The Most Popular Extension Builder for Magento 2

With a big catalog of 224+ extensions for your online store

How to reset a locked Admin account in Magento 2

In Magento 2, it’s a common issue that hacker can abuse your security wall by attempting many easy-to-guess passwords consecutively. Consequently, your admin backend is locked due to many failed attempts and Magento 2 core will prevent admin users from continuing login.


All login actions will be blocked for a certain period of time. If you’re using this Magento 2 Security extension, there will be a warning message sent to your email.

It’s not good news for both parties, unfortunately. To ensure the process of managing your backend timely, you can take advantage of launching some command lines which allows safe admin accounts to be able to log in back to the configuration as soon as possible. In order to have the authority performing Linux command-line operations, you must have the SSH access connecting to your server securely. This step requires permission from the server manager directly so this will be the end game for hackers, they can’t run command lines under your nose obviously.

Move forward to check out how to reset locked admin users, and bookmark them when you need this tutorial in a blink of an eye.


Security for Magento 2

Protect your store from cyber threats with Mageplaza's top-notch security services

Check it out!

How to Reset a locked Admin account in Magento 2

Store owner can choose one of listed methods

Solution #1. Unlock in the backend

On the assumption that you’re managing several admin accounts but only one or two are locked, this will be the most simple way that can be accomplished right in the backend.

Navigate to the Locked Users section by accessing the Admin Panel and selecting System > Permissions > Locked Users.


If there are locked users, a list will be displayed. Choose the specific user you wish to unlock by clicking the checkbox. Opt for the Unlock action and proceed by clicking the Submit button.

Solution #2. Reset using command lines

In this solution, you are required to use the command lines according to the following 3 steps:

  • Step 1: Open your Magento 2 dir
  • Step 2: Running command lines.
  • Step 3: Check the result

Step 1: Open your Magento 2 dir

First, open your Magento 2 dir, this is the general format to reset an admin user. Note that you just can unlock one by one account manually.

php bin/magento admin:user:unlock {username}

Step 2: Running command lines.

To unlock a specific admin account, insert the name of that admin into the {username} variable , for example with an admin named sam, type this command line:

php bin/magento admin:user:unlock sam

Step 3: Check the result

A success message will be delivered at the interface if the entered data is valid.


  • If there was a mistake in typing the name of the admin, this message will inform:
    Couldn't find the user account "sam"

    You should check and retype that command line from Step 1 along with the precise admin name again.

  • In case the account is not locked from the start or it can’t be unlocked, this following message will appear


Unlock Admin User Help :

Need guidance on unlocking admin users through the command line? You can simply use the following command:

php bin/magento admin:user:unlock --help

Reset a locked Admin account and more

To be amazed how protective and supportive your store can be guarded, you can try out to use this Security Solution:

  • Provide a Security Checklist that displays warnings of possible risks in admin and other data
  • Set a limited number of failed login attempts to prevent the store from break-in risks
  • Record all login history to track in the future
  • Provide file change detection to warn admins of suspected changes in important files
  • Set up Blacklist and Whitelist IPs easily in the backend

Discover Mageplaza Security extensions

The bottom line

Resetting a locked Admin account in Magento 2 is a common action that many stores have to take due to security problems. You can either fix it with the above guidelines, or use our Security extension for better protection. This modulecan prevent unwelcomed violation attacks right from the log in steps at the backend, send warning emails timely, archive all login actions and give you a proper checklist which outlines possible harmful factors for your security issues. To prevent email to spam box, enable SMTP here

Related Topics

Image Description
Hello, I'm the Chief Technology Officer of Mageplaza, and I am thrilled to share my story with you. My deep love and passion for technology have fueled my journey as a professional coder and an ultra-marathon runner. Over the past decade, I have accumulated extensive experience and honed my expertise in PHP development.

Looking for
Customization & Development Services?

8+ years of experiences in e-commerce & Magento has prepared us for any challenges, so that we can lead you to your success.

Get free consultant
development service

    Explore Our Products:

    People also searched for


    Stay in the know

    Get special offers on the latest news from Mageplaza.

    Earn $10 in reward now!

    Earn $10 in reward now!

    go up