You're trying to log into your WordPress site and... nothing. Wrong password. Blocked by a security plugin. Endless redirect loop. Whatever the cause, you can't get in.

Being locked out of your own website is stressful. Let's get you back in.

Most Common Cause: Forgotten Password

Let's start with the obvious one. The vast majority of lockouts are simply forgotten passwords. Before trying anything complicated, try the password reset.

Standard Password Reset

  1. Go to your WordPress login page (usually yoursite.com/wp-admin)
  2. Click "Lost your password?"
  3. Enter your username or email address
  4. Check your email for the reset link
  5. Set a new password

If this works, you're done. If it doesn't—email not arriving, link not working, or you don't have access to that email address anymore—keep reading.

Security Plugin Lockouts

Security plugins like Wordfence, iThemes Security, and Sucuri are designed to block suspicious login attempts. After too many failed attempts, they'll lock you out temporarily (or permanently, depending on settings).

Wait It Out

Most security plugin lockouts are temporary—typically 15 minutes to a few hours. If you have time, just wait and try again.

Disable via FTP

If you need access immediately:

  1. Connect to your site via FTP/SFTP
  2. Navigate to /wp-content/plugins/
  3. Find your security plugin's folder (e.g., wordfence or better-wp-security)
  4. Rename it (e.g., wordfence-disabled)
  5. Try logging in again

Once you're in, you can rename the folder back and reconfigure the plugin's lockout settings to be less aggressive.

Password Reset Not Working?

If the password reset email never arrives:

  • Check spam/junk folders—WordPress emails often get filtered
  • Verify your email address—make sure it's the one associated with your account
  • Check if your server sends email—some hosts block outgoing email by default

If email isn't working, you'll need to reset the password manually through the database.

Reset Password via Database

If you have access to phpMyAdmin through your hosting control panel:

  1. Log in to phpMyAdmin
  2. Select your WordPress database
  3. Find the wp_users table (prefix may vary)
  4. Click "Edit" on your user account
  5. In the user_pass field, enter a new password
  6. In the dropdown next to that field, select "MD5"
  7. Save the changes

You can now log in with your new password.

Some Hosts Have Easier Options

Many hosting control panels (cPanel, Plesk) include WordPress management tools that let you reset admin passwords without directly accessing the database. Check if your host offers this—it's often the fastest option.

Redirect Loops

If you're stuck in a login redirect loop—login page keeps redirecting to login page—the issue is usually:

  • Incorrect site URL settings: The WordPress Address and Site Address in settings don't match
  • Cookie problems: Clear your browser cookies and try again
  • Plugin conflicts: A plugin is interfering with login

For URL issues, you may need to manually update the siteurl and home values in your database's wp_options table.

Two-Factor Authentication Issues

If you've enabled two-factor authentication and lost access to your authenticator app:

  • Check if you saved backup codes when setting up 2FA
  • If using an email-based 2FA, check your email
  • If you're completely locked out, you'll need FTP access to disable the 2FA plugin

This is one reason we recommend keeping backup codes in a secure location when setting up two-factor authentication.

The Fastest Fix (If You Have Support)

If you're hosted with a support-focused provider like FatLab, the absolute fastest solution is to open a support ticket. We can reset your password in minutes—no need to navigate to phpMyAdmin or FTP.

This is one of those "small but valuable" benefits of having a support relationship. What might take you 30 frustrated minutes of Googling and troubleshooting takes us about 2 minutes.

When to Call for Help

If you've tried the password reset, can't access FTP or your database, and don't have a support provider, contact your hosting company's support team.

Be prepared to verify that you're the legitimate site owner. They'll want to confirm your identity before resetting access.

Prevention

  • Use a password manager: No forgotten passwords, no lockouts
  • Save 2FA backup codes: Store them securely when you set up two-factor authentication
  • Know your hosting credentials: FTP access and database access can save you when locked out
  • Have a support relationship: Someone who can reset your password quickly when needed
  • Configure security plugins carefully: Lockout settings that are too aggressive create problems

Locked out and need help? Contact our support team—we can get you back in quickly.

This article is part of our WordPress Troubleshooting guide—a complete resource for diagnosing and fixing common WordPress errors.