How to regain access to WordPress admin

Methods for getting back into your WordPress dashboard when locked out — resetting passwords via email, phpMyAdmin or WP-CLI, creating new admin users, disabling security plugins and fixing URL mismatches.

How to regain access to WordPress admin

Getting locked out of your WordPress admin dashboard is one of the most common issues site owners run into. You try to log in at /wp-admin or /wp-login.php and either you've forgotten the password to the only admin account, the page redirects in a loop due to a site error, or you're blocked entirely by a false positive on a security plugin.

The good news is that WordPress stores everything in a database you can access independently of the dashboard. That means there's almost always a way back in, even if you've lost your only admin account.

Common reasons you can't log in

Before jumping into fixes, it helps to understand what's actually going wrong. Most WordPress lockouts fall into one of these categories:

  • Forgotten or changed password — the most common cause, especially if a site has been idle for a while.
  • Security plugin blocking your IP — many security plugins automatically lock out IP addresses after a number of failed login attempts, or hide the login page behind a custom URL.
  • Deleted or corrupted admin account — if the only administrator user has been removed from the database, there's no account to log in with.
  • Mismatched site URLs — after a domain change or migration, WordPress can get stuck in a redirect loop if the URLs stored in the database don't match the actual domain.
  • Cookies or browser cache — occasionally, stale cookies or a cached redirect prevent the login page from loading at all.

Work through the sections below in order. Start with the simplest fix and move on if it doesn't apply.

Reset your password via email

This is the quickest fix and doesn't require any technical access.

On the WordPress login page, click Lost your password? and enter your username or email address. WordPress sends a reset link to the email on file for that account.

If the email doesn't arrive, check your spam folder. Some hosting environments restrict the PHP mail() function, which prevents WordPress from sending emails entirely. If that's the case, move on to the database method below.

Reset your password in the database

If email isn't working, you can change the password directly in your WordPress database using phpMyAdmin — a database management tool that most hosting providers include in their control panel (usually under cPanel, Plesk or a similar dashboard).

  1. Log in to your hosting control panel and open phpMyAdmin.
  2. Select your WordPress database from the left sidebar. If you're not sure which database belongs to your site, check the DB_NAME value in your wp-config.php file.
  3. Open the wp_users table. Your table prefix may not be wp_ — check wp-config.php for the $table_prefix value if you can't find it.
  4. Find your username and click Edit.
  5. In the user_pass field, select MD5 from the function dropdown and type your new password in the value field.
  6. Click Go to save.

You can now log in with the new password.

If you have SSH access to your server and WP-CLI installed (a command-line tool for managing WordPress), this is simpler:

wp user update your_username --user_pass="your_new_password"

Create a new admin user

If the original admin account has been deleted entirely, you'll need to create a new one. This is more involved but follows the same phpMyAdmin approach.

  1. In phpMyAdmin, insert a new row into wp_users with values for user_login, user_pass (select MD5 from the function dropdown), user_email and the current date for user_registered.
  2. Note the ID of the newly created row.
  3. In the wp_usermeta table, insert two rows using that ID:
    • meta_key: wp_capabilitiesmeta_value: a:1:{s:13:"administrator";b:1;}
    • meta_key: wp_user_levelmeta_value: 10

Remember to use your actual table prefix in place of wp_ if it differs.

With WP-CLI:

wp user create newadmin admin@example.com --role=administrator --user_pass="your_password"

Disable a security plugin blocking access

Security plugins can lock you out after repeated failed login attempts or by hiding the login page behind a custom URL. If you suspect a plugin is the cause, you can deactivate it without needing dashboard access.

Connect to your site via FTP, SFTP or your hosting provider's file manager and navigate to wp-content/plugins/. Find the folder for the security plugin causing the issue and rename it — for example, change plugin-name to plugin-name-disabled. This deactivates the plugin immediately.

Once you're logged back in, rename the folder to its original name and reconfigure the plugin's settings. Check the plugin's lockout or IP whitelist settings so you don't get blocked again.

Clear cookies and browser cache

This is worth trying before anything more involved, especially if the login page won't load at all or keeps redirecting.

Clear your browser cookies for the domain specifically (not just general browsing data), or try logging in from an incognito or private browsing window. If that works, the issue is browser-side rather than server-side.

Fix mismatched site URLs

After a domain change or migration, WordPress can get stuck in a redirect loop if the site URL and home URL stored in the database don't match the domain you're actually visiting. This is a very common issue after moving a site to a new domain or switching between http and https.

Add the following to your wp-config.php file, just above the line that reads /* That's all, stop editing! */:

define('WP_HOME', 'https://example.com');
define('WP_SITEURL', 'https://example.com');

Replace https://example.com with your actual domain. Make sure the protocol matches your setup — use https:// only if you have an active SSL certificate. Once you've logged in and corrected the values under Settings → General, remove these lines from wp-config.php.

Still locked out?

If none of these methods have worked, or you're not comfortable editing your database or site files directly, my emergency WordPress support service can get you back in quickly.

Last reviewed 6 April 2026

Adam Greenough

Written by Adam Greenough

Freelance web developer with over 15 years of experience building and fixing WordPress sites. I work with businesses across the UK on everything from emergency support to full builds.

About me Services Get in touch

Also in WordPress

WordPress site not updating or showing old content How to fix a WordPress site that is not showing recent changes, covering browser cache, page caching plugins, server-side caching, CDN cache and object caching. WordPress critical error and white screen of death How to diagnose and fix the WordPress critical error or white screen of death by enabling debug mode, deactivating plugins, increasing memory, checking custom code and restoring core files. Resolving the WordPress 403 forbidden error Common causes of the 403 forbidden error in WordPress and how to fix them, including file permissions, .htaccess corruption, security plugin lockouts and server-level blocks. Recovering a WordPress site broken by an update What to do when a WordPress core, plugin or theme update breaks your site, including using recovery mode, removing the .maintenance file, disabling plugins and rolling back safely.

Need hands-on help?

I offer emergency WordPress support with a no-fix, no-fee guarantee.

Get Emergency Help Contact Me