Every experienced admin knows how to get to your WordPress site in the control panel, but this question often arises before those who are just starting to get acquainted with this engine.

WordPress itself is very easy to understand, but we will still try to answer a number of questions that arise from the "green" administrators.

More specifically, let's talk about how to log into the WordPress admin area.

To get into the admin control panel of your site, you need to go to the address http://sait.ru/wp-admin/, (where site.ru is the address of your site), after which you need to enter the login given to you during the installation of WordPress (by default - is admin) and password. If the data was entered correctly, then you will be taken to the WordPress admin control panel. Here you can do anything with your site: write notes, configure plugins, move widgets, etc.

If you cannot get into the admin control panel, then most likely you simply entered your data incorrectly, installed a protection module, or your site was hacked. If your site is not very popular and could not interfere with anyone in principle, then the hacking option should not be considered seriously, because breaking such a site is simply not advisable. Most likely, you simply entered the data incorrectly, so take care of data recovery via mail using the standard functionality.

If, when you try to get to the address http://sait.ru/wp-admin/, nothing happens at all, then the address of the admin panel has been changed to another one using one of the plug-ins designed to provide protection. One such plugin is WordPress Paranoja-401, which is designed to protect the WordPress engine from XSS attacks and password guessing (the plugin creates double password protection for entering the admin panel). Such a plugin can create a different login address, for example, http://sait.ru/wp-login/. By the way, if your site needs protection, then you can get the plugin described above and install it on your site at the URL: http://wordpressdlyachajnikov.ru/download/paranoja-401.zip

How to log into the WordPress admin panel when using this plugin, you can read in the documentation for it.

Where to store passwords for WordPress, how to change the administrator password in the control panel

As for us, the most reliable option for storing passwords is the Kipasa program, the database of which can be stored on the cloud in Dropbox. Actually, you can get Kipasu at the URL: http://keepass.info/compare.html, and you can create an account in Dropbox through the address: dropbox.com

We advise you to change the username admin to something else, so that it would be much more difficult for hackers to guess the login data to your admin panel. Even if you have nothing to steal, the site can be hacked by the streaming method, after which it will be infected with a virus. As a result, your site will turn into a puppet (doorway). Note that changing the WordPress password directly will not work due to the specification of the engine, but you can do it a little trickier: create an additional user with administrator rights, and then simply delete the old one.

To do this, you need to select “Users” - “Add” in the admin panel, and then fill out the form that opens, in which you need to enter new login, password, address Email. AT last paragraph"Role" be sure to select "Administrator". After that, you will have to exit the WordPress admin panel, which can be done in the right upper corner admin panel. Now you have to log into the admin panel, but under your new login, and if everything is done correctly, then the login will be successful.

We use the phpMyAdmin control panel to log in to the admin and create a small php file that can change the login password

This option becomes relevant when it is not possible to restore data through the "login". You must have come across phpMyAdmin during the WordPress installation process. Actually phpMyAdmin stores all the data about your site and users. Choose the database that is used on your WordPress site; also note that the database also contains the comments, posts, usermeta and others tables. You also need to open wp_users, where you need to open your credentials and change them to others. Important: when changing your password in the user_pass line, you need to select the MD5 function.

You can also create a small php file that can change the login password for the admin control panel. To do this, open your Notepad ++ and enter the following:

add_action("init", "my_password_recovery");
function my_password_recovery() (
$user = get_user_by("login", "new login");
wp_set_password("new password", $user->ID);
}

Here, instead of "new login" and "new password", you must enter the appropriate data. After that, through any ftp client, you need to get access to the root folder of the site (you need to log in under the hoster's data); next find the wp-content directory and go to the mu-plugins folder. If there is no such folder, then create it and place the previously created file with the above contents. Note that you can “name” it as you like, but the main thing is that the file at the end has the .php extension.

Now you need to try to go to the admin panel of your site and enter a new username and password. After that, as a rule, everything will start working, but just do not forget to demolish this file so that it does not slow down the resource. If all the above options did not suit you, then you should ask your hosting provider for help - maybe the problem is a malfunction of some functions, and therefore you cannot log in. We hope that now you will not have questions about how to log into the WordPress admin area.

The WordPress admin panel or the administrative part of the WordPress site is designed to manage the content of the site: editing articles, changing themes, placing widgets, managing media files, editing the site code, including the CSS appearance.

WordPress Admin - Login

All WordPress user groups, except for subscribers, can be included in the site's admin panel. True, each user group has its own permissions for editing content.

However, even an administrator cannot log into the WordPress admin area without a username and password. Administrator login and password, set when . There, it's worth remembering.

WordPress admin login address

The URL to enter the insecure admin area of ​​the site is as follows:

• http://your_site.ru/wp-login.php or
• http://your_site.ru/wp-admin/

How to get into the admin area from the site

To get to the administrative part of the site from its front part, you need to place the Meta widget on the site. It has four links: Login, Register, Post RSS, Comment RSS, WordPress link. The last three links can be removed. Read: .

If you forgot your password and login to the WordPress admin panel, it's unpleasant, but not fatal. There are several options to restore them.

How to reset your admin password

To recover the administrator password for logging into the admin panel, you can use one of the three recommended methods. Read about them in the article:.

How to remember administrator login

How to change your WordPress admin password

If you are logged into the admin panel and want to change your administrator password, go to the Users →Your profile tab. In the lines: "New password" and "Repeat new password", change the password to enter the admin panel. Remove the old password from the browser's password cache.

Logging into the WordPress admin area using your WordPress.com account

You can make it easier to log in to your site's admin panel by syncing your site account with your WordPress.com accounts. You can use . The 33 features of the Jetpack plugin include an authorization module, through a WordPress.com account.

WordPress admin Login

How to protect your WordPress admin from being hacked

WordPress security plugins

Install one of the wordpress security plugins on your system. Almost, in all plugins of this type, there is a module to protect the admin panel from unauthorized entry. The admin panel is protected in different ways: the number of incorrect login attempts is limited, the login address to the admin panel is changed and / or encrypted, etc. Read more in the articles:

Let's take a look at the content of the WordPress admin area.

What is included in the wordpress admin

Customizing the appearance of the WordPress admin

The settings for the appearance of the admin panel are located at the top of the page on the exit screen. It is called "Screen Settings" and is present on each tab of the admin panel, with its own settings elements.

Let's see how it changes the appearance of the admin panel using the example of the Console - the main page of the admin panel.

WordPress admin

Open the "Screen Settings" and tick the checkboxes in the required boxes. The checked console modules appear on the console page. Everything is simple. The number of modules will increase as new plugins are installed.

Conclusion

WordPress admin design changes over time. Recently, new color schemes have been added (they are on the User-Your Profile tab), but fundamentally it remains unchanged. This is the left panel of the console and the top technical menu.

The article is intended for beginners or those who have not worked with WordPress for a long time. In any case, the purpose of the publication is to reveal a simple question: “How to log into the WordPress admin area?”. The entry will be short and constructive and do not forget simple things anymore).

So, in order to log into the WordPress admin panel, there are several ways at once, let's consider everything in order.

Article navigation:

How to log in to the WordPress admin panel, how to log in to a WordPress site.

In order to log in, you need to enter the following line in the browser line:

your-site-url/wp-login.php

I think that after viewing this line and trying it in practice, you will succeed and you will leave the site, but don't rush, there's something else waiting for you. First, let's look at the second option for entering the WordPress admin panel.

This method is also intended for the address bar of the browser:

your-site-url/wp-admin

This request will redirect you to the address specified in the first option, after which you will see the following login form:

For those who are especially lazy to read, there is a quick video tutorial:

Can't login to WordPress admin?

If these two options do not suit you, then most likely you have some kind of php error. It may not be visible to you, in order to enable error display, you need to write the following line in the wp-confit.php file:

Define("WP_DEBUG", true);

This command will allow the output of errors in the browser, after the successful solution of the task, delete it, your users do not need errors.

Errors may vary. The most common are:

1. The template files were not corrected correctly, there may be empty lines at the end, often in the wp-config.php file.
2. Plugin removed incorrectly.
3. Website theme incompatibility with WordPress version.

This is not all, but the main possible problems due to which you will not be able to log into the WordPress admin area. We will consider the variants of errors themselves and the way to solve them separately.

Promised addition to the article:

Did you know that you can find answers to most of the standard WordPress questions on the FAQ page of the wordpress.org Russian forum?

I hope you now know how to log into the WordPress admin area, and if you suddenly forget, you can always refer to this article. Even if you think that you have nothing more to learn, read this collection of questions / answers and you will surely find something useful for yourself.

Default go to WordPress admin You can use any of the following links:

http://your_site/wp-admin

http://your_site/wp-login.php

A page will open with a form in which you must specify the username (administrator) and password. You entered this data at the time.

Click “Login” and if the specified user with such a password exists, then you will be taken to the WordPress admin panel (administrative part).

This is where you will spend most of your time while working with the site. Although, writing articles can and should be moved outside the admin area. Those. do it through a third party program. The most popular of these is Windows Live Writer. I will write about this later. Some more points can be done directly in the files, but in general, the entire process of setting up, installing plugins, etc. will take place in this administrative part.

At the beginning of the article, I wrote that the specified admin panel URLs are available by default. Those. Immediately after installing WordPress, you will be able to use them in the admin area. But, in the future, in order to avoid brute force attacks, it will be necessary to change the address of the admin panel and the name of the administrator. I will also write about this in one of the following articles.

I think the question “How to log into the WordPress admin area?”- Opened and did not cause any difficulties.

The WordPress admin area is the administrative part of the site, where all the site settings are located. By default, the WordPress admin login is located at .../wp-login.php . The admin panel itself is located at .../wp-admin/ .

The admin panel is the most important part of the site. If a hacker gains access to the admin panel, he can do whatever he wants with the site. It will likely change the admin password or create a new admin and delete the old one. Therefore, the entrance to the WordPress admin area should be well protected.

There are several ways to get into the WordPress admin area:

1. Via wp-login.php
2. Via xmlrpc.php
3. Via admin email
4. Through hosting
5. Through the database

In this article, you will learn all the basic ways to protect the WordPress admin from hacking and several ways to log into the admin if password recovery does not work, or if a hacker has taken control of the site.

Admin login via wp-login.php

Each registered user has access to the admin panel. Each user is assigned a role upon registration, which determines what the user can or cannot do. By default, there are 5 roles in WordPress:

1. Administrator
2. Editor
3. Author
4. Participant
5. Subscriber

Some plugins add new roles, for example WooCommerce creates Client and Store Manager roles, Yoast SEO plugin creates SEO Editor and SEO Manager roles. You can add new roles manually or with plugins and give them the right permissions.

The administrator has full access to all settings in the admin menu. Other users have less rights to manage the admin panel. Subscribers have the most limited rights, they only have access to their profile on the site.

Despite the fact that the subscriber has minimal rights in the admin panel, use complex logins and passwords for subscribers and all other users on the site.

Use a complex username and password

When installing WordPress, the site administrator is given a name admin default.

Login admin- the first one that is tried by hackers when trying to guess the login and password to the site. Hackers use bots that automatically crawl thousands of sites and use lists of popular usernames and passwords that are freely available.

Don't use names admin, administrator, test, demo, site domain and similar as a login. Also don't use simple/common passwords qwerty, password, 12345 , 1q2w3e, yutsuken and so on.

WordPress has a built-in password generator. Navigate Users — Your profile — Account Management.

You can store passwords in a password store like lastpass.com or a browser, or create your own complex password like I have a poodle dog who was born in 2018: UmespP,krv2018.

Disable errors

Login correct, password incorrect

When the hacker finds the correct login, he will only have to guess the password. In order not to give a hint to a hacker, change the message to a neutral one, for example, The login or password you entered is incorrect.

Change the address of the WordPress admin login page

To make it harder for hackers to guess your login and password, move the login page from the standard.../wp-login.php to something unique, like.../entry-page .

Before they start cracking passwords, they will have to find a page where they can do it.

Limit the number of failed login attempts

By default, WordPress does not limit the number of failed login attempts, and a hacker can try as many login and password combinations as he wants.

First, it is dangerous because there is some chance that the hacker will eventually find the right combination and enter the site. Secondly, repeated attempts to enter the site consume server resources, especially if they are performed automatically by hackbots.

To limit the danger and reduce the load on the server, set the limit for failed authorization attempts. This can be done with specific plugins like Limit Login Attempts Reloaded or Login LockDown , or with large security plugins that have this feature among others like Wordfence or All In One WP Security & Firewall .

Add two-factor authentication or additional questions

Two-factor authentication is identification through a username and password, plus additional identification through a smartphone or e-mail. There are free plugins to enable dual authorization, such as Google Two-Factor Authentication , Google Authenticator or Duo Two-Factor Authentication .

Quite an interesting two-factor authentication plugin UNLOQ Two Factor Authentication (2FA):

For it to work, you need to install the application on your smartphone, after which push notifications will be sent to it, in which you can allow or deny access. You can set up login only by push notifications or together with a one-time code on a smartphone or e-mail.

A simplified version of this idea is additional questions on the authorization page. Install the WP Security Questions plugin:

Additional questions on the authorization page

Set a password for the login page

Another thing you can do to make the login page more secure is to set a password for it.

Password to access the page

To do this, you need to create a file with passwords and add the code to . .

Login to the admin panel through xmlrpc.php

Xmlrpc.php is another entry to the admin panel, but for robots. This is the API that is used to access the site through the WordPress mobile app, for trackbacks and pingbacks, and is used by the Jetpack plugin. XML-RPC is also used by hackbots for brute-force attacks with logins and passwords.

Instead of trying to pick up a username and password on a regular login page, where you can set a limit on the number of login attempts, the bot can try an unlimited number of combinations through the xml-rpc interface.

If you are not using the mobile app, trackbacks and pingbacks, or the Jetpack plugin, you can disable this interface. This will reduce the likelihood of hacking and save server resources, because bots automatically try thousands of login and password combinations.

If you use any of these, then leave this feature enabled or partially enabled, and use a complex login and password.

Access to the admin panel through the administrator's mail

An attacker can come to the password recovery page and request a password reset via email.

If an attacker knows what email address the administrator account is registered to, and you use a weak password for this mailbox, then a hacker can guess the password for it.

The hacker will request a password reset, go to your mailbox, change the password of the site administrator account, go to the site, create a new administrator and delete the old administrator.

To prevent this from happening, use a complex password for your mailbox.

Access to the admin panel via hosting or FTP

The hosting has access to the site files through the file manager. By adding scripts to files, a hacker can enter the site. It is called .

In addition to access to files on the hosting, there is access to the database. In the database, a hacker can change the administrator password and enter the site.

Read the next section on how to edit an admin account to take back control of an admin account.

Always use strong passwords for hosting and FTP.

Access to the admin panel through the database

The database contains the accounts of all site users. If a hacker gets into the database, he can change the administrator entry, or add a new one.

The database can be accessed from the hosting panel or via FTP. To connect to a database, you need data from a file :

entry define('DB_HOST', 'localhost'); means that you can only connect to the database from the local server.

Transfer wp-config.php up one level and give it permissions 400 or 440, depending on the server settings.

Use a complex login and password to connect the database.

Part 2. How to log into the WordPress admin panel

If you can't login to the admin panel, try resetting your password via email.

Recover admin password via email

• your-site.ru/wp-login.php)
• Click link Forgot your password?
• Enter administrator email address
• Click Get a new password

If the letter does not arrive in the mailbox, check in the folder Spam. The problem may be that your mail service does not let through a letter from a suspicious address. Or that your site has been hacked.

The next method is to try changing the admin password on the database.

Change the admin password in the database

Go to the hosting, open the database and find the user table wp_users(or ). Open the user table and go to the administrator account.

In the administrator account, change the password and try to access the site with the new password:

Change database admin email

If this method doesn't work, try changing the admin email in the database.

In this method, you will change the admin email and request a password reset to the new email on the password reset page.

Log in to the hosting, open the database, open the administrator account and change the e-mail to a new one:

Return to the site and request password recovery:

• Go to the login page (by default your-site.ru/wp-login.php)
• Click link Forgot your password?
• Enter a new admin email address
• Click Get a new password

A message with a link to change the password should be sent to the new e-mail. If the message does not arrive, check in the folder Spam.

How to change WordPress admin password without database access

If you don't have access to the database, but you do have access to the site's files via FTP or hosting, you can try adding a script that will change the admin password in the database.

Add script to folder /wp-content/mu-plugins/. The script will reset the current administrator password and replace it with a new one.

Another way to get into the WordPress admin panel is to create a new administrator.

How to create a new WordPress administrator without access to the admin panel and database

If you do not have access to the database and none of the previous methods helped you, try adding the script to the file .

This script will create another admin account. You will log into the site in the new administrator account, and delete the other administrator account.

Another way to create an admin is to add a script to the /wp-content/mu-plugins/ folder.

Go to the site and delete the old administrator account/s.

Bonus. How to change the image on the login page

You can change the standard image on the admin login page to your own using the script in the file functions.php.

Add this code:

Specify the path to the image on line 5. Replace the sizes with your own on lines 6-11, or add your own css.