How to access your WordPress site when locked out

It can be stressful when locked out of WordPress – especially if you do not have access to the login credentials or no longer have access to the email addresses associated with the admin account.

One can get back in into the WordPress web site. It requires that one logs into the web host control panel and resets or creates a new admin account using phpMyAdmin.

cPanel Databases section
cPanel Databases section.

Step by step approach. A video is further down.

1. Check which database the web site uses.

  1. Login to your web host control panel.
  2. Open the File Manager and locate wp-config.php in your WordPress root folder.
  3. Look for this line:
    define(‘DB_NAME’, ‘your_database_name’);
    This tells you which database to open in phyMyAdmin.

2. Reset the password for an existing Admin

  1. In phpMyAdmin. Open the correct database.
  2. Select the wp_users table.
  3. Find your admin account (look under user_login)
  4. Click Edit.
  5. In the users_pass field:
    • Erase the old hash.
    • Enter a new password.
    • Select MD5 from the function dropdown.
  6. Click Save/Go (located on the bottom right.)
  7. You can now login with your username and the new password.
phpmyadmin database wp users
phpmyadmin database wp users

A tip.
Instead of resetting the password in phpMyAdmin one can check out at the login info listed in wp_users table and notice the emails and usernames listed. Then go back to the login screen in WordPress and click forgot password, add the email address or username and reset the password. Here one then uses phpMyAdmin to locate user login information to reset the password through WordPress.

3. Create a new Admin user when you do not have access to any login email.

wp_users (if you are using the default prefix of wp.)
Here one adds user information.

  1. Go to wp_users and click Insert.
    • user_login: login user name.
    • user_pass: Enter a new password and in the Function dropdown column select MD5.
    • user_nicename: nick name.
    • user_email: Add an email address.
    • display_name:
    • Click Save/Go located bottom right.
  2. Reselect the wp_users table and note the user ID for the user you just made as it is needed for the next step.

wp_usermeta
Here one adds user capabilities. Such as role.

Add code to automatically insert or update usermeta information.
It is safer and easier to accomplish.

If you are not sure if you are to use INSERT or UPDATE.

Then add this code into SQL.
Check if wp_usermeta rows exist for a user.
Replace USER_ID with the correct user ID and adjust the wp prefix if another prefix is used.

SELECT * 
FROM wp_usermeta 
WHERE user_id = USER_ID 
  AND meta_key IN ('wp_capabilities', 'wp_user_level');

If updating a user then use UPDATE.
If a new user has just been made use INSERT.

Insert code

Change the NEW_USER_ID to reflect the correct user ID.
If wp is not used as a prefix then this need to be updated to reflect the correct prefix.

INSERT INTO wp_usermeta (user_id, meta_key, meta_value) 
VALUES (NEW_USER_ID, 'wp_capabilities', 'a:1:{s:13:"administrator";b:1;}');

INSERT INTO wp_usermeta (user_id, meta_key, meta_value) 
VALUES (NEW_USER_ID, 'wp_user_level', '10');

Update code

If updating the current information use this:
Change the user_id to reflect the correct user ID.
If wp is not used as a prefix then this need to be updated to reflect the correct prefix.

UPDATE wp_usermeta 
SET meta_value = 'a:1:{s:13:"administrator";b:1;}' 
WHERE user_id = USER_ID AND meta_key = 'wp_capabilities';

UPDATE wp_usermeta 
SET meta_value = '10' 
WHERE user_id = USER_ID AND meta_key = 'wp_user_level';

Before logging in. Do a hard refresh to reset the memory/cache. On a mac: Shift+cmd+R.
Now login to the WordPress web site using the new user information.

Manually add the capabilities and user level.

It is a higher risk of making a mistake. I know I have a few times. Forcing me to go back to add the updated code into SQL.

  1. Open wp_usermeta and click Insert twice.
    • First row
    • user_id: ID from above.
    • meta_key: wp_capabilites
    • meta_value: a:1:{s:13:”administrator”;b:1;}
    • Second row
    • user_id: ID from above.
    • meta_key: wp_user_level
    • meta_value: 10
    • Click Save/Go located bottom right. Two save the first and second row.

You can now login with your new username and password and will have full administrator access.

A tip.
I have noticed that even though I manually add in as I mentioned above that I have had problems logging in as admin.
I will go back into phpMyAdmin and click SQL and clear what I see there and then paste in the code and click Go to save.

4. After regaining access

  • Change your password again in the WordPress dashboard.
  • Update your email if needed.
  • Remove unused admin accounts to improve security.
  • Install if you do not have one a security plugin. Check out my Security tutorial.

Even if you are locked out of WordPress and do not have the login info, you can always recover access using phpMyAdmin. By either resetting the password or creating a new admin user, you will be back inside your site in just a few minutes.

Resources used:
ChatGPT

Share the article:

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *