The Sitewide Members Only mode module locks every page behind login. Auth pages (login, register, password reset) stay reachable, and /wp-login.php is always exempt — so under normal conditions you can sign back in.
If you’ve lost access — usually because the frontend /login/ page was deleted, the Replace wp-login.php module is on, the Harden wp-login.php module is on, or all three combined — here are the three recovery routes, easiest first.
1. Reach /wp-login.php directly
/wp-login.php is always exempt from the sitewide gate. As long as nothing else is rerouting it, this is the simplest path back in:
https://your-site.com/wp-login.php
If that loads the login form, sign in normally and either fix the broken auth page or turn the sitewide module off in MemberMode → Modules → Access Control.
2. Use the bypass URL when wp-login.php is hardened
If you also turned on Harden wp-login.php with a custom slug (and forgot the slug), /wp-login.php will 404. Append ?membermode_bypass=1 to force the native form to render:
https://your-site.com/wp-login.php?membermode_bypass=1
The same parameter also works against the Replace wp-login.php with frontend pages module — it forces wp-login.php to render even when frontend redirects are in place.
This URL has no nonce — it’s the recovery escape hatch, so you must already know it. Bookmark it on a phone or password manager when you turn the security modules on.
3. wp-config.php kill switch
If the bypass URL still doesn’t work — for example a corrupted plugin file or a third-party plugin is short-circuiting login — drop a constant into your wp-config.php:
define( 'MEMBERMODE_DISABLE_SITEWIDE', true );
Add it anywhere above the /* That's all, stop editing! */ line. The sitewide gate goes off immediately on the next request, regardless of the module toggle. Visit the site, sign in, fix the underlying issue, then remove the constant.
This needs SSH or SFTP access — it’s the last-resort escape for when you can’t reach wp-admin at all.
Prevent it from happening again
After you’re back in:
- Don’t delete the MemberMode auth pages (Login, Register, Password reset) while sitewide mode is on — they’re protected exemptions.
- If you set a custom login slug, store it somewhere you can reach when locked out.
- Test the sitewide module in a private browser window before you walk away from the dashboard.