Trusted WordPress tutorials, when you need them most.
Beginner’s Guide to WordPress
WPB Cup
25 Million+
Websites using our plugins
16+
Years of WordPress experience
3000+
WordPress tutorials
by experts

How to Fix the 401 Error in WordPress (7 Solutions)

Editorial Note: We earn a commission from partner links on WPBeginner. Commissions do not affect our editors' opinions or evaluations. Learn more about Editorial Process.

Are you seeing a 401 error on your WordPress site?

The 401 HTTP status code is one of the most confusing WordPress errors out there, as it can lock you out of your WordPress website. It is sometimes accompanied by a message ‘Access is denied due to invalid credentials’ or ‘Authorization required.’

In this article, we will show you different solutions to easily fix the 401 error in WordPress. We will also discuss what causes it and how to avoid it in the future.

Fixing the 401 error in WordPress

What Causes the 401 Error in WordPress?

The 401 error in WordPress is caused by improper authentication while communicating with the WordPress web hosting server.

For example, if you have password-protected your WordPress admin folder, then not entering a password will show an HTTP 401 error page on the WordPress login and admin pages.

401 Authorization failed error

However, in some cases, you may see this error even without adding any special password protection to your website.

For example, WordPress security plugins can lock down your admin area during a brute-force attack.

Security measures taken by hosting companies to protect your WordPress website can also cause this error. They can trigger the 401 error code when your WordPress login web pages are accessed excessively.

Mostly, 401 errors appear on WordPress admin and login pages. That said, it could also appear on all pages of your website. You will need to troubleshoot exactly what’s causing the error and then fix it.

Now, let’s take a look at different solutions to quickly fix the 401 error in WordPress. Feel free to use the quick links below to jump to a specific method:

Locate the Right WordPress Login URL

Before anything else, you may want to check if you are logging in to the wrong URL in the first place. You may be seeing the error because you’ve mistyped or misremembered the full login address.

If this is the case, we recommend reading our beginner’s guide on how to find your WordPress login URL.

Reset WordPress Password

WordPress hosting companies can sometimes block access to wp-admin and wp-login pages because of failed login attempts.

In that case, your access will be temporarily blocked, and you can try after a few minutes.

However, instead of guessing your login credentials, it is best to recover your forgotten WordPress password.

Lost password

WordPress will send you an email with a link to change your password. The problem with this method is that sometimes WordPress may fail to send emails.

If you don’t get the email, then don’t worry. You can also reset the WordPress password using phpMyAdmin.

Temporarily Remove Password Protection on WordPress Admin

If you have password-protected your WordPress admin directory, then this could be the solution you need.

You may have forgotten your admin directory password, or your server configuration might have changed.

To fix this, you need to log in to your WordPress hosting control panel. Then, click a setting that says ‘Directory Privacy’ or ‘Password Protected Directories.’

Our screenshot is showing our Bluehost hosting account, but most hosting panels will have this option.

Directory privacy

Once you open it, you will see all the files and folders on your hosting account. Browse to your wp-admin directory and select it by clicking on the name.

The control panel will now display its password protection settings. Simply uncheck the box next to the ‘Password protect this directory’ option and click on the ‘Save’ button.

Disable password protection

After that, click on the ‘Go Back’ button and scroll down to the bottom of the page. From here, you need to delete the username you use to log in to your password-protected directory.

You have now successfully disabled password protection for your WordPress admin directory. You can now try to log in to your WordPress site.

If everything works normally, then you can go ahead and enable password protection for your WordPress admin area by creating a new user and password.

Clear Firewall Cache to Solve the 401 Error in WordPress

If you are using a cloud-based WordPress firewall service like Sucuri or Cloudflare, then the 401 error may be triggered when the firewall fails to communicate with your website.

In this tutorial, we will show you how to purge the firewall cache in Sucuri and Cloudflare.

Purge Cache in Sucuri Firewall

If you are using Sucuri, then you need to log in to your Sucuri dashboard and visit the ‘Firewall (WAF)’ page. From here, simply switch to the ‘Clear Cache’ tab and then click on the ‘Clear cache’ button.

Clear Sucuri cache

Purge Cache in Cloudflare

For those using Cloudflare, you need to log in to the Cloudflare dashboard and go to the ‘Caching’ section. Now, just click on the ‘Purge everything’ button to clear the cache.

Cloudflare clear cache

After clearing your firewall cache, go ahead and clear your web browser cache or WordPress cache as well. You can see our complete guide on how to clear your cache in WordPress for more details.

Switch to a Default WordPress Theme

Sometimes, a function inside your WordPress theme may trigger the 401 error on your website. To find out if this is true, you need to temporarily switch to a default WordPress theme.

Default themes are made by the WordPress team and are shipped with the default WordPress install. These themes include Twenty Twenty-Three, Twenty Twenty-Two, Twenty Twenty, Twenty Nineteen, and more.

First, go to the Appearance » Themes page. If you have a default WordPress theme installed, then you can go ahead and activate it.

Activate a default theme

If you don’t have a default theme installed on your site, then you need to install and activate it. See our guide on how to install a WordPress theme for instructions.

After switching the theme, you can test your website. If everything works okay now, then this means your theme was causing the 401 error.

You can report the issue to the theme developer, and they may be able to help you fix it. If that doesn’t work, then you can permanently change your WordPress theme.

Deactivate All WordPress Plugins

A misbehaving or poorly configured WordPress plugin can also trigger the 401 error. You will need to temporarily deactivate all WordPress plugins to find out if the error is caused by one of them.

You can simply deactivate all installed WordPress plugins from inside the admin area by visiting the Plugins page. Check the box in the top left to select all the plugins, choose ‘Deactivate’ from the ‘Bulk actions’ dropdown menu, and then click ‘Apply’.

Deactivate all plugins

However, if you cannot access the WordPress admin area, then you will need to use FTP to deactivate all WordPress plugins.

All you need to do is connect to your WordPress site using an FTP client. Once connected, go to the /wp-content/ folder and rename the plugins folder to ‘plugins.deactivated’.

Deactivate all WordPress plugins via FTP

Renaming the plugins folder will deactivate all WordPress plugins.

You can now visit your WordPress website’s admin area and try to log in. If everything works fine, then this means that one of the plugins was causing the issue.

Now, you need to switch back to the FTP client and once again rename the plugin’s folder to just ‘plugins’.

Next, return to the WordPress admin area and go to the Plugins page. You can now activate each plugin one at a time until you start seeing the 401 error again.

This will help you find the plugin causing the issue. Once you have found the plugin, you can contact their support or find an alternative plugin.

Contact Your WordPress Hosting Provider

Many WordPress hosting companies automatically detect suspicious activity on a WordPress website and block access to prevent attacks.

These security precautions sometimes only affect the WordPress admin area, and your login page may become inaccessible for a while.

Too many login attempts

However, if it does not return to a normal state, or you are seeing a 401 error on all your site pages, then you will need to contact your WordPress hosting provider immediately. Their staff can check the access and error logs to fix the issue for you.

For future prevention, you can follow our complete WordPress security guide to protect your WordPress admin area from unauthorized access.

We hope this guide has helped you fix the 401 error in WordPress. You may also want to see our complete WordPress troubleshooting guide and check out our expert picks for the best WordPress plugins to grow your website.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us. Here's our editorial process.

Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi with over 16 years of experience in WordPress, Web Hosting, eCommerce, SEO, and Marketing. Started in 2009, WPBeginner is now the largest free WordPress resource site in the industry and is often referred to as the Wikipedia for WordPress.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit - a collection of WordPress related products and resources that every professional should have!

Reader Interactions

4 CommentsLeave a Reply

  1. Syed Balkhi says

    Hey WPBeginner readers,
    Did you know you can win exciting prizes by commenting on WPBeginner?
    Every month, our top blog commenters will win HUGE rewards, including premium WordPress plugin licenses and cash prizes.
    You can get more details about the contest from here.
    Start sharing your thoughts below to stand a chance to win!

  2. Jiří Vaněk says

    A VPN can also cause the 401 problem. Watch out for that. Some providers have Geo-IP blocks set on their servers, and if you are on a VPN, you have an IP address of a foreign country from which you may not be able to access WordPress. The same applies if you have a security plugin on your website that monitors your location.

  3. dimiter kirov says

    Thank you for this article and off topic : as a regular mobile user I think it will be more comfortable at least for me you to implement “Back to top” button!

    Once again: The content is great but UX not so much

Leave A Reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.