Can’t Access WordPress Admin? 12 Ways to Fix Login Issues

Estimated reading time: 17 minutes

If your WordPress admin login is not working, the problem is usually a wrong password, a plugin conflict, a corrupted file, or a browser issue. Your WordPress admin dashboard is accessed by navigating to yourdomain.com/wp-admin. When that URL returns an error, a blank page, or a login form that won’t accept your credentials, one of the 12 fixes below will get you back in.

Every fix in this guide uses tools you already have access to: your web browser, your hosting control panel, an FTP client like FileZilla, or phpMyAdmin (a web-based database management tool available through most hosting control panels). You don’t need coding experience for any of them.

---

---

Before making changes to any files, create a backup of your WordPress site. A recent backup means you can restore a working version if a fix doesn’t go as planned.

Find Your Symptom, Jump to the Fix

Not sure where to start? Match what you’re seeing to the most likely cause:

What you’re seeing	Most likely cause	Fix
Blank white page	Plugin/theme conflict or PHP memory	#8, #3, or #7
“Too many redirects” or login keeps refreshing	Corrupted .htaccess, wrong site URL, or cookies	#9
404 Page Not Found on /wp-admin	Missing wp-login.php or wrong login URL	#10
“Error establishing a database connection”	Wrong database credentials in wp-config.php	#5
“Cookies are blocked” message	Browser cookie settings	#2
“Locked out” or “Too many attempts”	Security plugin	#11
Password rejected	Wrong credentials	#1 or #6
Dashboard loads but menus are missing	Wrong user role	Fix via phpMyAdmin wp_usermeta table
403 Forbidden	IP blocked by host or security plugin	#11, or contact host
PHP error message displayed	Plugin, theme, or corrupted core file	#8 or #10

---

1. Reset Your WordPress Password

The most common reason you can’t login to WordPress is a wrong password. If you manage multiple sites with different credentials, it’s easy to mix them up.

WordPress has a built-in password reset feature on the login page:

1. Go to yourdomain.com/wp-login.php (the WordPress login page file that handles authentication)
2. Click “Lost your password?”
3. Enter your username or the email address tied to your account
4. Check your inbox for a reset link and set a new password

If the reset email never arrives:

Check your spam folder first. If it’s not there, your hosting may be blocking outgoing emails. Ask your host’s support team to confirm that WordPress can send mail from your server.

You can also try entering your username instead of your email (or the other way around). WordPress accepts either one, and sometimes one works when the other doesn’t.

If email-based reset fails entirely, skip to Fix #6 (Reset Password via phpMyAdmin) for a direct database method that bypasses email. WordPress.org also documents additional password reset methods if you need them.

---

2. Clear Browser Cookies and Cache

WordPress uses browser cookies to store your login session. When those cookies become outdated or corrupted, the login page can behave unpredictably. You might see the page refresh after entering your credentials, get a “Cookies are blocked or not supported by your browser” message, or land in a redirect loop.

Clearing cookies and cache takes under a minute and resolves the problem more often than most people expect.

Chrome: Settings → Privacy and Security → Delete browsing data. Select “Cookies and other site data” and “Cached images and files.” Click Delete data.

Firefox: Settings → Privacy & Security → Cookies and Site Data → Clear Data.

Safari: Preferences → Privacy → Manage Website Data → Remove All.

After clearing, close the browser completely and reopen it. Navigate to yourdomain.com/wp-login.php directly.

Still not working? Open an incognito or private browsing window and try logging in there. If the incognito window works, a browser extension or saved cookie is interfering. Disable extensions one at a time to find the culprit.

---

3. Deactivate Plugins via FTP

Conflicting or buggy plugins can prevent you from accessing your WordPress admin. This is one of the most frequent causes of login failures, especially right after a plugin update.

When a plugin conflict occurs, you might see a blank white page, a PHP error message, or a critical error notification. Since you can’t reach the dashboard to deactivate the plugin normally, you’ll need to do it through the file system.

Here’s how to deactivate all plugins at once using FTP:

1. Connect to your server using an FTP client (like FileZilla) or your hosting’s File Manager
2. Navigate to the wp-content/ directory
3. Rename the plugins folder to plugins-disabled
4. Try accessing yourdomain.com/wp-admin

If this fixes the problem, a plugin was the cause. Now identify which one:

1. Rename “plugins-disabled” back to “plugins”
2. Inside the plugins folder, rename each plugin’s subfolder one at a time (add “-off” to the name)
3. After each rename, reload /wp-admin
4. When the problem returns, you’ve found the culprit

Once identified, check if the plugin has an update available, look for an alternative, or contact the developer for support.

FTP is your backdoor. When you can’t access wp-admin, FTP gives you direct access to your WordPress files to troubleshoot. Keep your FTP credentials stored securely so you can connect in an emergency.

---

4. Fix a Corrupted .htaccess File

The .htaccess file is a server configuration file in your WordPress root directory that controls URL routing and access rules. When it gets corrupted, it can block wp-admin access entirely. A corrupted .htaccess file is one of the most common causes of login redirect loops.

Symptoms that point to .htaccess:

• “This page isn’t redirecting properly” or “ERR_TOO_MANY_REDIRECTS” in your browser
• A 404 Page Not Found error when visiting /wp-admin
• The login page loads but keeps sending you back to itself after you enter your credentials

How to fix it:

1. Connect to your site via FTP or your hosting’s File Manager
2. Find the .htaccess file in your root directory (the same folder where wp-config.php is located)
3. Download a copy to your computer as backup
4. Delete the .htaccess file from the server
5. Try accessing /wp-admin

If deleting .htaccess restores access, regenerate a clean version:

1. In your WordPress dashboard, go to Settings → Permalinks
2. Click Save Changes without modifying anything
3. WordPress will generate a new, properly formatted .htaccess file

For a deeper understanding of what this file does and how to edit it safely, see our complete .htaccess guide.

Can’t see the file? The .htaccess file is hidden by default in many file managers. In FileZilla, go to Server → Force showing hidden files before connecting.

---

5. Check WordPress Site URL Settings

WordPress stores your site address in two places: the wp-config.php file (the main WordPress configuration file that stores your database connection details and site URL settings) and the database. If either location contains the wrong URL, wp-admin can break. This typically happens after migrating to a new domain, switching between www and non-www, or moving from HTTP to HTTPS.

The result is usually a redirect loop or a 404 error when trying to reach the login page.

Fix via wp-config.php:

1. Connect via FTP and open wp-config.php

2. Add these two lines above the comment “That’s all, stop editing!”:

define('WP_HOME', 'https://yourdomain.com');
define('WP_SITEURL', 'https://yourdomain.com');

3. Replace the example URL with your actual domain. Include https:// if your site uses SSL.
4. Save the file and try /wp-admin again

Fix via phpMyAdmin (if wp-config.php alone doesn’t work):

1. Log into phpMyAdmin through your hosting control panel

2. Select your WordPress database

3. Open the wp_options table (your table prefix might be different)

4. Find the rows where option_name is “siteurl” and “home”

5. Verify both option_value fields contain your correct, full URL

---

6. Reset Your Password via phpMyAdmin

If the standard “Lost your password?” email method failed (see Fix #1), you can reset your password directly in the WordPress database. phpMyAdmin lets you reset your password without needing email access at all.

1. Log into your hosting control panel (cPanel, Plesk, or your host’s equivalent)
2. Open phpMyAdmin
3. Select your WordPress database from the left sidebar
4. Click the wp_users table (the WordPress database table that stores user credentials)
5. Find your username, tick it’s checkbox and click Edit

6. In the user_pass field, type your new password
7. In the Function dropdown for that field, select MD5
8. Click Go to save

You can now log in with your new password at yourdomain.com/wp-login.php.

Why MD5? WordPress uses MD5 as the initial hashing function when saving passwords through phpMyAdmin. After your first login, WordPress automatically upgrades the hash to a stronger format. This is the correct method for manual database resets.

---

7. Switch to a Default Theme

A WordPress theme can cause login errors if it’s incompatible with the current WordPress version or contains a PHP error in its functions.php file. Theme-related problems often appear right after a theme update or a WordPress core update.

Since you can’t access the dashboard, switch themes through the file system:

1. Connect via FTP or File Manager
2. Navigate to wp-content/themes/
3. Find your active theme’s folder and rename it (e.g., add “-disabled”)
4. WordPress will automatically fall back to a default theme like Twenty Twenty-Five

Try /wp-admin again. If this fixes the problem, the issue was your theme. You can either update it, contact the theme developer, or switch to a theme that’s regularly tested against WordPress core updates, like Inspiro.

---

---

8. Fix the White Screen of Death

The White Screen of Death (WSoD) is a blank white page that appears instead of your site, usually caused by PHP errors, plugin conflicts, or insufficient PHP memory. When WSoD hits the admin area, you can’t access wp-admin at all.

Step 1: Enable debug mode to find the cause.

1. Connect via FTP and open wp-config.php
2. Add these lines before “That’s all, stop editing!”:

define('WP_DEBUG', true);
define('WP_DEBUG_LOG', true);
define('WP_DEBUG_DISPLAY', false);

3. Save the file and try loading /wp-admin again
4. Check wp-content/debug.log for error messages that reveal the source of the problem

Step 2: Fix based on what the log says.

If the error points to a plugin, follow Fix #3 (Deactivate Plugins via FTP).

If the error points to a theme, follow Fix #7 (Switch to a Default Theme).

If you see “Allowed Memory Size Exhausted”, increase the PHP memory limit by adding this line to wp-config.php:

define('WP_MEMORY_LIMIT', '256M');

If your hosting provider enforces a strict server-level memory cap, contact their support and ask them to increase it. Sites that regularly hit memory limits may need a more capable hosting plan. Our hosting comparison guide can help you evaluate options.

For a full walkthrough of WSoD causes and solutions, see our White Screen of Death troubleshooting guide.

---

9. Resolve Login Redirect Loops

A login redirect loop happens when the WordPress login page keeps refreshing or redirecting back to itself after you enter valid credentials. You type your username and password, click Log In, and end up right back at the login form.

This is caused by cookie issues, incorrect site URLs, or a corrupted .htaccess file. Work through these checks in order:

1. Clear cookies and cache (see Fix #2). This is the most common cause of redirect loops.

2. Force cookies in wp-config.php. Open the file via FTP and add this line:

define('COOKIE_DOMAIN', false);

Save and try logging in again.

3. Check your site URLs (see Fix #5). Mismatched WordPress Address and Site Address settings cause redirect loops, especially after SSL or domain changes.

4. Delete .htaccess (see Fix #4). A corrupted .htaccess file is one of the top causes of redirect loops.

5. Check SSL configuration. If your site recently switched to HTTPS but WordPress still has HTTP in its URL settings, the mismatch creates an infinite redirect. Make sure both WP_HOME and WP_SITEURL use https://.

---

10. Restore Missing wp-login.php File

If navigating to yourdomain.com/wp-admin returns a 404 Page Not Found error, the wp-login.php file may be missing or corrupted. This file is the WordPress login page that handles all authentication. Without it, there’s no login form to display.

This can happen during a failed WordPress update, a file transfer error, or if someone accidentally deleted it.

How to restore it:

1. Download a fresh copy of WordPress from wordpress.org
2. Unzip the file on your computer
3. Find wp-login.php in the extracted folder
4. Connect to your site via FTP
5. Upload wp-login.php to your WordPress root directory (the same folder as wp-config.php), overwriting the existing file if present

If multiple core files seem corrupted (you’re seeing errors across both the front end and admin), upload the entire wp-admin/ and wp-includes/ folders from the fresh download. Do NOT overwrite wp-config.php or the wp-content/ folder, as these contain your site’s configuration and content.

For more on maintaining your WordPress files, see our wp-config.php guide. The official WordPress.org documentation also covers login troubleshooting in case you need a second reference.

---

11. Check if a Security Plugin Locked You Out

Security plugins like Wordfence, Sucuri, or iThemes Security protect your site against brute force attacks by limiting login attempts, blocking suspicious IP addresses, and adding verification steps. But these same features can lock you out if you trigger them accidentally.

Signs a security plugin is blocking you:

• A “You have been locked out” or “Too many failed attempts” message
• A CAPTCHA or two-factor authentication prompt you didn’t set up or can’t complete
• A 403 Forbidden error
• Access works from a different network (try mobile data) but not from your usual connection

How to regain access:

1. Connect via FTP or File Manager
2. Navigate to wp-content/plugins/
3. Find the security plugin’s folder (e.g., “wordfence” or “better-wp-security”)
4. Rename the folder (e.g., “wordfence-disabled”)
5. Try yourdomain.com/wp-admin

Once you’re back in, rename the folder to restore the plugin. Then reconfigure it: whitelist your own IP address, set up backup access methods, and make sure you have emergency recovery options in place.

For a broader look at protecting your login page without locking yourself out, see our WordPress login security guide.

---

12. Use WordPress Recovery Mode

WordPress Recovery Mode is a built-in feature (available since WordPress 5.2) that activates automatically when a fatal error occurs. When it detects a crash caused by a plugin or theme, WordPress sends an email to the admin address on file with a special login link.

How to use it:

1. Check the inbox (and spam folder) of the email address associated with your WordPress admin account
2. Look for a message with the subject “Your Site is Experiencing a Technical Issue”
3. Click the recovery link in the email
4. WordPress loads in Recovery Mode, showing you which plugin or theme caused the crash
5. Deactivate the problem component

Recovery Mode lets you fix the issue from the dashboard without needing FTP access. It’s the simplest fix when it’s available.

If the email didn’t arrive, the admin email on your account may be outdated or your host may be blocking outbound mail. In that case, use Fix #3 (Deactivate Plugins via FTP) or Fix #7 (Switch to a Default Theme) instead.

Keep your admin email current. Go to Settings → General after you regain access and verify the Administration Email Address is one you check regularly. Recovery Mode is useless if the email goes to a dead inbox.

---

How to Prevent Future Lockouts

Once you’re back in, spend five minutes on prevention:

Use a password manager. Tools like Bitwarden or 1Password generate and store strong, unique passwords for every site. You won’t forget your WordPress credentials again.

Keep regular backups. Set up automated backups with a plugin like UpdraftPlus or use your hosting provider’s backup tools. A recent backup turns a multi-hour troubleshooting session into a five-minute restore.

Store your FTP credentials. When wp-admin is locked, FTP is your backdoor to fix things. Keep the hostname, username, and password in your password manager.

Bookmark your login URL. If you’ve changed it with a security plugin, bookmark the custom URL and save it outside of your browser (in case you clear your bookmarks with your cache).

Keep your admin email current. WordPress Recovery Mode sends emergency access links to this address. If it’s outdated, you’ll miss them when they matter most.

Test updates on staging first. Most hosting providers offer one-click staging environments. Test plugin, theme, and core updates there before applying them to your live site.

---

FAQ

---

Wrapping Up

Most WordPress admin access problems come down to a handful of causes: wrong credentials, a plugin or theme conflict, a corrupted .htaccess file, or incorrect site URL settings. Start with the simplest fixes (password reset, clear cookies) and work through the list until your wp-admin dashboard loads again.

The three tools that solve almost every lockout are FTP (for file access), phpMyAdmin (for database access), and your hosting control panel (for both). Keep those credentials stored safely and you’ll never be more than a few minutes away from fixing an access problem.

If your current WordPress theme is causing compatibility headaches, consider switching to one that’s built with clean code and tested against every WordPress update. WPZOOM’s premium themes are designed for reliability, so you spend less time troubleshooting and more time creating content. Browse the collection to find one that fits your site.