Locked out of WordPress? There is always a way back in. The method depends on what is actually failing – a forgotten password is different from a redirect loop which is different from a hidden login URL. Find your symptom below and go directly to that fix. None of these require restoring from backup.
Problem 1: Forgot WordPress Password
Click “Lost your password?” on wp-login.php. Enter your username or email and WordPress sends a reset link. If the reset email does not arrive: check spam, verify your WordPress email is configured correctly, and ensure WordPress can send email (many shared hosts block PHP mail – install FluentSMTP to fix this long-term).
If email is completely broken, reset the password directly in the database via phpMyAdmin:
- Log into phpMyAdmin through your hosting control panel
- Open your WordPress database -> wp_users table
- Find your user row and click Edit
- In the user_pass field, change the Function to MD5 and enter your new password
- Click Go to save
Alternatively, add this to your active theme’s functions.php temporarily, load any page to execute it, then immediately remove it:
wp_set_password( 'your_new_password', 1 ); // 1 is the admin user IDProblem not solved? Describe the issue and get a free estimate.
Problem 2: Login Page Redirects Back to Itself
An infinite redirect loop on the login page is usually a cookie or URL configuration problem. Check these in order:
WordPress URL mismatch: Go to phpMyAdmin -> wp_options table. Find the rows named “siteurl” and “home”. Their values must exactly match your actual site URL including protocol (https:// vs http://). If they say http:// but your site redirects to https://, the login cookies are set for the wrong domain and the redirect loops. Update both values to match your actual URL.
Cookies blocked: Clear all browser cookies for your domain and try logging in. If it works after clearing cookies, a corrupted cookie was causing the loop.
Security plugin redirect: Some security plugins hide or redirect the login page. If you recently installed a security plugin like WPS Hide Login, access the original login URL and also check if the plugin set a custom login URL in its settings (accessible via wp-admin if you can reach it some other way).
Problem 3: wp-login.php Returns a 404
If wp-login.php returns a 404 error, the page is either hidden by a security plugin or your .htaccess file is corrupted. First, check if you installed a “hide login URL” security plugin – if so, use the custom URL it set. If not, your .htaccess may be broken. Replace it with the default WordPress .htaccess:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPressUpload this to your web root via FTP, overwriting the existing .htaccess. Then visit wp-login.php again.
Problem 4: “Error Establishing a Database Connection” on Login
This error means WordPress cannot connect to the MySQL database. Check wp-config.php: the DB_NAME, DB_USER, DB_PASSWORD, and DB_HOST must match your actual database credentials. These sometimes change when a host migrates servers or when a database password is reset. Get the correct credentials from your hosting control panel and update wp-config.php.
Problem 5: Create a New Admin User via phpMyAdmin
If all else fails, create a new admin user directly in the database:
-- Insert new user
INSERT INTO wp_users (user_login, user_pass, user_nicename, user_email, user_status)
VALUES ('newadmin', MD5('your_password'), 'New Admin', 'admin@yoursite.com', '0');
-- Get the new user's ID
SELECT ID FROM wp_users WHERE user_login = 'newadmin';
-- Add admin capabilities (replace X with the ID from above)
INSERT INTO wp_usermeta (umeta_id, user_id, meta_key, meta_value)
VALUES (NULL, X, 'wp_capabilities', 'a:1:{{s:13:"administrator";b:1;}}');
INSERT INTO wp_usermeta (umeta_id, user_id, meta_key, meta_value)
VALUES (NULL, X, 'wp_user_level', '10');