Are you seeing a 401 error on your WordPress site? It is one of the most confusing WordPress errors that can lock you out of your WordPress website.
The 401 error has multiple names, including Error 401 and 401 unauthorized error. These errors are sometimes accompanied by a message ‘Access is denied due to invalid credentials’ or ‘Authorization required’.
In this article, we will show you different solutions to easily fix the 401 error in WordPress. We will also discuss what causes it and how to avoid it in the future.
What Causes the 401 Error in WordPress?
The 401 error in WordPress is caused by improper authentication while communicating with the WordPress hosting server.
For example, if you have password-protected your WordPress admin folder, then not entering a password will show a 401 error page on the WordPress login and admin pages.
However, in some cases, you may see this error even without adding any special password protection to your website.
For example, WordPress security plugins can lock down your admin area during a brute-force attack.
Security measures taken by hosting companies to protect your WordPress website can also cause this error. They can trigger the 401 error when your WordPress login pages are accessed excessively.
Mostly, 401 errors appear on WordPress admin and login pages. However, in some cases, it could also appear on all pages of your website.
You will need to troubleshoot exactly what’s causing the error and then fix it.
That being said, let’s take a look at different solutions to quickly fix the 401 error in WordPress.
1. Temporarily Remove Password Protection on WordPress Admin
If you have password-protected your WordPress admin directory, then this could be the solution you need.
You may have forgotten your admin directory password, or your server configuration might have changed.
To fix this, you need to log in to your WordPress hosting control panel. Then, click the ‘Directory Privacy’ or ‘Password Protected Directories’ icon.
Our screenshot is showing our Bluehost hosting account, but most hosting panels will have this option.
Once you open it, you will see all the files and folders on your hosting account. Browse to your wp-admin directory and select it by clicking on the name.
The control panel will now display its password protection settings. Simply uncheck the box next to the ‘Password protect this directory’ option and click on the ‘Save’ button.
After that, click on the ‘Go Back’ button and scroll down to the bottom of the page. From here, you need to delete the username you use to log in to your password-protected directory.
You have now successfully disabled password protection for your WordPress admin directory. You can now try to log in to your WordPress site.
If everything works normally, then you can go ahead and enable password protection for your WordPress admin area by creating a new user and password.
2. Clear Firewall Cache to Solve the 401 Error in WordPress
Purge Cache in Sucuri Firewall
If you are using Sucuri, then you need to log in to your Sucuri dashboard and visit the ‘Firewall (WAF)’ page. From here, you need to switch to the ‘Clear Cache’ tab and then click on the ‘Clear cache’ button.
Purge Cache in Cloudflare
If you are using Cloudflare, then you need to log in to the Cloudflare dashboard and go to the ‘Caching’ section. From here, you must click on the ‘Purge everything’ button to clear the cache.
After clearing your firewall cache, go ahead and clear your browser cache or WordPress cache as well. You can see our complete guide on how to clear your cache in WordPress for more details.
3. Deactivate All WordPress Plugins
A misbehaving or poorly-configured WordPress plugin can also trigger the 401 error. You will need to temporarily deactivate all WordPress plugins to find out if the error is caused by one of them.
You can simply deactivate WordPress plugins from inside the admin area by visiting the Plugins page.
Simply check the box in the top left to select all the plugins, choose ‘Deactivate’ from the ‘Bulk actions’ dropdown menu, and then click ‘Apply’.
However, if you cannot access the WordPress admin area, then you will need to use FTP to deactivate all WordPress plugins.
Simply connect to your WordPress site using an FTP client. Once connected, go to the /wp-content/ folder and rename the plugins folder to ‘plugins.deactivated’.
Renaming the plugins folder will deactivate all WordPress plugins.
You can now visit your WordPress website’s admin area and try to log in. If everything works fine, then this means that one of the plugins was causing the issue.
Now you need to switch back to the FTP client and once again rename the plugin’s folder to just ‘plugins’.
Next, return to the WordPress admin area and go to the Plugins page. You can now activate each plugin one at a time until you start seeing the 401 error again.
This will help you find the plugin causing the issue. Once you have found the plugin, you can contact their support or find an alternative plugin.
4. Switch to a Default WordPress Theme
Sometimes a function inside your WordPress theme may trigger the 401 error on your website. To find out, you need to temporarily switch to a default WordPress theme.
Default themes are made by the WordPress team and are shipped with the default WordPress install. These themes include Twenty Twenty-Two, Twenty Twenty, Twenty Nineteen, and more.
First, go to the Appearance » Themes page. If you have a default WordPress theme installed, then you can go ahead and activate it.
If you don’t have a default theme installed on your site, then you need to install and activate it. See our guide on how to install a WordPress theme for instructions.
After switching the theme, you can test your website. If everything works OK now, then this means your theme was causing the 401 error.
You can report the issue to the theme developer, and they may be able to help you fix it. If that doesn’t work, then you can permanently change your WordPress theme.
5. Reset WordPress Password
WordPress hosting companies can sometimes block access to wp-admin and login pages if someone is repeatedly trying to enter a password.
In that case, your access will be temporarily blocked, and you can try after a few minutes.
However, instead of guessing your password, it is best to recover your forgotten WordPress password.
WordPress will send you an email with a link to change your password. The problem with this method is that sometimes WordPress may fail to send emails.
If you don’t get the email, then don’t worry. You can also reset the WordPress password using phpMyAdmin.
6. Contact Your WordPress Hosting Provider
Many WordPress hosting companies automatically detect suspicious activity on a WordPress website and block access to prevent attacks.
These security precautions sometimes only affect the WordPress admin area, and your login page may become inaccessible for a while.
However, if it does not return to a normal state, or you are seeing a 401 error on all your site pages, then you will need to contact your WordPress hosting provider immediately. Their staff can check the access and error logs to fix the issue for you.
For future prevention, you can follow our complete WordPress security guide to protect your WordPress admin area from unauthorized access.
We hope one of these solutions helped you fix the 401 error in WordPress. You may also want to see our complete WordPress troubleshooting guide and check out our expert picks for the best WordPress plugins to grow your website.