Magento admin panel login issues: causes and fixes

• Most Magento admin login failures trace back to cookie or domain mismatches, session size limits, 2FA lockouts, or a locked admin account.
• A login page that just refreshes without an error almost always points to a cookie Magento cannot set, not a wrong password.
• Most fixes run from the command line or the database, so SSH or phpMyAdmin access gets you back in fast.
• Knowing your Magento version and the exact error message narrows the cause before you run a single command.

One of the most common categories of Magento issues that you will encounter while working with Magento websites is that of Magento Admin Panel login issues. When the admin panel goes down, your store goes with it. Sales teams cannot process orders, marketing cannot launch promotions, and developers cannot ship updates. Your business depends on this. It has to work.

This article explains the most common Magento Admin Panel login issues, the situations that trigger them, and how to fix them. Before you start, answer four quick questions. They will point you toward the cause faster than any single command:

• What specific error message, if any, appears on the login screen?
• Which Magento version are you running?
• Is this a new installation or a site you just upgraded?
• Did you recently migrate domains or change your base URL?

Magento was built on Liquid Web servers, so the steps below come from real production experience, not theory.

Quick Magento admin login diagnostic table

Find your symptom, confirm the likely cause, then jump to the matching fix.

How to access the Magento admin panel

If you want to access the Magento Admin Panel, follow the steps below:

1. Enter the URL that was specified during the Magento installation, followed by the base URL of your Magento store’s Admin Path in your browser.
2. The default Magento Admin URL will look like https://www.yourdomain.com/admin.
3. If you are using a custom Magento Admin URL, your Magento Admin URL will look like https://www.yourdomain.com/.
4. You can find the Admin Path from the /app/etc/env.php file under the backend section:

Default Admin Path

Custom Admin Path

5. Enter the username and password for your Magento Admin Account.
6. Click on the Sign In button.
7. The Magento Admin Panel will appear.

If you hit a login issue, the error message you see depends on your Magento version. Magento versions 2.0 through 2.2.9 show one error screen, and Magento versions 2.3.x and above show a different one. Note which one you get, because it tells you something about your install.

1. Cookie and domain mismatches

This is the scenario that confuses people most. You enter valid credentials, the page reloads, and you land right back on the login screen with no error and no warning. When that happens, Magento is usually failing to set a cookie because the cookie domain does not match your site’s actual domain.

Start with the simplest check. Clear your browser cache or open the login page in an incognito window. This rules out a stale local cookie before you touch anything on the server.

If the problem continues, check your cookie configuration in the database. Run these queries:

Update the values to match your real domain, for example yourdomain.com. Then flush the cache and try again.

2. Allowed session max size exceeded

If a session error locks you out, your admin session has likely hit Magento’s default size limit. This shows up more often on stores running many extensions or large admin roles.

Connect to your server via SSH and run:

Setting the value to 0 removes the limit entirely. Flush the cache afterward.

3. Two-factor authentication (2FA) lockouts

Magento 2 enforces two-factor authentication by default. If you lose your authenticator app, switch phones, or your codes stop syncing, you will be blocked from logging in even with the correct password.

You can temporarily disable the built-in Magento 2FA module via SSH:

This gets you back in, but treat it as temporary. Re-enable 2FA and reconfigure it as soon as you regain access, and store your backup codes somewhere safe so this does not happen again.

4. Admin account lockouts and lost passwords

Magento locks an account after repeated failed login attempts as a security measure. When this happens, even valid credentials will not work. You have a few ways to recover.

Unlock the account

Run the following command from your website’s Magento root directory to unlock the account:

php bin/magento admin:user:unlock

For example, to unlock the account mag_admin, run:

php bin/magento admin:user:unlock mag_admin

Here is the output:

If the account is not locked or cannot be unlocked, you will get this message:

If the account does not exist, you will see:

Create a new admin account

If unlocking does not work, create a new Magento Admin Account. Run the following command from your Magento root directory:

php bin/magento admin:user:create –admin-user=”new_username” –admin-password=”new_password” –admin-email=”new_email_address” –admin-firstname=”firstname” –admin-lastname=”lastname”

Replace the new_username, new_password, new_email_address, firstname, and lastname values with your own. Here is the sample output:

Reset the password via MySQL

If you prefer the database route, change the password directly from the MySQL prompt:

SET @salt = MD5(UNIX_TIMESTAMP()); UPDATE admin_user SET password = CONCAT(SHA2(CONCAT(@salt, ‘new_password’), 256), ‘:’, @salt, ‘:1’) WHERE username = ‘admin_username’;

Replace admin_username and new_password with your own values.

Check the locked user in the database

To confirm the account status directly, check the user in the database with phpMyAdmin:

1. Log in to phpMyAdmin.
2. Click on your database by name.
3. Click on the admin_user table.
4. Find the locked user account and make sure the column is_active is set to 1 (one).
5. If the value is not 1 (one), click the Edit link, change it to 1 (one), then click Go to save.

You can also reset the failure count by setting failures_num to 0 and clearing lock_expires. Truncating the admin_user_session table can also resolve a stuck state.

Password complexity requirements

This issue often comes back to Magento 2’s security mechanism. If an account does not meet the password complexity requirements, Magento 2 temporarily disables it. By default, a valid password must include:

• Uppercase letters
• Lowercase letters
• Numeric characters
• Special characters
• A minimum of eight characters

Follow these requirements when you set up passwords for your Magento user accounts, and you will avoid a whole category of lockouts.

5. Admin URL and cache issues

If you cannot reach the admin path at all and the page returns a 404, your admin URL may have been changed in your environment settings, or your cache may be serving an outdated route.

Verify the admin front name in your app/etc/env.php file under the backend section:

Make sure this matches the URL you are typing. Then clear the cache via SSH:

A practical tip: store your custom admin path in a password manager. Many store owners lose access for no reason other than a forgotten backend path.

Login loop after a migration or domain change

If your login started looping right after you moved domains or changed your base URL, the cause is usually a base URL mismatch in the database. Check both values:

Confirm that web/secure/base_url and web/unsecure/base_url both point to your current domain. Update them if needed, then flush the cache. This is one of the most common post-migration headaches, and it has nothing to do with your password.

Migrating soon and dreading exactly this kind of problem? Move your site without the headache. Our team handles the migration.

Magento admin login FAQs

When to stop and call your host

Some of these fixes assume you have SSH and database access and feel comfortable running commands. Plenty of store owners do not, and that is fine. If you do not have server access, if a fix risks affecting live data, or if you have worked through these steps and still cannot log in, that is the moment to bring in help rather than guess.

Tired of babysitting your server every time something breaks? A managed host takes these problems off your plate. Liquid Web’s Magento specialists handle issues like these every day, and we know the platform better than any other host.

Prevention checklist

A little setup work now saves you from the next lockout:

• Document your custom admin path and store it in a password manager.
• Save your 2FA backup codes the moment you enable two-factor authentication.
• Record your base URLs before any migration or domain change.
• Keep one super-admin account untouched as a recovery option.

Magento login issue next steps

Most Magento admin login problems come down to a handful of causes: a cookie that will not set, a session limit, a 2FA lockout, a locked account, or a misrouted admin URL. Once you match the symptom to the cause, the fix is usually straightforward.

Start with the quick diagnostic table at the top of this article. Identify your symptom, jump to the matching fix, and work through it step by step. If the first fix does not resolve it, move to the next most likely cause.

If you would rather not troubleshoot this alone, that is where managed hosting earns its keep. Liquid Web’s managed Magento hosting pairs hardware tuned for ecommerce with specialists who resolve access issues like these fast. 

Recent articles

• Securing your site with the Magento Security Scan
• Truncating MariaDB/MySQL tables in the Liquid Web Cloud
• Importing and exporting a MySQL database
• Magento 2 Knowledge Base
• Magento 2 Help: Frequently Asked Questions (FAQ)
• Magento 2 Admin login: disabling 2FA temporarily
  

   

Mohammed Noufal