It’s a nightmare not being able to login to your WordPress site. If your site is on one of the best web hosting services, you can reach out to their customer service. You’re sure you have the right password, you even tried resetting the password, but nothing works. You’re locked out of your site. Thankfully there are fast methods of regaining access by modifying a few database records or a few files via FTP. As long as you have some access to the underlying server resources, you’ll be back in WP admin in no time.
This guide will help you in the following situations:
- reset password option does not work
- reset password works but you’re not getting the email (for whatever reason)
- you know the username & password but it just doesn’t work
- you’ve messed up the account’s priviledges
- users or usermeta database table is corrupted or acccidentlay modified/deleted
- a plugin/theme has messed something up login related
For the methods in this guide to work you need just one of the following things:
- FTP access to the server, or
- cPanel access to the server, or
- access to the MySQL database
Help! I can’t log in!
There is an unlimited number of reasons why you can’t log in. Wrong username or password is the simplest explanation, but I don’t recommend relying on that premise. Especially if you know you messed around with WordPress and the login does not work as a result of that. The first step to fixing the problem – disable the theme and all plugins. For that, we don’t need admin access, and the action won’t “destroy” anything. It’s completely reversible.
This can be done in a couple of ways, using FTP, MySQL, or using the Emergency Recovery Script that comes with the WP Reset plugin. And since the last one is the easiest solution, we will cover that first.
WP Reset is an amazing tool intended to make your resetting, debugging, and testing tasks easier. It comes with a ton of features including, multiple resetting options, and of course, the Emergency Recovery Script.
Using the Emergency Recovery Script, you will be able to deactivate your plugins (one by one or in bulk) and theme without accessing the WordPress admin dashboard.
Not only that, but you will also be to create a new administrator account, update the WordPress and site URL, reset user privileges and roles, and rescan or reinstall core files all from outside WordPress admin. Genuinely impressive!
Now, onto the other methods.
If you have FTP access rename /wp-content/plugins/ and /wp-content/themes/ folders. Any new name will do; just add an “x” in front of the name.
If you have MySQL access open the options table (the table will have a prefix, ie wp_options) and find rows that have the option_name column set to active_plugins and current_theme. Either delete the two rows or change their option_name values so you can easily revert things later. WP will fall back to the default theme (Twenty Seventeen for versions prior to v5) if it’s available in the default location.
Go back to wp-login.php
, refresh the page and try to log in. Still not working? Read on.
Take a minute to figure out the simplest approach
If you didn’t mess at all with WordPress or your account and you’re quite confident the issue is just with the wrong username or password then take the MySQL route. Changing the password in the database is all it takes to regain access.
If you don’t have an account at all or you have reasons to believe you messed it up, then the FTP approach works better as we’ll need to create a new account. A positive result is achievable both with just FTP or just MySQL access so don’t be alarmed if you only have one available.
If you have access to WP-CLI for your site there’s no need to mess with files or databases. The wp user
command will give you more than enough tools to fix an account or create a new one.
Loggin in without a username or password – The MySQL way
For a WP account to work, a few things have to be properly aligned. WP looks up the username and the hashed password in the users table and if it finds one row it’ll continue to search for additional rows in the usermeta table. It needs them to figure out your account privileges. If any of the things mentioned above fail you won’t be able to log in or you will but not with the right privileges. Due to WordPress’es filters and actions, any number of plugins and themes can alter this process and make debugging much harder. That’s why I already advised disabling them all.
I’ll also mention the possibility of running a customized WP DB class via a drop-in. A bug in that can also be the culprit. To make sure you’re not running any drop-ins rename the /wp-content/mu-plugins/ folder. If you can’t find that folder – great! It means you don’t have any drop-ins active.
phpMyAdmin is a decent tool for changing or adding a few rows in WP’s database. Most people access it through cPanel as it comes preinstalled and you don’t have to enter the credentials again. As a reminder, cPanel is available on https://yoursite.com:2083. If that’s not available to you, but you do have the database username, password and the ability to connect to it from a remote host then I suggest installing the free HeidiSQL app and connect using those details. The username and password saved in wp-config.php
certainly work if your WP works, but can rarely be used to connect to MySQL from a remote host due to security restrictions. How things are set up depends on the server, and it’s impossible to give general advice.
Modifying a few database rows
Find your account in the users table. Again – the table always has a prefix. By default it’s wp_users, but it can be anything; ie: site765_users. Assuming just the password is wrong edit the user_pass column and enter a new hashed password (only use MD5). Hash for password “123456” is e10adc3949ba59abbe56e057f20f883e
but I’d highly recommend using a more decent password and generating a hash for it. Save the row and try to login. No luck? Let’s check the priviledges.
Note down your account id – visible in the users table, under id column. Then find all rows in usermeta table that have that id value for the user_id column (key). You can expect to find 10+ rows but the ones that we need are those with wpc_capabilities and wpc_user_level values in meta_key columns. Set the first one to a:1:{s:13:"administrator";b:1;}
and the second one to 10
. Save, try loggin in. Still no luck? In that case I suggest creating a new admin account which is easier to do via FTP.
In case FTP is not available to you, mimic data from the account you already have to create a new one. Make sure it has a unique username and email address and that you create the two records in the usermeta table mentioned above. That’s all it takes to create an account directly in the database.
Loggin in without a username or password – The FTP way
First and crucial step in this method is finding the active theme’s functions.php
file. If you renamed the /wp-content/themes/ folder rename it back and leave just the Twenty Seventeen theme in it. Any other theme will do too, but make sure it doesn’t have any custom login functionality that can cause bugs.
After locating the functions.php
file test to make sure you have the right one. Trust me on this one – I’ve lost hours editing the wrong file. Add die('It works!');
as the first PHP line of the file; save and refresh the site. If nothing changes, you have the wrong file. Undo the change and find the right one. Once you have it add this code to the beginning of the file;
// modify these two lines $user_email = 'myemail@domain.com'; $user_password = '123456'; if ( !username_exists( $user_email ) ) { $user_id = wp_create_user( $user_email, $user_password, $user_email ); wp_update_user( array( 'ID' => $user_id, 'nickname' => $user_email ) ); $user = new WP_User( $user_id ); $user->set_role( 'administrator' ); wp_die( 'Success!' ); } else { wp_die( 'Username already exists.' ); }
Modify the first two lines of the code, save the file and reload the site. “Success!” should appear on the screen and you can then proceed to log in with the new username and password; the ones you set in the first two lines of the code. Don’t forget to remove the code from functions.php
once you’re done.
Other methods of regaining access to WordPress
If you have FTP, MySQL or cPanel access the methods above will get you logged in. If not, make sure you leave a comment below. I’d be curious to hear what’s preventing you from logging in.
A common “small thing” that causes problems for some people is not opening wp-login.php
on the right URL. Either using “www” when it’s not set as the site address or vice-versa. Or not using the right protocol – HTTPS instead of HTTP and vice-versa. While the page might load that does not mean you’re on the right URL so double check it.
If you came here to learn how to hack into someones WordPress sorry, not that kind of article. By having FTP or MySQL access, I assume you’re a legitimate owner and won’t use the described methods for evil purposes.
I tried the FTP approach and the word “Success” came up on the screen, but there was no option to login to wordpress, and when I went to the url http://www.aacc-houston.org/wp-admin it just took me to the same “:Success” page.
The MySQL method did not work either as I was not able to access the passwords. When I click “edit” next to the user, it just gives me an SQL Query code.
#1142 – UPDATE command denied to user ‘aacc’@’10.30.72.4’ for table ‘wp_options’
This is very frustrating, as none of the methods work and I am locked out of my wordpress account. I did not change anything either, it just locked me out one day for no reason, and the reset password option does not work as it says “Could not save password reset key to database.” I have deleted large files to add space but that did not work either.
Hi Amy,
After you got the “Success” message it means that the new user account was created and you should remove that code from functions.php and proceed to log in to WP with the new acc. Let me know if it works.
Same here “Success” message.
Remove that code from functions.php
After logging in got just message “Success”, but not logged
I use Avada theme and can’t change to twentyseventeen, as when I rename Avada(or remove) folder then got a blank page, somehow twentyseventeen is not installed, even I upload it to SFTP theme folder. Thx
If you’re still getting “success” after removing the code from
functions.php
then the cache is messing with you. Because, if you removed the code, how would it be echoing “success” 🙂The FTP method is brilliant. Had no idea we could do that, thank you so much!
Hi Gordan, thanks for all these tip. I am running on a similar issue as yours:
[…] Trust me on this one – I’ve lost hours editing the wrong file. […]
Basically, when I log in via FTP, I see a certain folder and files structure, but when I check the side that does not match. As an example, in the themes folder I don’t see the same theme that I think it’s used in the side (I noticed that by checking the source of the page).
Havin said that, what can I do to regain access to the site?
Thanks.
Hi Christian,
You have to find the right files / WP location. That the first step and everything afterward will be easy. I suggest going up to the root of your web hosting account. Then make your way down slowly and inspect every folder. The files should be in
www
orpublic_html
but there’s also a possibility there’s a separate folder just for your specific domain.Thank you so much bro, that function.php method worked.
Hello,
This post have helped me so much. My website was hacked and i wasn’t able to access the admin panel thanks to this post.
I am not able to login in my wordpress dashboard even after using the above methods.
Can you please help me
Unfortunately, you’ll have to provide a lot more details about what you did and what errors you got in order for us to help you.
Thanks for sharing. Can I use this method to create passwordless login access for new users?
You’re welcome. No, that’s not possible.
Good morning, I have a problem with my worpress site. I have my user who is the only Administrator, but something happened since it does not take me as an Administrator, I cannot add pluignis or update the version of the site. already probe deactivating pluings, and creating new users
You saved me countless hours of re-design work with the FTP method! Thank you so much!!
I was about to give up after my stupid hosting company changed my cpanel accounts to directadmin without my consent, they deleted admin credentials and created database conflicts, it was a mess. I was about to completely delete the WP install and start again from scratch when I found your article, man you’re a real lifesaver. I can’t thank you enough, now I can finally go to get some sleep.
Glad to hear that Sam! 🙂
Well, this is nice information! Thanks for sharing this as it would help many users to know about important information about WordPress. Knowing about this, we are looking forward to implementing things accordingly.
There has been a critical error on your website. Please check your site admin email inbox for instructions.
we have been facing this issue, is there any way to solve this issue. I tried your method.
Hi,
If you’re using WP Reset, you can quickly create a new admin user via the Emergency Recovery Script & log in.
https://docs.wpreset.com/article/67-create-admin-account
Hi there, i added the code to the functions.php code, but i get a fatal error;
Fatal error: Uncaught Error: Call to undefined function username_exists() in /homepages/46/d436196330/htdocs/davidbean/wp-includes/functions.php:6 Stack trace: #0 /homepages/46/d436196330/htdocs/davidbean/wp-settings.php(111): require() #1 /homepages/46/d436196330/htdocs/davidbean/wp-config.php(91): require_once(‘/homepages/46/d…’) #2 /homepages/46/d436196330/htdocs/davidbean/wp-load.php(37): require_once(‘/homepages/46/d…’) #3 /homepages/46/d436196330/htdocs/davidbean/wp-admin/admin.php(34): require_once(‘/homepages/46/d…’) #4 /homepages/46/d436196330/htdocs/davidbean/wp-admin/index.php(10): require_once(‘/homepages/46/d…’) #5 {main} thrown in /homepages/46/d436196330/htdocs/davidbean/wp-includes/functions.php on line 6
There has been a critical error on your website. Please check your site admin email inbox for instructions.
Learn more about debugging in WordPress.
if ( !username_exists( $user_email ) ) {
$user_id = wp_create_user( $user_email, $user_password, $user_email );
wp_update_user( array( ‘ID’ => $user_id, ‘nickname’ => $user_email ) );
$user = new WP_User( $user_id );
$user->set_role( ‘administrator’ );
wp_die( ‘Success!’ );
} else {
wp_die( ‘Username already exists.’ );
}
We messed up. We let our SSL expire on our WordPress site. Our site has force SSL plugin. So I cannot access the dashboard. Is there another way you can recommend. Or are you for hire to assist?
We think we just need to disable the Force SSL plugin in order to access the dashboard. But Im not sure.
thanks
David
Yes, disabling that plugin will probably help.
Mysql method worked for me. Many thanks!
FTP method work for me, thanks buy 🙂
I added the FTP code, got the success message. Removed the code, cache was cleared, said username and password were invalid. Any suggestions?
Did you try logging in with the email?
I just wanted to thank you. I used your FTP fix to get back into a site I got locked out of and it worked like a charm. Thank you so much! So helpful.