Why is WordPress Login not Working? 9 Fixes to Regain Access Fast

If you’re stuck asking Why is WordPress Login not Working, you’re not alone—and it’s usually not “random.” WordPress login failures typically fall into a handful of predictable buckets: browser/cookie issues, a plugin or theme conflict, an SSL/URL mismatch, or a security layer (WAF, firewall, 2FA, rate limiting) blocking the request.

The tricky part is that these problems can look identical from the outside. A login page that refreshes forever might be cookies or caching. A sudden “403 Forbidden” could be a firewall rule or Cloudflare. A blank screen or “500 error” might be PHP memory, a broken plugin update, or corrupted files. Even password resets can fail simply because your site isn’t sending email reliably.

This guide is built to stop the guessing. We’ll troubleshoot Why is WordPress Login not Working in the safest order: quick browser/device checks first, then WordPress-level fixes (plugins/themes), and finally server/security causes. You’ll start with a 60-second triage checklist to identify your exact symptom, apply the matching fix, and get back into wp-admin without making things worse.

And if you’re completely locked out—especially if Why is WordPress Login not Working right after an update, migration, or security change—don’t panic. The steps ahead include recovery options that work even when you can’t log in, plus a prevention checklist so this doesn’t happen again.

Why is WordPress Login not Working: 60-Second Triage Checklist

Before you change anything, take one minute to identify what kind of login failure you’re dealing with. Most people waste hours because they start with the wrong fix. If you can match the symptom, you can usually fix it fast.

1) Identify the symptom (pick the one that matches)

• A) Login page refreshes / loops back to wp-login.php
  Usually: cookies/session issues, caching/minify, SSL/URL mismatch, Cloudflare, or a plugin conflict.
• B) “403 Forbidden” / “Access Denied” on wp-login.php or wp-admin
  Usually: firewall/WAF/Cloudflare rule, security plugin lockout, host ModSecurity, IP blocking, or file permissions.
• C) “500 Internal Server Error” / white screen after you submit login
  Usually: plugin/theme fatal error, PHP memory limit, corrupted update, or server misconfig.
• D) “Incorrect password” even when you’re sure it’s right
  Usually: wrong username/email, cached autofill, brute-force protection, or a compromised/changed password.
• E) Password reset email never arrives
  Usually: WordPress email delivery problem (needs SMTP), or the reset is being blocked/filtered.

2) Quick wins first (these fix a surprising % of cases)

Do these in order:

1. Open an incognito/private window and try logging in again.
2. Try a different browser (Chrome → Firefox) and disable extensions (ad blockers/password managers).
3. Switch networks (Wi-Fi → mobile hotspot) or turn off VPN/proxy.
4. If you use Cloudflare or a CDN: temporarily pause (or bypass caching for /wp-login.php and /wp-admin/*).
5. If it suddenly started today: think “what changed?” (plugin update, theme update, SSL change, migration, new security rules).

3) Capture clues (so you don’t troubleshoot blind)

• Write down the exact error message (copy/paste it).
• Note the URL you’re trying (example: /wp-login.php vs /wp-admin/).
• If you have hosting access: check for these hints:
  • Error logs (PHP fatal errors, memory exhausted, permission denied)
  • Security logs (WAF blocks, rate limits, “too many login attempts”)
• If it’s a loop: confirm whether your site loads at https:// and http:// (this often exposes an SSL/URL mismatch immediately).

What to do next (based on what you found)

• If you got a loop → go to the Browser + Device Fixes section first.
• If you got a 403 → go straight to Server + Security Blocks.
• If you got a 500/white screen → jump to Plugin + Theme Conflicts (and the “disable plugins via FTP” steps).
• If it’s password/reset → go to Account + Password Problems.

Browser + Device Fixes (Cookies, Cache, Extensions, VPN)

If your login page refreshes, loops back to wp-login.php, or “accepts” your credentials but never actually logs you in, start here. A huge percentage of Why is WordPress Login not Working cases come down to session cookies being blocked, overwritten, or cached incorrectly.

Clear cookies the right way (fastest fix for login loops)

Do this in order:

• Use an incognito/private window first (quick sanity check).
• If it works in incognito, your normal browser likely has a cookie/cache conflict.
• Clear site-specific data (best option):
  • In your browser settings, remove cookies/cache only for your domain (not “clear everything” unless you want to).
• Then try logging in again at:
  • https://yourdomain.com/wp-login.php

Why this works: WordPress sets authentication cookies after login. If old cookies (or a cached redirect) keep getting reused, you can get stuck in a loop.

Disable extensions that mess with logins (common culprits)

Temporarily disable (or test in a clean browser profile):

• Ad blockers (uBlock, AdBlock)
• Privacy extensions (Brave shields, tracking blockers)
• Password managers/autofill tools (especially if they auto-submit)
• Script blockers

Then re-test login. If it works after disabling extensions, re-enable them one-by-one to find the conflict.

Turn off VPN/proxy and switch networks

This is especially relevant if you see intermittent issues or security-related blocks:

• Disable VPN/proxy
• Switch to a different network (Wi-Fi → mobile hotspot)

Some hosts and security plugins treat VPN ranges as high-risk and throttle or block login attempts.

Confirm your device date/time is correct (yes, really)

If your computer/phone time is off, secure cookies and SSL sessions can behave weirdly.

• Set date/time to automatic
• Restart the browser
• Try again

Flush cached login paths (especially if you use caching/CDN)

Caching should generally not apply to login pages. If your setup is caching wp-admin or wp-login, you can get redirect loops or “logged out” behavior.

Quick checks:

• Make sure /wp-login.php and /wp-admin/ are excluded from caching
• If you use a performance plugin, temporarily disable minification/optimization features (JS/CSS combine/defer) and re-test
• If you use a CDN/WAF (like Cloudflare), confirm it’s not caching admin paths or applying aggressive bot protection to login endpoints

Why is WordPress Login not Working on Mobile? Quick Fixes

Mobile login failures are often cookie/privacy settings or network/security rules.

Try these:

• Disable “Prevent Cross-Site Tracking” / strict privacy mode (temporarily)
• Turn off iCloud Private Relay (iOS) or similar privacy relay features
• Switch from cellular to Wi-Fi (or vice versa)
• Use a different mobile browser (Safari → Chrome / Chrome → Firefox)
• If you’re using a password manager, manually type credentials once to rule out autofill issues

Next up: If browser/device fixes don’t solve it, the most likely cause is a WordPress-level issue (URL/SSL mismatch, plugins, theme conflicts). The next section goes there.

WordPress Login Mechanics (wp-login.php, Sessions, URL Mismatch)

If the browser fixes didn’t solve it, the next most common reason Why is WordPress Login not Working is that WordPress is trying to authenticate you on one URL (or protocol), then redirecting you to another—so your login cookie never “sticks.” This is especially common after SSL changes, domain changes, CDN/WAF changes, or migrations.

WordPress Address vs Site Address mismatch (classic login loop trigger)

WordPress relies on two settings:

• WordPress Address (URL)
• Site Address (URL)

If these don’t match what your browser is actually using (especially http vs https, or www vs non-www), you can get redirected endlessly and appear “logged out” immediately after login—one of the top Why is WordPress Login not Working scenarios.

What to check quickly:

• Does your site load at https://domain.com but WordPress is configured as http://domain.com?
• Are you visiting www.domain.com but WordPress is set to domain.com (or the reverse)?
• Did you recently move from a staging URL or change domains?

If you can access wp-admin: verify both URLs are correct in Settings → General.

If you can’t access wp-admin: the mismatch can be fixed via hosting tools (database settings) or by forcing the correct URL at the config level (common recovery move after migrations). The key idea is simple: one canonical URL everywhere.

HTTPS / SSL problems that break login cookies

Even if your site “looks secure,” SSL configuration issues can still break authentication.

Common culprits:

• Mixed content (site partially loads via http)
• A CDN/WAF doing something odd with redirects
• “Flexible SSL” setups that cause protocol confusion (the browser sees https but the origin thinks it’s http)

Symptoms:

• Login works… then immediately kicks you back to the login screen
• Endless redirects between /wp-admin/ and /wp-login.php
• Only fails on certain devices or networks

Your quick test:

• Open the login URL in a new tab and watch the address bar carefully:
  • Does it bounce between http and https?
  • Does it flip www on/off?

When Why is WordPress Login not Working because of SSL confusion, the fix is usually to make sure the site is consistently served as HTTPS end-to-end (browser → CDN → origin) and not “half secure.”

Cookie domain/path issues (sessions that never stick)

WordPress login depends on cookies. If cookies are blocked, overwritten, or set for the wrong domain/path, you can’t stay logged in.

Cookie problems are more likely if you:

• Recently changed domains
• Switched from subdomain to root domain (or vice versa)
• Added/changed a reverse proxy/CDN
• Force redirects inconsistently (http↔https, www↔non-www)

Practical signs:

• You enter correct credentials and it just reloads the login page
• You can log in on one browser but not another
• You can log in on a different device/network

The fix is always the same in principle: ensure your site resolves to one domain + protocol, and remove anything that forces cookies onto a different version of the domain.

Permalinks and .htaccess rules that interfere with wp-admin

Bad rewrite rules can block wp-admin without you realizing it—especially after security hardening, redirects, or a plugin that modifies rules.

Look for:

• Aggressive redirect rules that rewrite everything
• Security rules that block access to wp-login.php or wp-admin unintentionally
• Conflicts between multiple redirect/security plugins adding overlapping rules

Symptoms:

• wp-admin returns 404/403
• wp-login.php loads but submitting credentials breaks
• Redirects to strange paths after login

This is another common form of Why is WordPress Login not Working that shows up right after “I installed a security plugin” or “I added redirects.”

wp-login.php blank screen or 500 error: what it usually means

If the login page goes blank or you hit a 500 Internal Server Error right when you try to log in, you’re likely dealing with:

• A plugin/theme fatal error
• PHP memory limit issues
• A broken update (core/plugin/theme)
• Server-level issues (permissions/ownership)

In other words: this usually isn’t “login” at all—it’s the site crashing during authentication hooks.

Next up: If you suspect the site is breaking during login (500/white screen) or right after entering credentials, the next section covers the fastest way to isolate plugin + theme conflicts—including recovery steps that work even when you can’t access wp-admin.

Plugin + Theme Conflicts That Break Login

If the login page loads but you can’t stay logged in (or you get a white screen / 500 right after submitting credentials), plugin and theme conflicts are the fastest thing to test. A single security, cache, or “optimization” plugin can cause the exact symptoms that make people think Why is WordPress Login not Working at a deeper level—when it’s really one component misbehaving.

Disable plugins without wp-admin (FTP / File Manager method)

This is the safest “big hammer” test because it doesn’t delete anything—it just prevents plugins from loading.

1. Log into your hosting panel File Manager (or FTP/SFTP).
2. Go to: wp-content
3. Find the folder named: plugins
4. Rename it to something like: plugins.disabled

What this does: WordPress can’t find your plugins folder, so it loads with all plugins disabled. Now try logging in again.

• If login works after this step, you’ve confirmed a plugin conflict.
• Next, rename the folder back to plugins, then go inside and rename individual plugin folders one at a time to identify the culprit (start with security, caching, login, and optimization plugins).

Extra tip: Also check wp-content/mu-plugins (must-use plugins). Those load automatically and can still cause login issues. If that folder exists, temporarily rename it too.

Switch to a default theme safely (Theme conflicts that break auth)

Themes rarely “break login,” but it does happen—especially with heavy builders, custom functions, membership themes, or outdated code that triggers fatal errors during authentication.

To test:

1. In wp-content/themes, locate your active theme folder.
2. Rename it (example: yourtheme.disabled).
3. WordPress will typically fall back to a default theme like Twenty Twenty-Four (if installed).

Then try login again.

• If login works after switching themes, your theme (or its custom functions) is likely causing the issue.
• Restore the theme folder name once you’re done testing, and investigate recent theme updates or custom code changes.

Security plugins, 2FA, and “Limit Login Attempts” lockouts

Security tools are a very common cause when Why is WordPress Login not Working suddenly “out of nowhere,” especially after:

• You enabled 2FA without saving backup codes
• You changed your IP/network (VPN/hotspot)
• You failed multiple logins and got rate-limited
• A security plugin updated its firewall rules

What to do:

• If you suspect a security plugin lockout, temporarily disable it using the same rename method above (rename that plugin’s folder).
• If you use a CDN/WAF plus a security plugin, you may be getting blocked twice (once at the edge, once in WordPress). The goal is to remove one layer temporarily to confirm the source.

Once you’re back in, check:

• IP block lists / lockout logs
• 2FA settings and recovery methods
• “Brute force” / login throttling rules

Cache/minify/CDN plugins that corrupt login sessions

Performance plugins can break login by caching or optimizing the wrong pages, stripping cookies, or deferring scripts too aggressively.

High-risk features:

• HTML caching applied to /wp-admin/ or /wp-login.php
• Cookie-based cache rules misconfigured
• JS combine/defer/delay that interferes with login scripts
• “Optimize everything” modes that treat admin pages like public pages

Fast isolation steps:

• Disable the caching plugin (rename folder).
• If you’re using a CDN, purge cache and confirm admin/login routes are excluded.
• After access is restored, re-enable features one at a time until you find the specific setting that triggers the issue.

After you regain access: clean up so it doesn’t come back

Once you confirm the culprit, don’t just turn it back on and hope.

• Update or replace the plugin/theme causing the issue.
• Remove abandoned/nulled plugins (common security risk).
• Document the fix and add exclusions for login/admin routes in caching/CDN settings.

Next up: If disabling plugins/themes doesn’t fix it—and you’re seeing 403/429 blocks or Cloudflare-style challenges—the problem is likely server- or WAF-related. The next section covers Server + Security Blocks.

Server + Security Blocks (403/429/WAF/Cloudflare)

When you see 403 Forbidden, 429 Too Many Requests, or a “blocked” message (sometimes only on certain networks), the issue often isn’t WordPress itself—it’s something in front of it stopping the request. This is one of the most common answers to Why is WordPress Login not Working after you add a firewall, enable a CDN, or tighten security settings.

Host firewall / ModSecurity / rate limiting (the “silent” blockers)

Many hosts run security layers that can block wp-login.php without showing you a clear reason.

Common signs

• 403 on /wp-login.php or /wp-admin/
• Login works on one network but fails on another
• You get blocked after a few attempts (even if the password is correct)

What to check

• Your hosting control panel for security logs (ModSecurity, WAF events, “blocked requests”)
• Any “login protection” settings at the host level
• IP reputation/abuse protection features (some hosts auto-block VPN ranges)

Quick fixes

• Temporarily whitelist your IP in the host security tool (if available)
• Reduce false positives by allowing WordPress login endpoints:
  • /wp-login.php
  • /wp-admin/
• If you’re testing, wait 10–30 minutes after repeated attempts—some blocks are timed.

Cloudflare / WAF rules blocking wp-login (403/1020/JS challenge loops)

If you use Cloudflare (or another WAF/CDN), it can block or challenge login traffic—especially if you enabled “Bot Fight Mode,” strict WAF rules, or geo/rate limits.

Common signs

• Cloudflare error pages (like a 1020-style “Access denied”)
• Infinite challenge/verification loop before the login page loads
• 403 appears only for some visitors, countries, or devices

What to review in your WAF

• Whether /wp-login.php and /wp-admin/* are being rate limited
• Whether “challenge” actions are being applied to admin routes
• Any rules targeting wp-login.php as “high risk” (common default behavior)

Practical approach

• Create a rule to bypass caching and reduce aggressive bot challenges for admin/login routes.
• Keep protection on, but tune it so legitimate admin traffic isn’t treated like an attack.

Security headers / redirects / proxy confusion (blocks that look like “login issues”)

Sometimes the “block” is actually a redirect/security configuration that breaks authentication:

• Forced redirects that bounce between http and https
• Conflicting rules between the CDN and the origin server
• Admin URLs being rewritten unexpectedly

Clue: The login page loads, but submitting credentials redirects you somewhere odd or drops you back at the login screen.

This is why server/WAF blocks often overlap with SSL/URL mismatch issues—it can feel like Why is WordPress Login not Working when the real problem is “your request is being altered on the way in.”

File permissions/ownership and PHP limits (when login triggers an error)

If logging in causes a crash (or a sudden 500 that behaves like a “block”), it can still be server-side:

• Incorrect file permissions or ownership
• PHP memory/time limits too low
• PHP-FPM/hosting resource limits being hit

Signs

• White screen right after login submit
• 500 error only when trying to authenticate
• wp-admin loads partially but fails on action

What to look for

• Server/PHP error logs mentioning “permission denied,” “memory exhausted,” or fatal errors

What this section should help you decide

• If you’re seeing 403/429 or WAF messages, treat it as security/rate limit first, not a WordPress password problem.
• If you’re seeing loops + challenges, treat it as WAF + cookie/session behavior interacting badly.
• If you’re seeing crashes on login, treat it as server limits or a fatal error, even if it “looks” like a login bug.

Next up: If the error is “incorrect password,” reset emails don’t arrive, or you suspect an account/role issue, the next section covers Account + Password Problems (Email, Users Table, Admin Recovery).

Account + Password Problems (Email, Users Table, Admin Recovery)

Sometimes Why is WordPress Login not Working has nothing to do with plugins, caching, or firewalls—it’s simply that the account can’t authenticate or you can’t complete recovery. The most common scenarios are: the wrong username/email, a password that was changed, lockouts from security rules, or password reset emails that never arrive.

Password reset not sending: fix email deliverability (SMTP)

If you click “Lost your password?” and nothing ever shows up, WordPress is usually sending mail through the default PHP mail function—which is unreliable on many hosts and often blocked or filtered.

What to check first:

• Confirm you’re using the correct username or email on the reset form.
• Check spam/promotions folders and search for:
  • “WordPress”
  • your site name
  • “password reset”
• If you use a business email (Google Workspace/Microsoft 365), confirm the mailbox isn’t full and filtering rules aren’t deleting it.

What typically fixes it long-term:

• Set up SMTP so WordPress sends mail through a real mail provider (this stabilizes password resets and contact forms).
• Use a sending method that supports authentication (reduces “silent drops”).

Key point: If password reset email isn’t delivering, you’ll keep thinking Why is WordPress Login not Working—but the real failure is email delivery, not login itself.

“Incorrect password” even when you’re sure it’s right

Before you assume something is broken, rule out the most common gotchas:

• You’re logging in with email but the account uses a different username (or vice versa).
• A password manager is autofilling the wrong credential (very common if you have staging sites or similar domains).
• You’re hitting a cached/redirected version of the login page and not actually authenticating where you think you are (especially with www/non-www or http/https mismatch).
• A security tool is throttling logins and returning generic errors.

Fast sanity check:

• Open a private/incognito window and manually type the username + password once.
• Try from a different browser/device.
• If possible, confirm the account still exists and has the correct role.

Restore admin access via database (safe recovery path)

If you’re locked out and password reset won’t work, you can restore access by editing user data in the database. This is a last-resort but reliable approach when Why is WordPress Login not Working due to account-level issues.

Common admin recovery options (non-destructive):

• Reset the password hash for the user in the users table
• Ensure the user has admin capabilities in the usermeta table
• Create a temporary admin user (then remove it once access is restored)

Safety rules to include in the article:

• Take a backup before changing the database.
• Make the smallest change needed.
• Remove temporary admin access immediately after recovery.

SSO / Google login conflicts + session caching

If you use “Login with Google,” SSO, membership plugins, or a custom login URL plugin, authentication may fail because:

• The SSO app credentials were changed or revoked
• Redirect URIs don’t match after a domain/SSL migration
• Caching/minification is interfering with the login callback
• Security rules are blocking the callback endpoint

Common clue: You can load the login page, but the “Sign in with Google” flow fails, redirects oddly, or returns you to login again.

What to do:

• Temporarily disable the SSO plugin (folder rename method) to test whether standard login works.
• Verify redirect/callback URLs match the current domain + https.

Next up: If your login broke right after a site move, SSL change, or update—and none of the above stuck—the next section covers Updates, Migrations, and Staging Gotchas (where URL/cookie and environment differences trigger lockouts).

Updates, Migrations, and Staging Gotchas

When login breaks “out of nowhere” right after a change, it’s rarely a mystery—WordPress is extremely sensitive to URL, SSL, and environment differences. This section exists because Why is WordPress Login not Working is often triggered by good maintenance (updates) or necessary work (migrations).

Domain/HTTPS change after migration = cookie chaos

After a migration (or even a simple SSL flip), your site might look correct while WordPress is still issuing cookies for the old domain/protocol. The result is classic: you log in, get redirected, and end up back at the login screen like nothing happened.

What usually caused it:

• Moving from http:// to https:// (or the reverse)
• Switching www to non-www (or the reverse)
• Migrating from staging to live (e.g., staging.domain.com → domain.com)
• A CDN/proxy layer in front of the origin changing how WordPress “sees” the request

Best practice for the article: emphasize that one canonical URL must match everywhere (site settings, redirects, CDN, and SSL), and admin/login routes should not be cached.

Updates that change security rules or caching behavior

Updates don’t just “add features”—they can change how authentication flows behave, especially if you updated:

• Security plugins (new lockout thresholds, firewall rules, 2FA changes)
• Caching/optimization plugins (minify/defer/delay scripts, cookie-based caching rules)
• PHP version or server settings (stricter defaults, memory/time limits)

Common pattern: login worked yesterday, then after an update it loops, throws 403/429, or crashes on submit. The fix path is to isolate what changed (disable the updated plugin first, then re-enable features one-by-one once access is restored).

Preventing the Next Lockout

Once you’re back in, don’t stop at “it works now.” Most repeat lockouts happen because the original trigger (URL mismatch, caching admin routes, aggressive security rules, or no recovery path) is still sitting there waiting for the next update to set it off. If you never want to relive Why is WordPress Login not Working, lock in these safeguards.

Keep a recovery path (so you’re never fully stuck)

• Maintain two admin users (a primary + a backup) with strong unique passwords.
• If you use 2FA, save backup codes somewhere secure (password manager or encrypted note).
• Make sure at least one admin email address is one you can reliably access (not an old mailbox).
• Document your login URL if you use a “hide wp-login” plugin (and keep a safe way to revert it).

Backups + staging + change control

• Turn on automatic daily backups (files + database) and keep at least 7–14 days of history.
• Test updates in staging first, especially security/caching plugins and major WP core updates.
• After any migration/SSL change, verify:
  • One canonical URL (https + preferred www/non-www)
  • /wp-login.php and /wp-admin/ are excluded from caching

Monitoring + alerts (catch issues before they become lockouts)

• Enable alerts for:
  • Lockouts / blocked requests (security plugin or WAF logs)
  • File changes (unexpected modifications)
  • Failed update attempts
• Review logs after big changes—one false-positive WAF rule can cause days of login headaches.

FAQ

1) Why is WordPress Login not Working even after clearing cookies?
If cookies didn’t fix it, the usual next culprits are an SSL/URL mismatch (http vs https, www vs non-www), a caching/CDN rule touching /wp-login.php, or a plugin conflict (security, cache, optimization). Try disabling plugins (rename wp-content/plugins) and confirm your site uses one canonical URL.

2) Why does WordPress keep redirecting me back to the login page?
That’s almost always a session/cookie problem caused by URL inconsistency. If WordPress authenticates on one URL but redirects you to another, the login cookie won’t match. Check WordPress Address/Site Address, and make sure redirects, CDN, and SSL all point to the same https + domain version.

3) What does a 403 Forbidden error on wp-login.php mean?
A 403 usually means something is blocking access before WordPress can even process the login—host firewall, ModSecurity, Cloudflare/WAF rules, a security plugin lockout, or file permissions. Review WAF/security logs, whitelist your IP if needed, and ensure login/admin routes aren’t being challenged aggressively.

4) What does a 429 Too Many Requests error mean when logging in?
A 429 is rate limiting. It can come from your host, a WAF/CDN, or a WordPress security plugin (limit login attempts). Wait for the block to expire, then adjust thresholds or add an allow rule for your admin IP—especially if you use a VPN or shared network.

5) Why am I getting a white screen or 500 error right after I submit login?
That often indicates a fatal error triggered during authentication (plugin/theme hooks), low PHP memory, or a broken update. Disable plugins via FTP/file manager first to confirm. If it still fails, check server error logs for the exact fatal error and fix that root cause.

6) Why won’t the password reset email arrive?
Most of the time WordPress email delivery is the problem, not the reset itself. Many hosts don’t reliably send PHP mail, or messages get filtered. Set up SMTP, confirm you’re using the correct username/email, and check spam/quarantine. Once SMTP is configured, resets usually become reliable.

7) Can a security plugin or 2FA lock me out even with the right password?
Yes. Security plugins can lock out IPs after failed attempts, require 2FA codes, or block “risky” networks. If you lost 2FA access, use recovery codes (best case) or temporarily disable the security plugin folder to regain access, then reconfigure 2FA safely.

8) Why does login work on one device but not another?
That points to browser cookies/extensions, device privacy settings, or network/WAF differences. Test incognito, disable extensions, and switch networks (Wi-Fi vs hotspot). If it’s network-specific, check your WAF/host firewall logs—some IP ranges (VPNs) get blocked more often.

Conclusion

When you’re locked out, it’s easy to assume WordPress is “broken,” but most cases come down to a predictable chain: browser/session issues, WordPress URL/SSL mismatches, plugin/theme conflicts, or security/WAF blocks. If you work through the fixes in the right order, you avoid the rabbit holes and get back into wp-admin faster.

If you’re still stuck and Why is WordPress Login not Working after you’ve tested cookies, confirmed the correct URL/HTTPS setup, and temporarily disabled plugins/themes, focus on logs next—host firewall/WAF events and PHP error logs will usually reveal the real blocker.

Once access is restored, lock in prevention: keep a recovery admin path, exclude login/admin routes from caching, and test major updates in staging. That’s how you turn a one-time fix into a problem you never have to deal with again.