Getting locked out of your WordPress website by the dreaded ‘too many failed login attempts’ error message, is one of the most annoying things ever.
It’s the last thing you want to be dealing when you are working on your WordPress website, whether it be maintaining it or adding fresh content.
In this tutorial I am going to be showing you a few simple ways you can unlock too many login attempts for WordPress, and get back into your website without waiting for 20-30 minutes. We have tested this method with WordPress 5.0 and this is still the best route to unlock WordPress in 2019.
This tutorial assumes that you have the Limit Logins Plugin installed on your website, or that some form of login protection has been added to your website either by your hosting company or your developer (if you’ve been locked out of your website and displayed with a message informing you that you have tried to login too many times, you can assume this applies to you).
What Is ‘too many failed login attempts’ for WordPress
This message displays when a user has tried to login too many times to their WordPress website within a given time limit (generally, in quick succession).
This is a security feature of WordPress designed to stop hackers from accessing your website illegitimately, and to prevent brute force attacks (spamming hundreds or thousands of passwords in an attempt to force access).
What Causes ‘too many failed login attempts’
This is caused by entering the wrong login credentials too many times in quick succession. To display the error message in the first instance, you need to type in the wrong login credentials multiple times.
Once the error message has displayed and WordPress has registered this ‘too many failed login attempts’ state, even if you input the correct user credentials, they won’t register successfully until the wait period has expired.
So How to Fix ‘too many failed login attempts for WordPress’
There are a few methods for solving this issue, depending on how your WordPress website is setup.
The FTP Method
The FTP method assumes you have the Limit Login Attempts plugin installed, and this is what is generating your ‘too many login attempts’ error message.
The FTP section of your website can usually be located fairly easily within your CPanel (accessible via your hosting account).
Using FTP (File Transfer Protocol) you can log into your website and view all of its files. Once there, you need to navigate to: /wp-content/plugins/
The plugins folder contains the files for, you guessed it, all of the plugins on your website.
You will need to look for the Limit Login Attempts plugin folder, once you find it, delete it to remove it from your website. Usually, you would uninstall it using the WordPress dashboard, but unfortunately, as you can’t login to the dashboard, we have to use an alternative method.
The MySQL Method
The second method for resetting login attempts on WordPress is by use of a MySQL query. This method requires a basic understanding of MySQL and using phpMyAdmin, which is a tool accessible from your CPanel.
We are going to be using a SQL query that will target your WordPress database, specifically wp_options, and reset your login attempts.
For those of you unfamiliar with MySQL and phpMyAdmin, it’s not as daunting as it may sound and I will walk you through it step by step.
Locate Your Database
If you don’t have multiple websites on your hosting plan, this step isn’t relevant and you can skip to the next step. If you have multiple websites on one hosting plan, through add on domains, this step will show how you to isolate the database for the website you wish to run this query on.
This step assumes your CPanel is using Installatron.
A simple way of figuring out which website is using which database is to open up your Installatron (from your CPanel), which is used to install WordPress amongst other ready to go applications. GoDaddy for instance provides an Installatron to help you easily install applications on a domain of your choosing.
Once you have logged into Installatron, you will see a list of your websites with WordPress installed on. Find the website you’d like to unlock login attempts on, and click on the spanner button, which is the edit button for that particular installation of WordPress.
Click on ‘Files and Tables’, which is next to ‘Overview’ and scroll down to ‘Database Name’.
This will provide you with the database name you need to look for in the next step, when you use phpMyAdmin to execute your SQL query.
Executing Your SQL Query Using phpMyAdmin
Now that you know your database name, or if you only have the one database you know the name by default, let’s proceed to use some simple SQL queries to unlock login attempts for WordPress.
The Simple SQL Query
To unlock login attempts for all users on a specific WordPress website, you can use the below query by clicking on your database table name, then SQL:
UPDATE wp_options SET option_value = '' WHERE option_name = 'limit_login_lockouts' LIMIT 1;
The Unlock Only Your IP Query
You could also use this query to unlock login attempts specifically for your IP address. You can find out your IP address by using What’s My IP.
UPDATE wp_options SET option_value = REPLACE(option_value, '123.456.789.123, '') WHERE option_name = 'limit_login_lockouts' LIMIT 1;
For the option_value number, replace this with your IP address using the format displayed above and the query will work on your IP.
You can use either of these SQL queries to unlock login attempts, so that you can once again login into your WordPress without error.
Set a Safe Password For Your WordPress Website
To finish up with, just a quick note on setting a safe password. While it may be easier to remember something like ‘ILoveCats:)” as a password, it is safer to use a strong multi character password that differs for every service you use.
I recommend allowing the Installatron to generate your password for your by default when you are installing WordPress on your domain, failing that, follow the below guidelines for creating a safe password:
- Use a minimum of 12 characters.
- Include a mix of symbols, lowercase and uppercase characters.
- Avoid the obvious, like your partner’s name or the name of your business
Hopefully you found this tutorial useful, and you can bookmark it for the next time you lock yourself out of your WordPress website.