Configure your site’s login access

WordPress.com login connects your WordPress.com account to your site’s admin area (also referred to as WP Admin). This feature is enabled by default and and is recommended for most sites. In this guide, you will learn how to enable or disable WordPress.com login.

This feature is available on sites with the WordPress.com Business and Commerce plans, and the legacy Pro plan. If you have a Business plan, make sure to activate it. For sites on the Free, Personal, and Premium plans, upgrade your plan to access this feature.

WordPress.com login, also referred to as Secure Sign-On (SSO), is enabled by default on all WordPress.com sites. It connects your WordPress.com dashboard and WP Admin dashboard, letting you use a single password to access both.

Most sites work best with WordPress.com login enabled (the default). Only disable it if:

• You’re using a membership plugin that requires its own login system.
• Your plugin’s documentation specifically tells you to disable it.

If you’re unsure, keep it enabled.

WordPress.com login is managed by the Jetpack plugin.

WordPress.com login is enabled by default. If you (or a plugin) disabled it, follow these steps to turn it back on:

1. Visit your site’s dashboard.
2. Navigate to Jetpack → Settings.
3. By default, you should be on the Security tab.
4. Scroll to the WordPress.com login section at the bottom of the page.

5. Switch on the toggle labeled “Let users log in with their WordPress.com account for quick, secure access.”
6. Adjust the following settings that will apply to other team members you have approved to log in to your site:
   • Match accounts using email addresses: Turn this on so WordPress.com can match any local (created in WP Admin) accounts to their WordPress.com account.
   • Require two-step authentication: Turn this on to improve security by forcing two-step authentication when your team members log in. Any team member who hasn’t set up two-step authentication in their account yet will be prompted to configure it first before they can log in.

The changes you make to the WordPress.com login section will be automatically applied.

Turn off WordPress.com login if you need a separate login for the WP Admin dashboard.

Note: Most sites should keep WordPress.com login enabled. Only follow these steps if your membership plugin specifically requires you to disable it. For example, if you have set up a membership plugin’s sign-in page, and it redirects you to the WordPress.com login screen instead, you will disable WordPress.com login so the membership plugin’s sign-in page works properly.

Before disabling WordPress.com login, you must create a separate password for WP Admin. This ensures you can still access your site’s admin area.

Follow these steps to set a password for WP Admin:

1. Ensure WordPress.com login is enabled.
2. In your site’s dashboard, navigate to Users → Profile.
3. Scroll down to the Account Management section.
4. Click the button labeled “Set New Password“. Your new password will be provided, which you can change if you wish.
   • This creates a separate password only for WP Admin. It does not change the password you use to log into WordPress.com.
5. Keep the password somewhere safe, like a password manager.

To disable WordPress.com login, ensure you have saved your WP Admin password and then take the following steps:

1. Visit your site’s dashboard.
2. Navigate to Jetpack → Settings.
3. By default, you should be on the Security tab.
4. Scroll down to the WordPress.com Login section.
5. Switch off the toggle labeled “Let users log in with their WordPress.com account for quick, secure access.”
   • The changes will be automatically applied.
6. You can now use the password you set for WP Admin to log into your site’s admin area.

Some membership plugins also require you to enable the “Anyone can register” setting so visitors can create accounts on your site. This option is available on plugin-enabled sites, and disabled by default.

To enable the option to allow anyone to register on your site, follow these steps:

1. Check your membership plugin’s documentation to confirm this setting is required.
2. In your site’s dashboard, navigate to Settings → General.
3. Locate the “Membership” setting and check or uncheck the box as required.
4. Click the “Save Changes” button at the bottom of the page.

In rare cases, you may encounter one of the following issues with WordPress.com login:

“I logged into my WordPress.com account, but when I try to edit anything, I’m prompted to log in again, and it does not recognize my username or password.”

Option 1: Manually reset password

You can manually reset the WP Admin password by temporarily enabling the WordPress.com login, which will restore your access to the WP Admin dashboard. Follow these steps:

1. Log into your WordPress.com dashboard.
2. Navigate to Jetpack → Settings → Security.
   • If you are unable to access the security settings, you can visit this security settings link while logged into your WordPress.com account.
3. Scroll down to the WordPress.com login section.
4. Switch on the toggle labeled “Allow users to log in to this site using WordPress.com accounts.”
5. Then, update your WP Admin password, and turn the WordPress login back off.

Option 2: Use WP Admin’s lost password link

1. Visit the page that is prompting you to log in.
2. Click the “Lost Your Password?” link on the login page.
3. Enter your username or the email address on file for that account.
4. Check your account email for further instructions.
5. Once you are logged in, be sure to change your password to something secure and memorable.

“I have multiple administrators/users on my website, but for some reason, they cannot see the website while I can see it! What happened, and what should I do?”

This happens when the Jetpack connection is broken on the website and has been reconnected. In some cases, other administrators or users (editors, authors, etc.) cannot see the website because they are not yet connected to it from their WordPress.com accounts.

To resolve this situation, please follow the steps below:

1. Ensure WordPress.com login is active under Jetpack → Settings → Security as detailed above.
2. Ask your users to:
   • Log in to the site’s dashboard using their WordPress.com username and password.
   • Open a new browser tab and visit the WP Admin address of the site (for example, yourgroovysite.com/wp-admin).
   • Click the “Set up Jetpack” button and then the “Approve” button:

This will connect Jetpack to their WordPress.com account so they can now access the site as normal in their WordPress.com account.

In some cases, members may not be able to log in, even after you disable WordPress.com login. In this case, you may need to disable Jetpack Protect as a last resort.

Jetpack Protect protects your site from brute force attacks. Brute force attacks are a form of hacking where the hackers will attempt every possible combination of logins to attempt to gain access to your account.

To disable Jetpack Protect, follow these steps:

1. Visit your site’s dashboard.
2. Navigate to Jetpack → Settings.
3. By default, you should be on the Security tab.
4. Turn off the toggle under the Brute force protection section.
   • The changes will be automatically applied.
5. If members still cannot log in after turning off brute force protection, turn it back on.