Are you seeing a 401 error on your WordPress site?
It is one of the most confusing WordPress errors that could lock you out of your WordPress website.
The 401 error has multiple names including Error 401 and 401 unauthorized error. These errors are sometimes accompanied by a message ‘Access is denied due to invalid credentials’ or ‘Authorization required’.
In this article, we will show you different solutions to easily fix the 401 error in WordPress. We will also discuss what causes it, and how to avoid it in the future.
What Causes the 401 Error in WordPress?
The 401 error in WordPress is caused by improper authentication while communicating with the WordPress hosting server.
For example, if you have password-protected your WordPress admin folder, then not entering a password will show a 401 error page on WordPress login and admin pages.
However, in some cases you may see this error even without adding any special password protection to your website.
For example, WordPress security plugins can lock down your admin area during a brute force attack.
Another common cause of this error is security measures taken by hosting companies to protect your WordPress website. These security measures start showing this error when your WordPress login pages are accessed excessively.
Mostly, 401 error appears on WordPress admin and login pages. However, in some cases, it could appear on all pages of your website.
You’ll need to troubleshoot exactly what’s causing the error and then fix it.
That being said, let’s take a look at different solutions to quickly fix the 401 error in WordPress.
1. Temporarily Remove Password Protection on WordPress Admin
If you have password-protected your WordPress admin directory, then this could be the solution you need.
You may have forgotten your admin directory password, or your server configuration may have changed.
Head over to your WordPress hosting control panel and locate the Directory Privacy or Password Protected Directories icon.
Our screenshot is showing our Bluehost hosting account, but most hosting panels will have this option.
Once you open it, you will see all the files and folders on your hosting account. Browse to your wp-admin directory and select it by clicking on the name.
The control panel will now display its password protection settings. Simply uncheck the box next to ‘Password protect this directory’ option and click on the Save button.
After that, click on the Go Back button and scroll down to the bottom of the page. From here you need to delete the username you used to login to your password-protected directory.
You have successfully disabled password protection for your WordPress admin directory. You can now try to log into your WordPress site.
If everything works normally, then you can go ahead and enable password protection for your WordPress admin area by creating a new user and password.
2. Clear Firewall Cache to Solve 401 Error in WordPress
Purge Cache in Sucuri Firewall
If you are using Sucuri, then login to your Sucuri dashboard and visit the ‘Performance’ page. From here you need to switch to the ‘Clear Cache’ tab and then click on the ‘Clear cache’ button.
Purge Cache in Cloudflare
If you are using Cloudflare, then you need to login to Cloudflare dashboard and go to the ‘Caching’ section. From here you need to click on the ‘Purge everything’ button to clear all cache.
After clearing your firewall cache, go ahead and clear your browser cache or WordPress cache as well. See our complete guide on how to clear cache in WordPress for more details.
3. Deactivate All WordPress Plugins
A misbehaving or poorly configured WordPress plugin can also trigger the 401 error. You will need to temporarily deactivate all WordPress plugins to find out if the error is caused by one of them.
You can simply deactivate WordPress plugins from inside the admin area by visiting the plugins page.
However, if you cannot access the WordPress admin area, then you’ll need to use FTP to deactivate all WordPress plugins.
Simply connect to your WordPress site using an FTP client. Once connected go to /wp-content/ folder and rename the plugins folder to plugins.deactivated.
Renaming the plugins folder will deactivate all WordPress plugins.
You can now visit your WordPress website’s admin area and try to log in. If everything works fine, then this means that one of the plugins was causing the issue.
Now you need to switch back to FTP client and once again rename the plugin’s folder to just plugins.
Next, return to the WordPress admin area and go to the plugins page. You can now activate each plugin one at a time until you start seeing the 401 error again.
This will help you find the plugin causing the issue. Once you found the plugin, you can contact plugin’s support or find an alternative plugin.
4. Switch to a Default WordPress Theme
Sometimes a function inside your WordPress theme may trigger the 401 error on your website. To find out, you need to temporarily switch to a default WordPress theme.
Default themes are made by the WordPress team and are shipped with the default WordPress install. These themes include Twenty Nineteen, Twenty Seventeen, Twenty Sixteen, and more.
First, go to Appearance » Themes page. Now if you have a default WordPress theme installed, then you can go ahead and activate it.
If you don’t have a default theme installed on your site, then you need to install and activate it. See our guide on how to install a WordPress theme for instructions.
After switching the theme, you can go and test your website. If everything works OK now, then this means your theme was causing the 401 error.
You can report the issue to the theme developer, they may be able to help you fix it. If that doesn’t work, then you can permanently change your WordPress theme.
5. Reset WordPress Password
WordPress hosting companies can sometimes block access to wp-admin and login pages if someone is repeatedly trying to enter a password.
In that case, your access will be temporarily blocked, and you can try after a few minutes.
However, instead of guessing your password it would be best to recover forgotten WordPress password.
WordPress will send you an email with a link to change your password. The problem with this method is that sometimes WordPress may fail to send emails.
If you don’t get the email, then don’t worry. You can also reset the WordPress password using phpMyAdmin.
6. Contact WordPress Hosting Provider
Many WordPress hosting companies automatically detect suspicious activity on a WordPress website and block access to prevent attacks.
These security precautions sometimes only affect the WordPress admin area, and your login page may become inaccessible for a while.
However, if it does not return back to a normal state, or you are seeing 401 error on all your site pages, then you need to contact your WordPress hosting provider immediately.
Their staff will be able to check the access and error logs to fix the issue for you.
For future prevention, you can follow our complete WordPress security guide to protect your WordPress admin area from unauthorized access.
We hope one of these solutions helped you fix the 401 error in WordPress. You may also want to see our complete WordPress troubleshooting guide with step by step instructions to fix common WordPress issues by yourself.