Prevention

• Save backup passwords in a password manager
• Set up 2FA with backup codes printed somewhere
• Use a dedicated admin email separate from the site
• Create a second admin account for emergencies
• Install a good security plugin and keep it updated

Need help?

If you're locked out and none of these work — especially if you suspect a hack — send me a message. I can usually restore access within an hour.