Nothing is more frustrating than being locked out of your own WordPress website. Login issues can appear suddenly — after a plugin update, a failed migration, or simply because a session expired at the wrong moment. Almost every WordPress login problem has a clear fix, and you do not need FTP access or a developer to sort them out.
The most common issues are wrong or forgotten passwords, redirect loops that send you in circles, and accounts locked out after too many failed attempts. Each one has a specific resolution.
Before you start, clear your browser cache and try incognito mode. Many apparent login problems are caused by cached redirects or stale cookies, and a clean session fixes them instantly. If you are setting up a new site and want to get the fundamentals right from the start, the step-by-step guide to building a WordPress website covers the full process including what to configure at launch.
Quick Answer
To fix a WordPress login issue, start with the Lost your password? link on the login page. If you are caught in a redirect loop, check that your WordPress Address and Site Address in Settings > General are identical. If you are locked out entirely, rename the plugins folder via FTP to deactivate all plugins at once, or use phpMyAdmin to reset your password directly in the database.
Why WordPress Login Problems Happen
Most login issues have one of four causes. A plugin conflict is the most common — security plugins, caching plugins, and custom login redirect plugins can interfere with authentication, especially after an update. If a plugin is responsible, the process for troubleshooting WordPress plugin conflicts will help you isolate which one systematically. A corrupted .htaccess file can block the login page entirely. A URL mismatch creates the redirect loop. And database issues can prevent WordPress from validating credentials even when the password is correct.
How to Reset Your WordPress Password
The simplest starting point is a standard password reset. WordPress documentation on resetting your password covers all the built-in options, but the core process is straightforward.
- Go to your login page and click Lost your password?
- Enter your email address and click Get New Password
- Check your inbox — if the email does not arrive within a few minutes, check spam
- Click the reset link, set a new password, and log in
If no reset email arrives, your site has an email delivery problem. In that case, reset the password directly via phpMyAdmin.
- Log into your hosting control panel and open phpMyAdmin
- Select your WordPress database
- Open the wp_users table
- Find your user row and click Edit
- In the user_pass field, select MD5 from the function dropdown and enter your new password
- Click Go to save
How to Fix the WordPress Login Redirect Loop
A redirect loop occurs when clicking Log In refreshes the login page without logging you in. This is almost always a URL mismatch or a cookie problem.
Step 1 — Clear cookies and cache. Open an incognito window and try logging in. If that works, the issue is a cached redirect. Clear browser cookies and your site cache through your caching plugin.
Step 2 — Check URL settings. Go to Settings > General and confirm the WordPress Address and Site Address both use the same protocol (http or https) and the same domain format (with or without www). A mismatch — even a trailing slash difference — causes infinite redirects.
Step 3 — Override via wp-config.php. If you cannot access the admin panel at all, add these two lines to wp-config.php above the line that reads “That’s all, stop editing!”:
define('WP_HOME', 'https://yourdomain.com');
define('WP_SITEURL', 'https://yourdomain.com');
Replace with your actual domain. This overrides the database values and is often the fastest route back in. Remove these lines once you have corrected the URLs through Settings > General.
How to Recover a Locked-Out Admin Account
If a security plugin has blocked your IP or suspended your account after too many failed attempts, you need to reach the database directly. To prevent this happening again, limiting login attempts in WordPress lets you set a safe threshold that stops bots without catching legitimate users.
Deactivate plugins via FTP — fastest method:
- Connect to your site via FTP or your hosting file manager
- Navigate to wp-content/plugins/
- Rename the entire plugins folder to plugins-disabled
- WordPress automatically deactivates all plugins, which usually restores login access immediately
- Log in, identify the offending plugin, rename the folder back, and reactivate plugins one at a time
Create a new admin account via phpMyAdmin:
- Open phpMyAdmin and navigate to the wp_users table
- Insert a new row — set user_login, user_pass (MD5-hashed), and user_email
- Note the ID assigned to the new row
- Open the wp_usermeta table and add two rows for that user ID: wp_capabilities with value
a:1:{s:13:"administrator";b:1;}and wp_user_level with value10
Reduce the Risk of Future Lockouts
Once you are back in, take a few minutes to make recovery easier if it ever happens again. Changing your WordPress login URL removes the default path from the predictable addresses that bots target. Also confirm your admin email address is current — a stale address turns a simple password reset into a database recovery job.
Common Mistakes
Leaving wp-config.php overrides in place. The hardcoded WP_HOME and WP_SITEURL lines are useful for getting back in, but they override any URL changes you make through the dashboard. Remove them once you have updated the settings properly.
Deleting the admin account instead of resetting it. Deleting your primary admin account orphans all posts assigned to that user. Always reset the password rather than deleting the account.
Skipping the browser cache check. Cached redirects cause the majority of apparent login loops. Test in incognito mode before assuming the issue is server-side — it frequently saves 20 minutes of unnecessary work.
Conclusion
Most WordPress login issues come down to three things: a wrong or expired password, a URL or cookie mismatch causing a redirect loop, or a plugin blocking access. Work through each in order and you will almost always resolve it without outside help. Having your FTP credentials saved and phpMyAdmin access bookmarked means even a complete admin lockout is never more than a few steps away from being sorted.

Etienne Basson works with website systems, SEO-driven site architecture, and technical implementation. He writes practical guides on building, structuring, and optimizing websites for long-term growth.