To log in to WordPress, go to yoursite.com/wp-admin (or yoursite.com/wp-login.php), enter your username or email and password, then click Log In. You land in the dashboard. If that address does not open, a security plugin may have moved your login URL, or a password, cookie, or lockout problem is blocking you.
/wp-admin or /wp-login.php.Every self-hosted WordPress site has an admin sign-in page. By default you reach it by adding /wp-admin to the end of your web address. So if your site is example.com, your login page is example.com/wp-admin. If you are not already signed in, WordPress sends you to example.com/wp-login.php, which is the same login form. Both addresses lead to the same place, so either one is fine.
On that page you enter two things: your username or email (the account you created when you set up the site) and your password. Click Log In and you land in the WordPress dashboard — the control panel where you write posts, change your theme, and manage plugins. New to WordPress overall? Our WordPress hosting guide explains how the pieces fit together.
The login form also has a "Remember Me" checkbox. Tick it and WordPress keeps you signed in for about two weeks, so you do not have to type your password on every visit. Leave it unchecked on shared or public computers, where you do not want the next person staying logged in as you.
If yoursite.com/wp-admin does not open the login form, try yoursite.com/wp-login.php instead. On some setups the first address redirects strangely while the second still works. If you installed WordPress in a subfolder — say example.com/blog — your login page lives at example.com/blog/wp-admin, so add the folder name.
Still nothing? A security plugin (an add-on that hardens your site) may have changed the login URL on purpose. Plugins such as WPS Hide Login or the login features in Wordfence and iThemes Security let you replace /wp-admin with a custom address like example.com/my-secret-door. This is a deliberate defense: hiding the login page means automated bots cannot find it to guess passwords. The catch is that you also have to remember the new address.
To recover a hidden login URL, check the notes or password manager you saved when you set the site up, look at the confirmation email the plugin often sends, or ask whoever built the site. If you have access to your files, you can also open the site's files and temporarily rename the security plugin's folder (see the lockout section below) to restore the normal /wp-admin address.
Most WordPress login trouble falls into a handful of patterns. Find your symptom below and follow the fix. Don't worry — nearly all of these take only a few minutes to sort out.
The fastest fix is the built-in email reset. On the login page, click "Lost your password?", enter your username or email, and WordPress sends you a link to set a new password. Here is the full process, step by step:
yoursite.com/wp-login.php and click the "Lost your password?" link below the form.If the reset email never arrives — often because the site cannot send mail reliably — you can reset the password directly. Use one of these methods:
wp_users table, and edit your row. In the user_pass field, type your new password, then set the "Function" dropdown next to it to MD5 and save. WordPress reads the scrambled value and lets you log in with the plain password you typed.wp user update yourusername --user_pass="YourNewPassword". This updates the password instantly without touching email.If you see a message like "too many failed login attempts, please try again later," a login-limit plugin has temporarily blocked your address after several wrong tries. This is a security feature working as intended. You have two choices:
wp-content/plugins and rename the security plugin's folder — for example, change wordfence to wordfence-off. WordPress cannot load a plugin it cannot find, so the lockout lifts. Rename the folder back once you are in.You enter the right details, the page reloads, and you are back at the login form with no error. This redirect loop is usually a cookie problem (WordPress uses cookies, small files in your browser, to remember you are signed in) or a mismatch in your site address settings. Work through these fixes in order:
https://example.com, not one with www and one without). A mismatch here is a classic cause of loops.plugins folder as shown above) to see if one is forcing a bad redirect.Sometimes the login itself works, but the dashboard loads as a blank white page. This is the white screen of death, and it usually points to a plugin conflict, a theme error, or a memory limit — not your login details. Our dedicated guide walks through every fix: how to fix the WordPress white screen of death.
This message means WordPress cannot set the login cookie it needs. To fix it: enable cookies in your browser settings, clear any existing cookies for your site, and disable any browser extension or WordPress plugin that blocks or rewrites cookies. Trying a different browser is a quick way to confirm whether the problem is on your device or the site.
A 403 Forbidden error on the login or admin page means the server is refusing access, usually because of file permissions, a rule in the .htaccess file, or a security rule from a plugin or firewall. The full walkthrough is here: how to fix 403 and 404 errors.
If you just migrated your site to a new host or domain and now cannot log in, or you see "Error establishing a database connection," the problem is usually the connection between WordPress and its database, not your password. Start with error establishing a database connection, and for broader server messages see our server errors guide.
wp_users table can lock out every account or damage your site. Export the database (a one-click option in most hosting panels) before you change anything.A few avoidable slip-ups cause most login headaches:
/wp-admin will look broken when it is actually just hidden. Save the custom URL somewhere permanent.Once you are back in, a few habits keep your login both safe and hassle-free:
The default WordPress login URL is your site address followed by /wp-admin — for example example.com/wp-admin. If that redirects, try example.com/wp-login.php, which is the same login form. If WordPress lives in a subfolder, add the folder name, like example.com/blog/wp-admin. A security plugin can change this address on purpose.
If the reset email never arrives, reset the password directly. In your hosting panel's phpMyAdmin, open the wp_users table, type a new password in the user_pass field, and set the function dropdown to MD5 before saving. Or, with command-line access, run wp user update yourusername --user_pass="YourNewPassword". Back up your database before editing it.
A login page that reloads without an error is almost always a cookie problem or a mismatch in your site address settings. Clear your browser cookies and cache, try another browser or an incognito window, and confirm your WordPress Address and Site Address (URL) both match how you actually reach the site. Deactivating plugins can rule out a bad redirect.
Being locked out with a "too many failed attempts" message means a login-limit plugin blocked your address after several wrong tries. Wait 15 to 30 minutes for the lockout to clear, or disable the plugin by renaming its folder in wp-content/plugins through your host's File Manager or FTP. A 403 error instead points to file permissions or a security rule.
Use a strong, unique password, turn on two-factor authentication, limit login attempts with a security plugin, and avoid the username "admin." Optionally, move your login URL away from the default /wp-admin with a plugin so automated bots cannot find it. Together these steps block the large majority of login attacks.
Yes. Most hosts add a WordPress shortcut in the hosting control panel with a "Log in to WordPress" or "Edit site" button that signs you in with one click. This is the easiest way in when you have forgotten your exact login URL or your password reset is not working.
To log in to WordPress, visit yoursite.com/wp-admin or yoursite.com/wp-login.php and enter your username and password. If that does not work, the cause is usually one of a few things: a security plugin moved your login URL, a forgotten password (reset it by email, phpMyAdmin, or WP-CLI), a lockout from too many attempts, a cookie-driven refresh loop, or a server-side error like 403 or a database problem. Each has a clear, quick fix above.
Ready to keep building? If you are still setting things up, our step-by-step guide to installing WordPress is the natural next step.
wp user update command reference.The editorial team behind the Bitrich777 Hosting Help Center — practical, tested guides on web hosting, WordPress, servers, DNS, SSL, email, security and migration. Every walkthrough is reproduced on a live host before it is published.
View all guides by the Hosting Team Spotted an error? Tell us