Like any other CMS (Content Management System) that is used for web site content management, require an administrator to log in, WordPress also has a page that prompts the user to input credentials. To log in to the WordPress admin panel, the first step you will take is to navigate to the WordPress login page.
An overview of WordPress and CMS in general
If you have a web site, you will need a way to add content to it. Almost every site has some kind of CMS that will be used for adding content to your site. Why am I saying almost every? That’s because for some simple web site you will not need a CMS and all you can have are static pages created in HTML or some back-end scripting language like PHP, Java, ASP, etc that will, in the end, generate an HTML page for your browser.
WordPress is CMS and that’s basically consisted of two parts: public-facing web site, and private administration panel or admin panel. Admin panel is used for content management, so you can easily add or manage content on your web site. Today WordPress way more than just a content manager, and you can do much more with it like manage users, sites, settings or install third-party additions called plugins.
In order to access to WordPress administration panel, you will need some kind of authentication window or form where you can pass in your credentials and log in. WordPress has a page to do that and we will refer to it as WordPress login page.
How To Log in To WordPress?
There are many ways to access your WordPress login page and we will show you a couple of them. Let’s say that your website is on this web address www.example.com. If you have installed WordPress in the root directory, to access login page you should go to some of the following addresses:
http://www.example.com/wp-login.php http://www.example.com/wp-login http://www.example.com/login
or try to directly access to the WordPress admin panel. You will be redirected to the Login page.
Choose your favorite and you can always access your WordPress admin panel by typing it in the address bar
If you have installed WordPress in a directory, for example: ‘blog’, your Login page should be on this address:
On subdomains, this URI will look like this:
The login screen has some additional options:
- Register: If registration option is enabled, anyone can register to the blog simply by clicking this option
- Lost your password?: This option helps you if you can’t log in with your credentials, in case you forgot your password or even email address or login name. You just need to know your email address or login name.
- Back to blog: This link returns you to the home page of your blog
- Remember me: This option lets you save your credentials to the browser’s cookie, so the next time you don’t have to log in again. How long this will last, depends on your cookies settings. Do this only on your personal computer, so no one else could access your account.
WordPress Login Page Security
It’s always a good idea to use SSL for everything on your site. To make sure it’s correctly configured on your site, try accessing the site using HTTPS protocol. If no errors are shown and you can see https://example.com…in address bar, congratulations! Your site has SSL correctly configured.
This is highly recommended to have when you are trying to log in on your Login page.
Why is this so important? When using the HTTP protocol, traffic between the server where your site is hosted and your browser is not encrypted. When you type in your credentials and submit the login form, an HTTP request is sent to the server as plain text. If anyone sees that message, they can easily find out your credentials and use your site.
What if I don’t have SSL installed on my site?
- Check if you have access to shared SSL: Some hosting providers give you shared SSL that can be used in such cases. When using shared SSL, instead of using https://example.com/wp-login, you will use something like https://server12.examplehostingprovider.com/accountname/wp-login. It’s not pretty but it’s useful, at least to log in to your admin panel. Check this with your hosting provider.
- Avoid connecting to WordPress admin panel from untrusted networks. Let’s say you are connecting to free WiFi from your favorite coffee shop using your mobile device or laptop. This type of connection cannot be trusted, because anyone can access it and potentially hack your account. Use it at your own risk.
- Buy an SSL. This is highly recommended if you have any sensitive data on your web site or blog.
- Back up web site data as often as possible. Check if your hosting provider gives you an automatic backup feature. This will make backups on a regular basis and you will be able to restore your web site in case of serious login problems or in case your web site is hacked.
Common Login Problems
Sometimes you just can’t log in to the WordPress admin panel even though you think you have the right credentials. It’s always better to check other solutions before trying to reset your password for the 10th time.
Here is the list of possible solutions that you may try:
Check the Case of Your Password
WordPress Password is case sensitive, so it’s important to match the exact cause of your original password. Make your that your Caps Lock key is not turned on.
Redirecting – Are You On the Right Site?
You may be redirected to the wrong site, especially if you use a multisite environment, or if there are any recent changed in your .htaccess file. Check that you are on the right site by looking at the address bar URI. If you’re redirected to some other site and you’re unable to access your original site, it could be something wrong with your .htaccess file. Connect via FTP and temporary rename .htaccess file to anything else and see if that worked out.
Check the Cookies
Make sure you have enabled cookies in your browser. Clear the cookies and clear the cache. Very often this simple trick does help.
Plugins can access and modify your Login page, and some of them do that. Connect to your site via FTP and remove the plugins you think could be causing this problem. You can find plugins in /wp-content/plugins/ folder.
Disable Your Current Theme
Your theme could break sometimes and cause login problems. To make sure that’s not the case, connect to your site via FTP, and navigate to /wp-content/themes/[your-theme-name] folder. Rename your theme folder to something else. WordPress will not recognize your theme after that and will use its default theme that should work. Try to log in again. If this does not help, rename your theme’s folder back to its original name.
Check Browser’s Console Logs
This indicates that the plugin example failed, and we should delete it and try to log in after that. It would be good to report this issue to the plugin’s support page on WordPress.org in order to fix the cause of the problem.
To open console use F12 (Windows), Command + Option + I (Mac)
If you’re transferring your files via FTP, transfer problems could occur and your files may become corrupted. If you think this could be the case, try re-uploading a wp-login.php file. Make sure to delete or rename your original file before uploading a new one.
Try Resetting your Password
If you have simply forgotten your password, this is the simplest method to get back your login credentials.
Change your Password Directly in Database
If you have access to your database, you can find your user in the wp-users table. In the column, user_pass replace the existing password with your new one. Before inserting your new password you should encrypt it using the MD5 algorithm. PHP function for this is md5(), but you could also use an online MD5 encryptor tool for that (google for something like “online md5 encrypt”).
Check your Firewall Settings
In some cases, firewall settings may block you for accessing WordPress