WordPress can be a complicated beast. And it is even worse when suddenly all of those things that you think should be simply working just stop. There is the infamous “White Screen of Death,” which continues to plague self-hosted WordPress users (see my Fix-It article from years ago, which was back on WordPress 2.8). More recently, however, I encountered an error on my site after my hosting provider had performed some “routine” maintenance. All of a sudden, when I tried to log in, I got the “Sorry, you are not allowed to access this page” error as well as the login process redirecting me just to the home page. I was locked out of my own site!
After a lot of research and testing things out, I eventually uncovered why this was happening and how to correct it. And it wasn’t anything that I had read about; it was something that I discovered on my own amid cursing at my laptop. I should be clear here, there are MANY potential causes for this “Sorry, you are not allowed to access this page” error, and I would recommend looking through some of the standard fixes that other sites have recommended.
As I’m pretty intimate with my crazy WordPress environment and configuration, there were some of the recommended steps that I just ignored. And that was probably a good thing. Regardless, I will show you this hidden fix that not many people have talked about. If your conditions are the same, the fix is quick and easy. If you don’t have the same conditions, it could be something completely different, unfortunately.
Traditional “Not allowed to access this page” fixes
To save you some time, I wanted to list some of the fixes that other sites have recommended. There are many common items and fixes that you can try. You can take a look at this solution list, or this one, or this one, or this one. In fact, these articles seem to share these common recommendations on how to fix this error (I have added my comments to each of these):
- Restore a previous version of your site – having regular backups of your WordPress site is critical. Rolling back to the most recent backup can be a life-saver, but remember, a backup is a point in time and anything after that backup will be lost if you roll it back.
- Turn on WP_DEBUG – within your wp-config.php file, you can enable debugging on WordPress. This will let you see errors (assuming you are logged in) directly in the browser.
- Disable your plugins – plugins are great…until they aren’t. I have way too many plugins active which can be a memory and resource drain. But they can cause issues. You can rename your plugin directory via FTP to disable your plugins all at once. Or better, just rename individual plugin directories one by one and test. I would start with the most recent plugins.
- Activate the default theme – similar to the renaming of plugins, you can rename the folder of your active theme and this will automatically revert your site to the default theme. With this method, you can at least determine if the theme is causing an issue.
- Review your error log – if you have access to your WordPress error logs, you should review those to see if there is an error being caused by a theme or plugin or something else. Logs are a bit cryptic though.
- Check your database prefix – it is possible that your database prefix has been renamed or reverted to default. A good security practice is to actually change the prefix of the DB so that all tables have that unique prefix. You will need to look at your wp-config.php and your DB itself to ensure they both are named correctly.
- Review your wp-config.php file – the wp-config.php file can become corrupted so it is a good practice to take a look at that file to review for issues.
- Make sure PHP is current – for security and performance, you really should ensure that you are running a newer (newest stable) version of PHP. WordPress is optimizing its code to take advantage of newer versions of PHP. You may be able to upgrade PHP yourself via cPanel or some other method, or you will need to contact your hosting provider to do it.
- Look at your file permissions – via FTP, take a look at file permissions of WordPress. This is a painstaking process. Check this article for more details.
- Make a new .htaccess file – the .htaccess file controls a lot of things for WordPress like permalinks, rewriting file names, access, caching, and much more. Make a backup of .htaccess and create a new file. Proceed with caution with this.
- Reset your WordPress site – I would almost recommend NOT doing this. At this point, you are pretty much throwing in the towel and giving up. Resetting WordPress is essentially starting from scratch. You will lose all of your posts, images, etc. Try everything else except this, honestly.
In reviewing each of these items, I started thinking about what was written in the error – you are not allow – which to me suggested something to do with having permission to access WordPress. Permissions are powerful. When you have the proper permissions, you can do a lot; without the right permissions, you can be quite crippled.
It’s All About Roles and Permissions
As I thought through the permissions and that roles are essentially groupings of permissions, I realized that there was something I hadn’t reviewed: Roles. So, how are you supposed to review the roles of your WordPress site if you can’t log in because of the “Sorry, you are not allowed to access this page” error? You can’t access WP-ADMIN even to see the roles!
Luckily with many WordPress installations (and you will have to check with your hosting provider to see if you have access), there is WP CLI, which stands for WordPress Command Line Interface. If you do have access to this, it can be a life-saver when your site is having issues.
You do need to have SSH (command line) access to the server where your WordPress is hosted. If you don’t have access, you may need to ask your hosting provider to do the recommended steps below. If you do have access, then the check and fix of the error can literally take just a few minutes.
WP CLI has huge amounts of power. If you aren’t comfortable running commands to control, manage, update, and review things, you may want to do some research first or get the help of someone who knows how to do it. Here is a quick primer, but there are LOTS of good articles on using WP CLI.
Let’s dive into the fix for the “Sorry, you are not allowed to access this page” error that I was encountering (and this is all using WP CLI). As I mentioned, the permissions and roles related to accessing sections of the site was the main clue.
Check your users
Using WP CLI, I quickly wanted to look to see if perhaps something had happened to my user (was I hacked? did a user get added or deleted?). So I used the following WP CLI:
wp user list
In seeing the results, I immediately knew there was an issue. While my users were present, there were no roles associated with any of the users. How they lost their roles, I am not sure (possibly part of the “maintenance” my hosting provider had performed on my WordPress database).
Check your roles
So, roles were not assigned to my users. My next thoughts were around the roles themselves. Did they exist? So, I issued the next command using WP CLI:
wp role list
The results of that query confirmed that my WordPress roles had become deleted…somehow. That would explain why I didn’t have permission to access…anything. WordPress didn’t know what to do after logging me in, so it was either giving me that error or sending me to the home page.
Reset the WordPress Roles
Luckily, there is another WP CLI command that you can issue which will recreate the default roles that you name. I chose to re-create the following roles: Administrator, Editor, Author, and Contributor as those are the primary roles in a WordPress installation. I did the Subscriber role a bit later. Your site may have others if you have custom functions so hopefully, you know those roles. Just issue the following command to recreate the default roles:
wp role reset administrator author editor contributor subscriber
And once those commands complete, you can confirm it by re-running the “wp role list” command.
As you can see, all of the roles were recreated.
Review your Users
In my particular instance, simply re-creating the WordPress roles automatically re-associated the missing role to my users. I only have one user that had a role associated, and it had become re-associate. Run the “wp user list” to confirm.
If you don’t have roles associated with users, you can still use the WP CLI command to link the user to a role. For this, you would use the “wp user set-role” command – details on that command can be found here.
Since my user now had the role properly associated with it, I went to log in on WordPress, and the permission and access error message went away, and I was dropped into my wp-admin page.
Don’t Panic!
In pretty much all of my how-to and fix-it articles, I try to end with a “don’t panic” message. From experience, I know this is pretty hard to do. When this was happening to my site, I was pretty much freaking out and sent support messages to my hosting provider. But the most satisfying message I sent to them was at the end saying, “never mind, I figured it out myself!“
Hopefully, these tips and suggestions helped both educate and resolve your WordPress issues. Do leave me a comment to let me know if you have questions or if this fix helped or not. If you found something else, leave a comment as it may help others in a similar situation.
WordPress is a powerful platform, but as it grows in complexity, there are more things to check when it breaks. Happy blogging!
HTD says: Getting the error “Sorry, you are not allowed to access this page” on WordPress can be extremely frustrating as it can be caused by many different things. While it is a generic error, the wording pointed to a solution that many hadn’t considered. But I did.
2 Responses
Thank you so much for this article! Amazingly this was my last resort and it worked! The roles had somehow disappeared. I’m the DBA and I’m hosting a bunch of other sites on the same server and this is the first one to have this problem so I’m quite sure this wasn’t due to any database operation.
Thanks again, great job!
Thanks for the comment and validation, Harry, and I’m so glad that it worked for you! Yeah, it was a very strange issue (I think my hosting provider caused it when they “cleaned” out my options table). But I’m so impressed with WP CLI actually. In this case, it saved my butt!