A security breach happened on your site. You’re unable to access your WordPress account. You try again with your Username and Password but to no avail. What now? You’re locked out.
Don’t worry. If you’re locked out of your site and can’t log in with your WordPress credentials. The chances are, there might be some issues with any of the plugins. You need to disable all of them.
But the problem is not solved. You’re still locked out and can’t access your WordPress. How can you disable your plugins when you can’t even log-in?
Well, there are two ways you can go about deactivate WordPress plugins without having access to your WordPress dashboard. Both of these methods, however, require you to access the cPanel or backend of your hosting provider.
Let’s look at the first method you can use.
Deactivate WordPress Plugins Through FTP
This step involves the use of an FTP client, aka a File Manager, which comes pre-packaged with your web hosting plan. Here’s a quick YouTube tutorial to help you get acquainted with FTP.
Using the File Manager in cPanel, connect your WordPress site.
Once you’ve done that, navigate to the /wp-content/ folder located directly underneath the /public_html/ folder.
Upon entering the folder, navigate to a folder titled “plugins.” It is the place where your WordPress plugins lie.
Right Click and select Rename to change the name of your folder.
You could name it anything. For the sake of convenience, we’ve titled this as “plugins.deactivate.”
With the name changed, WordPress can’t locate the Plugins folder. Since it can’t locate, it cannot fetch and serve the plugins to the WordPress dashboard.
Now, try to log-in again and see if the problem persists. If it doesn’t, you should be able to log-in to your WordPress account. The issue was with your plugins all along.
Security Consideration: Always install trusted themes and plugins. A significant facet of WordPress security is to NOT use themes and plugins from external sources. Even if it is an external source, make sure it is a trusted one.
When you’ve logged in to your site, visit the plugins section, and you will see that your previously installed plugins are now deactivated.
At the same time, you will also see that the plugins are deleted too. Since they’re in the folder, you renamed you don’t have to worry about installing them again.
To recover them, simply go back to your FTP client and rename the folder from “plugins.deactivate” to “Plugins” again.
Log in to your WordPress again, and you will them installed but deactivated. Reactivate them one at a time and try to log-in. If you activate a plugin, log-out, but cannot log-in again, you need to do the FTP process mentioned above again. Once you’ve done that, delete the plugin that’s causing the problem entirely.
Once all your plugins are giving you the OK, the only thing left to do is to report the plugin that caused the issue to its developers.
Deactivating Through phpMyAdmin
If you’re a technical individual looking to solve this problem at a deeper level than the FTP process, only then we would recommend the following method. As opposed to the former, the latter is a lot more complex and requires some level of technical knowledge.
With that out of the way, it’s essential to inform you that you can delete your WordPress plugins through your phpMyAdmin account.
For this, you need to access the cPanel of your WordPress website. The interface of the cPanel varies from provider to provider. Yours may look a little different. In the image below, we have used the cPanel interface provided by Bluehost.
More often than not, the contents would be the same, even if the interface is different. Regardless, you will have to navigate to the phpMyAdmin icon, which is usually under the “Databases” section.
Once you click on the icon, the database manager will open up in your browser. From there, you will have to select a WordPress database. From there, you’ll be led to the WordPress data tables.
These tables perform a variety of different functions, which you need not know. That said, you will notice that all of them have the same wp_prefix written before the table name. Depending on your database, the prefixes may or may not be the same.
Visit the wp_options tab. Underneath the row titled option_name. There is a database called “active_plugins.” To the left of that entry, you will see an “Edit” option. Click on it to proceed.
It is where it gets tricky since the interface of the entry might differ from one provider to another. Anyways, inside of the entry, you will have to locate the option_value tab. On the box next to it, paste the following value:
Now click on Go to save changes.
Done! You’ve successfully deactivated all your WordPress plugins.
Try to log-in to your site again. If it’s successful, then it means you’ve cleared the breach.
Security is an essential factor in your WordPress journey.
There are plenty of ways you can protect your site from hackers and other malicious parties.
Regardless of whether you develop your website yourself or go for the services of a WordPress development agency, you should always keep security in mind first and foremost. From ensuring your themes and plugins are secure, among other concerns.
Lastly, a little bit of vigilance can go a long way in ensuring the existence of your website online.
Ammar Naeem is a WordPress whiz, specializing in WP development and security. He is passionate about giving back to the community and helping others. Playing with the analytical data and digging into useful insights is his most favorite thing to do
WPBN is curated news aggregator website focusing on trending and hot news from the WordPress community.