How to Log In to WordPress + Fix Common Login Problems

To log in to WordPress, go to yoursite.com/wp-admin (or yoursite.com/wp-login.php), enter your username or email and password, then click Log In. You land in the dashboard. If that address does not open, a security plugin may have moved your login URL, or a password, cookie, or lockout problem is blocking you.

Key takeaways

  • The default WordPress login URL is your site address plus /wp-admin or /wp-login.php.
  • Forgot your password? Use the "Lost your password?" link to reset it by email, or reset it through your hosting panel or WP-CLI if email fails.
  • Being locked out usually means a login-limit plugin blocked you; wait out the lockout or disable the plugin by renaming its folder.
  • A login page that keeps refreshing is almost always a cookie problem or a wrong Site Address setting.
  • Some security plugins hide the login URL on purpose, so check your records before you assume the page is broken.

How and where to log in to WordPress

Every self-hosted WordPress site has an admin sign-in page. By default you reach it by adding /wp-admin to the end of your web address. So if your site is example.com, your login page is example.com/wp-admin. If you are not already signed in, WordPress sends you to example.com/wp-login.php, which is the same login form. Both addresses lead to the same place, so either one is fine.

On that page you enter two things: your username or email (the account you created when you set up the site) and your password. Click Log In and you land in the WordPress dashboard — the control panel where you write posts, change your theme, and manage plugins. New to WordPress overall? Our WordPress hosting guide explains how the pieces fit together.

The login form also has a "Remember Me" checkbox. Tick it and WordPress keeps you signed in for about two weeks, so you do not have to type your password on every visit. Leave it unchecked on shared or public computers, where you do not want the next person staying logged in as you.

Many hosts add a shortcut so you never have to remember the address. In your hosting control panel (the dashboard your web host gives you), look for a WordPress area with a "Log in to WordPress" or "Edit site" button. It signs you in with one click, which is handy when you have forgotten the exact URL.

How to find or change your login URL

If yoursite.com/wp-admin does not open the login form, try yoursite.com/wp-login.php instead. On some setups the first address redirects strangely while the second still works. If you installed WordPress in a subfolder — say example.com/blog — your login page lives at example.com/blog/wp-admin, so add the folder name.

Still nothing? A security plugin (an add-on that hardens your site) may have changed the login URL on purpose. Plugins such as WPS Hide Login or the login features in Wordfence and iThemes Security let you replace /wp-admin with a custom address like example.com/my-secret-door. This is a deliberate defense: hiding the login page means automated bots cannot find it to guess passwords. The catch is that you also have to remember the new address.

To recover a hidden login URL, check the notes or password manager you saved when you set the site up, look at the confirmation email the plugin often sends, or ask whoever built the site. If you have access to your files, you can also open the site's files and temporarily rename the security plugin's folder (see the lockout section below) to restore the normal /wp-admin address.

Want to change the login URL yourself for security? Install a trusted plugin like WPS Hide Login, open its settings, and set a new login slug (the last part of the address). Save it, then bookmark the new URL right away. Moving the login page is one of the simplest ways to cut down on automated attacks.

Common login problems and how to fix them

Most WordPress login trouble falls into a handful of patterns. Find your symptom below and follow the fix. Don't worry — nearly all of these take only a few minutes to sort out.

Forgot your password

The fastest fix is the built-in email reset. On the login page, click "Lost your password?", enter your username or email, and WordPress sends you a link to set a new password. Here is the full process, step by step:

  1. Open your login page at yoursite.com/wp-login.php and click the "Lost your password?" link below the form.
  2. Type the username or email address tied to your account, then click Get New Password.
  3. Open your email inbox and find the message from WordPress. Check your spam or junk folder if it is not in the inbox.
  4. Click the reset link in that email. It opens a page where you can set a new password.
  5. Enter a strong new password (or accept the one WordPress suggests), click Save Password, then log in with it.

If the reset email never arrives — often because the site cannot send mail reliably — you can reset the password directly. Use one of these methods:

  • Through your hosting panel (phpMyAdmin): Open phpMyAdmin (the database tool in your hosting control panel), select your site's database, open the wp_users table, and edit your row. In the user_pass field, type your new password, then set the "Function" dropdown next to it to MD5 and save. WordPress reads the scrambled value and lets you log in with the plain password you typed.
  • Through WP-CLI: If your host offers command-line access, run wp user update yourusername --user_pass="YourNewPassword". This updates the password instantly without touching email.
Editing the database directly is powerful but unforgiving. Back up your database first (most hosting panels have a one-click export), so a mistyped field cannot cost you data.

Locked out or "too many failed attempts"

If you see a message like "too many failed login attempts, please try again later," a login-limit plugin has temporarily blocked your address after several wrong tries. This is a security feature working as intended. You have two choices:

  1. Wait it out. Most lockouts last 15 to 30 minutes. Give it that time, then log in carefully with the correct details.
  2. Disable the plugin. If you cannot wait or the lockout will not clear, connect through your host's File Manager or an FTP program (a tool for moving files to your server). Go to wp-content/plugins and rename the security plugin's folder — for example, change wordfence to wordfence-off. WordPress cannot load a plugin it cannot find, so the lockout lifts. Rename the folder back once you are in.

Login page keeps refreshing or looping back

You enter the right details, the page reloads, and you are back at the login form with no error. This redirect loop is usually a cookie problem (WordPress uses cookies, small files in your browser, to remember you are signed in) or a mismatch in your site address settings. Work through these fixes in order:

  1. Clear your browser cookies and cache for your site, then reload the login page and try again.
  2. Try another browser or a private/incognito window to rule out a broken saved cookie.
  3. Check your site address settings. The WordPress Address and Site Address (URL) must match how you actually reach the site (for example both https://example.com, not one with www and one without). A mismatch here is a classic cause of loops.
  4. Deactivate plugins temporarily (rename the plugins folder as shown above) to see if one is forcing a bad redirect.

White screen after you log in

Sometimes the login itself works, but the dashboard loads as a blank white page. This is the white screen of death, and it usually points to a plugin conflict, a theme error, or a memory limit — not your login details. Our dedicated guide walks through every fix: how to fix the WordPress white screen of death.

"Cookies are blocked or not supported"

This message means WordPress cannot set the login cookie it needs. To fix it: enable cookies in your browser settings, clear any existing cookies for your site, and disable any browser extension or WordPress plugin that blocks or rewrites cookies. Trying a different browser is a quick way to confirm whether the problem is on your device or the site.

403 Forbidden on wp-admin

A 403 Forbidden error on the login or admin page means the server is refusing access, usually because of file permissions, a rule in the .htaccess file, or a security rule from a plugin or firewall. The full walkthrough is here: how to fix 403 and 404 errors.

Can't log in after moving the site, or a database error

If you just migrated your site to a new host or domain and now cannot log in, or you see "Error establishing a database connection," the problem is usually the connection between WordPress and its database, not your password. Start with error establishing a database connection, and for broader server messages see our server errors guide.

Common mistakes to avoid

Never edit your database to reset a password without a backup first. One wrong value in the wp_users table can lock out every account or damage your site. Export the database (a one-click option in most hosting panels) before you change anything.

A few avoidable slip-ups cause most login headaches:

  • Forgetting a security plugin moved the login URL. If you set a custom login address months ago and then forget it, /wp-admin will look broken when it is actually just hidden. Save the custom URL somewhere permanent.
  • Using the wrong email or username. Many people have several email addresses. Make sure you are entering the exact one attached to your WordPress account, not a personal address you never registered.
  • Skipping the backup before a database edit. As the warning above says, always export first — it takes seconds and can save your whole site.

How to keep your login secure

Once you are back in, a few habits keep your login both safe and hassle-free:

  • Use a strong, unique password. A long mix of words, numbers, and symbols that you do not reuse anywhere else is your first line of defense. A password manager makes this painless.
  • Turn on two-factor authentication (2FA). This adds a second step — usually a code from a phone app — so a stolen password alone cannot get anyone in. Many security plugins add 2FA for free.
  • Limit login attempts. A login-limit plugin blocks an address after several wrong guesses, which stops bots from trying thousands of passwords. Yes, it can lock you out too, but now you know how to clear it.
  • Do not use the username "admin." It is the first username attackers try. Create a personal admin account with a different name and remove any leftover "admin" account.
Combining a hidden login URL, a strong password, and 2FA blocks the large majority of automated login attacks with almost no effort on your part.

Frequently asked questions

What is the WordPress login URL?

The default WordPress login URL is your site address followed by /wp-admin — for example example.com/wp-admin. If that redirects, try example.com/wp-login.php, which is the same login form. If WordPress lives in a subfolder, add the folder name, like example.com/blog/wp-admin. A security plugin can change this address on purpose.

How do I reset my WordPress password without email?

If the reset email never arrives, reset the password directly. In your hosting panel's phpMyAdmin, open the wp_users table, type a new password in the user_pass field, and set the function dropdown to MD5 before saving. Or, with command-line access, run wp user update yourusername --user_pass="YourNewPassword". Back up your database before editing it.

Why does my login page keep refreshing?

A login page that reloads without an error is almost always a cookie problem or a mismatch in your site address settings. Clear your browser cookies and cache, try another browser or an incognito window, and confirm your WordPress Address and Site Address (URL) both match how you actually reach the site. Deactivating plugins can rule out a bad redirect.

Why am I locked out of wp-admin?

Being locked out with a "too many failed attempts" message means a login-limit plugin blocked your address after several wrong tries. Wait 15 to 30 minutes for the lockout to clear, or disable the plugin by renaming its folder in wp-content/plugins through your host's File Manager or FTP. A 403 error instead points to file permissions or a security rule.

How do I secure my WordPress login?

Use a strong, unique password, turn on two-factor authentication, limit login attempts with a security plugin, and avoid the username "admin." Optionally, move your login URL away from the default /wp-admin with a plugin so automated bots cannot find it. Together these steps block the large majority of login attacks.

Can I log in to WordPress from my hosting panel?

Yes. Most hosts add a WordPress shortcut in the hosting control panel with a "Log in to WordPress" or "Edit site" button that signs you in with one click. This is the easiest way in when you have forgotten your exact login URL or your password reset is not working.

Summary

To log in to WordPress, visit yoursite.com/wp-admin or yoursite.com/wp-login.php and enter your username and password. If that does not work, the cause is usually one of a few things: a security plugin moved your login URL, a forgotten password (reset it by email, phpMyAdmin, or WP-CLI), a lockout from too many attempts, a cookie-driven refresh loop, or a server-side error like 403 or a database problem. Each has a clear, quick fix above.

Ready to keep building? If you are still setting things up, our step-by-step guide to installing WordPress is the natural next step.

References

  • WordPress.org Documentation — "Administration Screens" and "Resetting Your Password" (developer and support handbooks).
  • WordPress.org Support — "Cookies" and "Login Trouble" troubleshooting articles.
  • WP-CLI Handbook — wp user update command reference.
Bitrich777 Hosting Team
About the author

The editorial team behind the Bitrich777 Hosting Help Center — practical, tested guides on web hosting, WordPress, servers, DNS, SSL, email, security and migration. Every walkthrough is reproduced on a live host before it is published.

Spotted an error? Tell us