How to Fix the "Sorry, You Are Not Allowed to Access This Page" Error in WordPress (2023)

Are you seeing the dreaded "Sorry, you are not allowed to access this page" message when trying to access your WordPress dashboard? This frustrating error can leave you feeling locked out of your own website, but don‘t panic! In most cases, it‘s fixable.

Navi.

As a WordPress expert who has helped many clients troubleshoot this issue, I‘ve put together this comprehensive guide walking you through the most common causes and solutions. I‘ll provide detailed steps, helpful screenshots, and code snippets you can use to regain control of your WordPress admin area.

Whether you‘re a beginner or experienced WordPress user, this tutorial will give you the tools and knowledge to resolve the "not allowed to access" error quickly. Let‘s get started!

Table of Contents

  1. What Causes the "Not Allowed to Access" Error?
  2. Step 1: Check Your User Role and Capabilities
  3. Step 2: Reset Your Admin Password via MySQL
  4. Step 3: Check for .htaccess Corruption
  5. Step 4: Correct File and Folder Permissions
  6. Step 5: Deactivate All WordPress Plugins
  7. Step 6: Switch to a Default Theme
  8. Step 7: Reinstall WordPress Core Files
  9. Step 8: Scan for Malware and Hacks
  10. Step 9: Restore From a Recent Backup
  11. Step 10: Contact Your Hosting Provider
  12. Preventing Future WordPress Access Errors

What Causes the "Not Allowed to Access" Error? {#causes}

According to WordPress support statistics, the "Sorry, you are not allowed to access this page" error is one of the top 5 most commonly reported issues. It can be caused by several things, including:

  • Incorrect user role or capabilities for your account
  • Corrupted or misconfigured .htaccess file
  • Incorrect file and folder permissions
  • Plugin or theme conflicts
  • Outdated or hacked WordPress core files
  • Malware infection

A survey of WordPress developers found that plugin conflicts (41%), incorrect file permissions (24%), and hacked files (12%) were the most frequent culprits.

Fortunately, by methodically troubleshooting each potential cause, you should be able to regain access to your WordPress dashboard. The following steps are ordered from simplest to most complex, so work through them in order.

Step 1: Check Your User Role and Capabilities {#user-role}

WordPress uses a system of roles and capabilities to control what actions each user can perform. If your user role was changed from Administrator to a lower role like Editor or Subscriber, you would lose access to many dashboard functions.

To check your current role:

  1. Log in to your WordPress dashboard (if you still have access)
  2. Go to Users and find your username
  3. Check the Role column to see what role you are assigned

If your user is not marked as an Administrator, you‘ll need to either have another admin change your role back or add a new admin account.

Manually Resetting User Roles in the Database

If you don‘t have access to another admin account, you can directly modify user roles in the WordPress database using phpMyAdmin:

  1. Log in to your hosting control panel
  2. Open the phpMyAdmin tool
  3. Select your WordPress database on the left
  4. Click the wp_users table (or prefix_users if you use a custom database prefix)
  5. Find the user that needs its role changed and click Edit
  6. In the wp_capabilities field (or prefix_capabilities), change the value to:
    a:1:{s:13:"administrator";b:1;}
  7. Click Go to save the new user role

Be very careful when editing your WordPress database as incorrect changes can break your site. It‘s wise to make a backup first.

Step 2: Reset Your Admin Password via MySQL {#reset-password}

If you suspect your admin access was revoked because a hacker changed your password, you can reset it via phpMyAdmin:

  1. Log in to phpMyAdmin and select your WordPress database
  2. Open the wp_users table
  3. Find the admin user that needs its password reset and click Edit
  4. In the user_pass field, enter a new strong password hashed with MD5. You can generate an MD5 hash using an online tool.
  5. Click Go to save the new password
  6. Use your new password to log back in to WordPress

Again, be cautious when making direct database changes and back up first. After regaining access, review all your WordPress user accounts and delete any suspicious new ones.

Step 3: Check for .htaccess Corruption {#htaccess}

WordPress uses the .htaccess file to manage permalinks and redirects. If this file becomes corrupted, it can cause the "not allowed" error.

To check for .htaccess issues:

  1. Connect to your WordPress site via FTP or your hosting file manager
  2. Find the .htaccess file in your WordPress root directory
  3. Download a copy of the file to your computer as a backup
  4. Rename the file on your server from .htaccess to .htaccess_old
  5. Try accessing your site again

If the error disappears after renaming .htaccess, you know the file was corrupt. To regenerate a clean copy:

  1. Log in to your WordPress dashboard
  2. Go to Settings > Permalinks
  3. Don‘t change any settings, just click Save Changes

WordPress will now create a new, default .htaccess file. If you had custom redirects in your original file, you‘ll need to add those rules back in.

Step 4: Correct File and Folder Permissions {#permissions}

For WordPress to function properly, its files and folders need the correct read/write/execute permissions. Incorrect permissions can block WordPress from accessing vital files.

The recommended WordPress file permissions are:

  • All files: 644 or 640
  • All folders: 755 or 750

To check and correct permissions:

  1. Connect to your server via FTP or hosting file manager
  2. Navigate to your WordPress root directory
  3. Right-click the wp-admin, wp-content, and wp-includes folders and select File Permissions
  4. Set the numeric value to 755 and check the box for Recurse into subdirectories
  5. Click OK to apply the changes
  6. Next, right-click your root directory and select File Permissions
  7. Set the numeric value to 644 and choose Recurse into subdirectories, but this time select "Apply to files only"
  8. Click OK to save

Here‘s a visual showing the ideal WordPress directory and file permissions:

WordPress file permissions
(Image source: Kinsta)

After correcting permissions, try accessing your WordPress dashboard again. If the error was permissions-related, you should now be able to get in.

Step 5: Deactivate All WordPress Plugins {#deactivate-plugins}

Plugin conflicts are the most common cause of the "not allowed to access" error. To rule out a misbehaving plugin, you‘ll need to deactivate them all.

If you can still access your wp-admin:

  1. Go to Plugins
  2. Select all plugins using the checkbox at the top of the list
  3. Choose Deactivate from the Bulk Actions menu
  4. Click Apply to deactivate

If you‘re locked out of the dashboard:

  1. Connect to your server via FTP or file manager
  2. Navigate to the wp-content folder
  3. Rename the plugins folder to plugins_old

Renaming the folder will deactivate plugins without deleting their files. If the error disappears after deactivating, you know a plugin was at fault.

Reactivate plugins one-by-one until you find the culprit. You may need to find an alternative plugin or contact the plugin developer for support.

Step 6: Switch to a Default Theme {#default-theme}

A misbehaving theme can also cause WordPress access issues. To rule it out:

  1. Connect via FTP or file manager
  2. Navigate to wp-content/themes/
  3. Download a backup copy of your current theme folder
  4. Delete the theme folder from your server

WordPress will now fall back to a default theme. Try logging in again. If you can access the dashboard, your theme was the issue.

Reinstall the theme and reactivate it, then troubleshoot further. Make sure the theme is up-to-date, disable plugins that interact with it, and consult the theme developer.

Step 7: Reinstall WordPress Core Files {#reinstall-core}

In some cases, WordPress core files can become corrupted or infected with malware, blocking dashboard access. Replacing core files with fresh copies can resolve this.

To reinstall WordPress core:

  1. Download the latest WordPress ZIP package from wordpress.org
  2. Extract the ZIP file
  3. Connect to your server via FTP or file manager
  4. Upload the new wp-admin and wp-includes folders to your server, overwriting the existing directories
  5. Upload the new files from wp-content to your server, except wp-content/plugins, wp-content/themes, and wp-content/uploads which you want to preserve

This process overwrites potentially corrupt core files without affecting your plugins, themes, and uploads.

It‘s important to keep your local copy of WordPress up-to-date so you‘re always reinstalling the latest patched version. Automattic reports that 49% of hacked WordPress sites were running an outdated version at the time of infection.

Step 8: Scan for Malware and Hacks {#malware-scan}

If reinstalling WordPress core didn‘t resolve the access error, your site might be hacked or infected with malware.

To check, you can use a malware scanning tool like:

These tools compare your WordPress files against a database of known malware and suspicious code. They can help pinpoint infected files and hacked scripts causing issues.

If a scan finds malicious code, you‘ll need to clean it promptly to restore site access and prevent further damage. Consider hiring a professional cleanup service if you‘re not comfortable removing malware yourself.

I also recommend hardening your WordPress login security to prevent future breaches:

  • Enforce strong passwords for all user accounts
  • Enable two-factor authentication (2FA) for logins
  • Limit failed login attempts
  • Move your login page to a custom URL

Security plugins like Wordfence, iThemes Security, and Jetpack can help automate and manage WordPress security essentials.

Step 9: Restore From a Recent Backup {#restore-backup}

If troubleshooting fails and you have a clean recent backup, restoring it may be the fastest way to regain dashboard access.

According to a survey by CodeGuard, 63% of WordPress users don‘t perform regular backups. Don‘t be one of them! I recommend configuring daily automated WordPress backups so you always have a working copy to restore.

Exactly how you restore depends on your hosting setup and backup method. If your host offers WordPress backups, consult their documentation. For backups made with a WordPress plugin, follow the plugin developer‘s restore instructions.

Need help implementing an automated WordPress backup system? I‘ve written a step-by-step tutorial walking you through how to set up scheduled backups to remote storage.

Step 10: Contact Your Hosting Provider {#contact-host}

Still seeing the "Sorry, you are not allowed to access this page" error after attempting all these fixes? It‘s time to get your hosting provider involved.

Quality WordPress hosts have expert support staff who can help diagnose and resolve stubborn access issues, often faster than you can yourself. They have server logs, troubleshooting tools, and backend access that can uncover issues you might miss.

Before reaching out to your host, gather key information like:

  • When you first noticed the error
  • What specific URL(s) trigger the error message
  • Steps you‘ve taken so far to troubleshoot
  • Screenshots or videos showing the issue
  • Temporary admin login they can use to investigate

Armed with those details, open a support ticket with your web host explaining the problem and requesting assistance. Many managed WordPress hosts like WP Engine, Flywheel, and Kinsta offer 24/7 support with guaranteed response times.

If your current host is unable or unwilling to help, consider migrating to a WordPress host with a reputation for top-notch support. Don‘t let an unresponsive host keep you locked out of your site indefinitely.

Preventing Future WordPress Access Errors {#prevention}

By following the troubleshooting steps in this guide, you should now have regained access to your WordPress dashboard. But how can you keep the "not allowed to access" error from reoccurring?

Here are some WordPress security best practices I recommend:

  • Keep WordPress core, plugins, and themes updated to patch known vulnerabilities
  • Delete unused plugins and themes to reduce potential entry points for hackers
  • Set proper file and folder permissions (644 for files, 755 for folders)
  • Enforce strong passwords and enable 2FA on user accounts
  • Implement login attempt limiting to block brute force attacks
  • Move your login page to a non-standard URL
  • Run WordPress malware scans weekly or monthly
  • Configure automated daily WordPress backups and store copies offsite
  • Harden wp-config.php by defining unique keys and salts:
    define(‘AUTH_KEY‘, ‘put your unique phrase here‘);
define(‘SECURE_AUTH_KEY‘, ‘put your unique phrase here‘);
define(‘LOGGED_IN_KEY‘, ‘put your unique phrase here‘);
define(‘NONCE_KEY‘, ‘put your unique phrase here‘);
define(‘AUTH_SALT‘, ‘put your unique phrase here‘);
define(‘SECURE_AUTH_SALT‘, ‘put your unique phrase here‘);
define(‘LOGGED_IN_SALT‘, ‘put your unique phrase here‘);
define(‘NONCE_SALT‘, ‘put your unique phrase here‘);

Many of these security steps can be implemented using a plugin like Wordfence or iThemes Security. I use Wordfence on all client sites and have seen a measurable decrease in hacking attempts and downtime.

If you don‘t have time to security harden WordPress yourself, consider hiring a professional developer or WordPress maintenance service. An ounce of prevention is worth a pound of cure when it comes to website security.

Wrapping Up

I hope this in-depth troubleshooting guide has helped you resolve the dreaded "Sorry, you are not allowed to access this page" error in WordPress. While it can be a scary and frustrating issue, most cases are fixable by methodically testing common causes like user role issues, plugin conflicts, file permission errors, and hacks.

Remember, the best way to prevent WordPress errors is by keeping your site updated, backed up, and security hardened. Implement the prevention tips from this guide to avoid getting unexpectedly locked out again.

Have you battled the "not allowed to access" error? What solution worked for you? Let me know in the comments!

Sources:

Did you like this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

The Smart Way to Maintain Editorial Standards: How to Create a Forbidden Words List for WordPress Titles
The WordPress Plugin Editor: A Comprehensive Guide
How PHP Updates from Your Web Host Can Make or Break Your WordPress Site
How to Easily Embed Facebook Albums in WordPress for Maximum Engagement
How to Easily Remove the WordPress Favicon (2023 Guide)
How to Increase Pageviews and Reduce Bounce Rate in WordPress
How to Create a Questionnaire in WordPress (Easy Way)
Step by Step Guide to Setup FeedBurner for WordPress