Get Started
How to Unlock Magento 2 Admin User Account?

How to Unlock Magento 2 Admin User Account?

Magento Hosting

Magento 2 admin account can be locked due to many reasons. One such case is when users attempt to log in with the wrong username or lost the Admin password.

Magento website also locks the user account after six failed attempts to log in. The Admin panel gets locked from trying multiple failed requests.

Best Magento Hosting now

A locked Admin account will be temporarily disabled. Magento will display the following message:

“You did not sign in correctly or your account is temporarily disabled”.

Locked Magento 2 Admin Account

You will not be able to access the account even with the correct login credentials.

After some time, the Magento store will automatically allow log-in for the account. To unlock your account instantly you choose one of the listed methods below.

How to Unlock Magento 2 Admin User Account?

1. Unlock on Admin account

A locked user account appears in the Locked Users grid. An account can be unlocked by another user with full administrator permissions.

This can be followed by the assumption that you’re managing multiple Admin accounts. Follow the steps to unlock your account from Magento 2 Admin page:

Step 1: On the Magento Admin interface, go to System > Permissions > Locked Users Step 2: In the grid, select the checkbox of the locked account. Step 3: In the upper-left corner, set Unlock from the Actions dropdown. Step 4: Click Submit to unlock the account.

Locked Users - Magento 2

2. Unlock using command lines

There is a command available in Magento 2 to unlock Admin backend accounts.

Step 1: Open Magento 2 root directory

Connect to your server through SSH. First login to SSH panel and navigate to Magento 2 setup root.

Windows users can run a command prompt to reach the document root directory.

Step 2: Run command lines

Run the below command to unlock Admin user:

$ bin/magento admin:user:unlock {username}

Note: Specify the username of the locked Admin account.

Example: $ bin/magento admin:user:unlock bob

How to log into Magento? Once the command is implemented it will unlock the account. The User will be able to log in to the Admin account with any error.

The user account "bob" has been unlocked.

If the account is either not unlocked or the process failed, the following message displays:

The user account "bob" was not locked or could not be unlocked.

In such case:

  • Verify the user is a Magento admin.
  • Ensure the user account is active.
  • Verify the account is currently locked in Locked Users.

If the account doesn’t exist, the following message displays:

Couldn't find the user account "bob".

Final Note

Magento lets you strengthen the backend security to prevent unauthorized log-in attacks. You can set the number of login attempts that can be made before the Admin account is locked.

Configure security settings from the Admin account. Go to Magento Admin Panel > System > Configuration

Make the following settings and save the configuration:

  • Maximum Login Failures to Lockout Account: Determines the number of consecutive failed login attempts to lock the account. If you do not want to enable the lockout feature, leave this field blank.

  • Lockout Time (minutes): Determines the duration for which the account will be locked after the failed logins.

Find more insightful Magento tutorials on MGT-Commerce.

Admin Interface Walkthrough

Follow the visual guide to unlock accounts through the Magento Admin interface

Full Administrator Access Required
1

Navigate to System Menu

Main Menu
Dashboard
Sales
Products
System
Reports
Marketing
Click "System"

Locate and click the "System" menu item in the main navigation sidebar

2

Access Permissions Section

System Permissions
System Submenu
Import/Export
Permissions
Cache Management
Index Management

Select "Permissions" from the System dropdown menu

3

Open Locked Users Grid

System Permissions Locked Users
All Users
User Roles
Locked Users
Select Username Locked At Last Login
admin_user 2024-01-15 10:30 2024-01-15 10:25
store_manager 2024-01-14 15:45 2024-01-14 15:40

Click "Locked Users" to view the grid of currently locked accounts

4

Unlock Selected Account

Select Action Submit
admin_user 2024-01-15 10:30 2024-01-15 10:25
Account successfully unlocked Ready to login

Security Settings Configuration

Configure account lockout thresholds to balance security and user convenience

1 5 attempts 10
5 min 30 minutes 120 min
!

Security Impact Assessment

With current settings, after 5 failed attempts, accounts lock for 30 minutes

Security Level: BALANCED
Attack Resistance:
Admin Path: System > Configuration > Admin > Security

Navigate to this section in your Magento admin panel to apply these settings

Conservative

High Security

3 attempts, 60 min
Balanced

Recommended

5 attempts, 30 min
Permissive

High Usability

8 attempts, 15 min

Account Security Flow

Understanding Magento's lockout and recovery process

ACTIVE
1

Admin Account Active

Normal access to Magento admin panel

TRIGGER
2

Failed Login Attempts

Multiple incorrect password entries detected

LOCKED
3

Account Temporarily Disabled

Security protection activated - choose recovery method

Brute Force Protection Access Denied

Choose Recovery Method

A
Time-Based Recovery

Wait for automatic unlock

Default: 30 minutes
B
Instant Unlock Methods

Take immediate action

!
Admin or CLI access
RESTORED
5

Account Access Restored

Full admin panel access resumed with enhanced security awareness

i
Security Note

This security mechanism protects your Magento admin panel from brute force attacks. Understanding the flow helps you choose the appropriate unlock method for your situation.

Shraddha S.
Shraddha S.
Head of Content

Shraddha Singh has a lot of thoughts about Technology and the Cloud Services Industry. An Indian native and a professional Technical writer, she gets her management skills from IIT-B.

Get the fastest Magento Hosting! Get Started