Analyzing "You do not have sufficient permissions to access this page" error in WP admin

June 18, 2020 – Tested with WP 5.4.2.

March 23, 2018 – Updated the default value for wp_user_roles from WP 4.9.4. Everything else in this post still applies.


Recently, a client came to us with a problem – they were suddenly unable to log in to their WordPress/WooCommerce site.

you-do-not-have-sufficient-permission-to-access-this-page

Even when logged in as Administrator, You do not have sufficient permissions to access this page error message was displayed and it was not possible to navigate to any page in wp-admin – even the account’s profile page. This symptom indicates that WP cannot find the roles and permissions of your account from the database – so it assumes you don’t have any permissions at all.

The most typical cause for this problem is the database prefix setting. In wp-config.php, it looks like this:

/**
 * WordPress Database Table prefix.
 *
 * You can have multiple installations in one database if you give each a unique
 * prefix. Only numbers, letters, and underscores please!
 */
$table_prefix = 'wp_';

Some developers change the DB prefix for various reasons (which I’ll not discuss in this post). When this is done during the installation process, it shouldn’t cause any problems. However, when migrating your site or changing the DB prefix after installation, there’s a chance to break something. This is because the field titled “Database Table Prefix” is actually not only for table prefixes, but also for some field prefixes. For example, each account’s capabilities (i.e. permissions) are stored in [$table_prefix]usermeta table on the row where meta_key is [$table_prefix]capabilities.

So if your table prefix is “ASD_” then that table row’s meta key is not ‘wp_capabilities’ but ‘ASD_capabilities’.

The same applies for quite a few other usermeta fields, options fields, etc.

 

However, in my case this was not the problem. I reviewed the db table fields and everything looked fine. So the next step in debugging the problem was disabling all plugins – the client had installed some suspicious plugins from CodeCanyon and I assumed they were causing this issue. But this didn’t give me any results either.

Next, I wanted to make sure that it actually is an issue with the database, so I wrote a simple function which filters all capability checks and returns true.

// This goes to your theme's functions.php
function codelight_all_permissions( $allcaps, $cap, $args ) {
    $allcaps[$cap[0]] = true;
    return $allcaps;
}
add_filter( 'user_has_cap', 'codelight_all_permissions', 0, 3 );

After adding this code to the theme, I was able to log in, which confirmed my suspicion that it was an issue with the database. A quick look in WP admin revealed that something had deleted all user roles and there was only one role remaining (which was called something like Wholesale Customer).

In order to restore the default roles, I re-added the default content to wp_options table, wp_user_roles option (this has not changed between WP v4.9.x and v5.4.x)

a:5:{s:13:"administrator";a:2:{s:4:"name";s:13:"Administrator";s:12:"capabilities";a:61:{s:13:"switch_themes";b:1;s:11:"edit_themes";b:1;s:16:"activate_plugins";b:1;s:12:"edit_plugins";b:1;s:10:"edit_users";b:1;s:10:"edit_files";b:1;s:14:"manage_options";b:1;s:17:"moderate_comments";b:1;s:17:"manage_categories";b:1;s:12:"manage_links";b:1;s:12:"upload_files";b:1;s:6:"import";b:1;s:15:"unfiltered_html";b:1;s:10:"edit_posts";b:1;s:17:"edit_others_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:10:"edit_pages";b:1;s:4:"read";b:1;s:8:"level_10";b:1;s:7:"level_9";b:1;s:7:"level_8";b:1;s:7:"level_7";b:1;s:7:"level_6";b:1;s:7:"level_5";b:1;s:7:"level_4";b:1;s:7:"level_3";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:17:"edit_others_pages";b:1;s:20:"edit_published_pages";b:1;s:13:"publish_pages";b:1;s:12:"delete_pages";b:1;s:19:"delete_others_pages";b:1;s:22:"delete_published_pages";b:1;s:12:"delete_posts";b:1;s:19:"delete_others_posts";b:1;s:22:"delete_published_posts";b:1;s:20:"delete_private_posts";b:1;s:18:"edit_private_posts";b:1;s:18:"read_private_posts";b:1;s:20:"delete_private_pages";b:1;s:18:"edit_private_pages";b:1;s:18:"read_private_pages";b:1;s:12:"delete_users";b:1;s:12:"create_users";b:1;s:17:"unfiltered_upload";b:1;s:14:"edit_dashboard";b:1;s:14:"update_plugins";b:1;s:14:"delete_plugins";b:1;s:15:"install_plugins";b:1;s:13:"update_themes";b:1;s:14:"install_themes";b:1;s:11:"update_core";b:1;s:10:"list_users";b:1;s:12:"remove_users";b:1;s:13:"promote_users";b:1;s:18:"edit_theme_options";b:1;s:13:"delete_themes";b:1;s:6:"export";b:1;}}s:6:"editor";a:2:{s:4:"name";s:6:"Editor";s:12:"capabilities";a:34:{s:17:"moderate_comments";b:1;s:17:"manage_categories";b:1;s:12:"manage_links";b:1;s:12:"upload_files";b:1;s:15:"unfiltered_html";b:1;s:10:"edit_posts";b:1;s:17:"edit_others_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:10:"edit_pages";b:1;s:4:"read";b:1;s:7:"level_7";b:1;s:7:"level_6";b:1;s:7:"level_5";b:1;s:7:"level_4";b:1;s:7:"level_3";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:17:"edit_others_pages";b:1;s:20:"edit_published_pages";b:1;s:13:"publish_pages";b:1;s:12:"delete_pages";b:1;s:19:"delete_others_pages";b:1;s:22:"delete_published_pages";b:1;s:12:"delete_posts";b:1;s:19:"delete_others_posts";b:1;s:22:"delete_published_posts";b:1;s:20:"delete_private_posts";b:1;s:18:"edit_private_posts";b:1;s:18:"read_private_posts";b:1;s:20:"delete_private_pages";b:1;s:18:"edit_private_pages";b:1;s:18:"read_private_pages";b:1;}}s:6:"author";a:2:{s:4:"name";s:6:"Author";s:12:"capabilities";a:10:{s:12:"upload_files";b:1;s:10:"edit_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:4:"read";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:12:"delete_posts";b:1;s:22:"delete_published_posts";b:1;}}s:11:"contributor";a:2:{s:4:"name";s:11:"Contributor";s:12:"capabilities";a:5:{s:10:"edit_posts";b:1;s:4:"read";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:12:"delete_posts";b:1;}}s:10:"subscriber";a:2:{s:4:"name";s:10:"Subscriber";s:12:"capabilities";a:2:{s:4:"read";b:1;s:7:"level_0";b:1;}}}

.. which fixed the issue.

In the end, I suspect one of the Codecanyon plugins deleted all WP roles, but I didn’t bother figuring out the exact reason – the plugins contained 5000+ lines of very similar code with minor variations so it was rather difficult to read and not worth the time.

 

Indrek Kõnnussaar

I'm a veteran Wordpress developer, context-driven tester, security enthusiast and the mastermind behind Codelight. I love building stuff that works and fixing stuff that doesn't.

Write me directly indrek@codelight.eu

45 Responses to “Analyzing “You do not have sufficient permissions to access this page” error in WP admin”

  1. Rub

    Thanks, your solution helped me restoring the default roles on user_roles option.
    So one of the plugin I install and deleted made this problem?
    Why someone make such a thing?

    Reply
  2. Lior

    Thanks you, it worked!

    Reply
  3. Sean

    Saved my butt. Thanks.

    Reply
  4. angel alfaro

    thanks, for your work, i solved my problem
    br

    Reply
  5. dragomir

    Great. Helped me a lot.

    Thanks.

    Reply
  6. Irish

    Thanks a lot! I’ve been looking for fix when I thought its the plugin whew!

    Reply
  7. Gary Donovan

    Thanks heaps.

    Reply
  8. Jeroen

    You made my day!! After visiting many useluss forums this resolved my problem.

    Reply
  9. Jay

    Awesome, finally it worked.. thanks a lot

    Reply
  10. ken

    You’re the man bro! saves m tons of time for your code! very helpful!

    Reply
  11. Seun

    Thanks for the post, but in my own case what worked for me was just to change the wpje_user_roles to wp_user_roles inside the wp_options table.

    Reply
  12. Samirah Mamode

    YOU saved my hardwork of 6month.. God bless you!

    Reply
  13. Jerry

    This helped me, albeit one minor work-around.

    I reset the user roles, but I noticed my login user had a slightly different array for wp_capabilities.

    Somehow, it had the value = a:1:{s:13:”administrator”;b:1;}

    I changed the last two to “a:2” and it worked! Thanks!

    Reply
  14. Antonio Mª Martín

    Muchas gracias. Para mí ha sido la solución. He aplicado las reglas por defecto que usted indica (mediante el método de copiar y pegar el código que usted proporciona en esta página web) y también sirven para WP 4.5.3

    Reply
  15. roie

    Thank you very much! Searched for hours before coming to this post.

    Reply
  16. Cyber

    You are the MAN! Thanks, this worked like a charm after hours of research.

    Reply
  17. Dee

    You are AMAZING!!! I never comment on things (serial lurker), but I just had to write to THANK YOU SO MUCH for your help with this.

    I was unable to access my /wp-admin dashboard (I could access all the other admin pages though) for like 6 months or longer and had no idea why.

    I would search periodically for hours for solutions and then get tired of searching and give up, only to try again a few days or weeks later -but finally, thanks to you I can finally access everything.

    THANK YOU! THANK YOU! THANK YOU!

    Reply
  18. ZeleRoman

    Thanks, it helped a lot!

    Reply
  19. Muneeb

    Hi

    Thanks for the article, i was able to login by adding filter, but restoring capabilities and removing filter gives the same error…..what i understood, filter hook by-pass the permissions and allow user to login, correct?

    Reply
    • Indrek Kõnnussaar

      Yes, the filter basically bypasses all permissions checks, which means that the error is probably in your database. Perhaps try getting the wp_user_roles contents from a clean WP install that matches your WP version?

      Reply
  20. Abdul Alim

    Thanks a tonne! This, and only this worked for me. You are incredible!

    Reply
  21. Al

    Nicely done! Thanks for making me look very clever lol

    Reply
  22. JB

    You’re the best, man. This solution fixed it

    Reply
  23. Valentin

    Thank you sir, nice hack that restored the wpadmin area where I did “make order” in those evil plugins that caused the problem in first place (I also mention that renaming the plugin folders, all of them, did not solved the problem since the culprit was the database).
    Have a great day ! Thanks a lot !

    Reply
  24. Manuel Herrera

    Hi,

    Dont work for me, still dont get wp-admin access

    Reply
    • Indrek Kõnnussaar

      Can you clarify what you did exactly?

      Reply
  25. Lerry

    Adding the function to functions.php and changing “b:1” to “a:2” in user_capabilities fixed it all.
    Thank you.

    Reply
  26. Timo

    You saved my life ! Thank you sooooo much for this !

    Reply
  27. Danielius

    You saved my ass, Indrek. Thanks! 🙂

    (I logged in using the functions code you wrote, saw that everyhing is roleless, installed “role editor” plugin and reseted everything with it.)

    Reply
  28. Pablo

    Indrek, The Master of the masters!
    Amazing trick, it was like magic!
    Thank you, you ended 4 days of search in forums and to attempts several solutions with no luck.
    many thanks!! You rock! \m/ \m/ \m/

    Reply
  29. Sitezilla Webdesign

    You are a true god! Thank you so much. I have been struggling with this for many hours. You’re solution made this work again. Our customer is able to login again. Instead of the wholesale role we only saw the wpseo_manager role.

    Reply
  30. Isaac

    Thank you soo much my dude you saved my life.

    Reply
  31. Toku

    Thanks Indrek Kõnnussaar!
    I’ve been battling with this issue for 6 days!
    God bless you man!

    Reply
  32. Tom van der wal

    Thanks, even in 2018, this solved my problem and the code was still oke for me!

    Reply
  33. Hendrik-Jan

    Thank you for your solution. The function worked perfect and so I could adjust the database in your way.

    Thanks…

    Reply
  34. Shakira

    This has resolved my issue, thank you 🙂

    Reply
  35. Megavado

    You are the one. Saved my “life”
    Thanks

    Reply
  36. Liana

    You are genius! Thank you! I spent a week to try so many things, only your solution worked.

    Reply
  37. Robin

    Contributing my experience: should you get this error just after switching from HTTP to HTTPS, then your hosting provider probably uses SSL offloading.

    Add the following to your wp-config.php, but make sure that these lines are *above* the require of wp-settings.php:

    if ($_SERVER[‘HTTP_X_FORWARDED_PROTO’] == ‘https’)
    $_SERVER[‘HTTPS’]=’on’;

    if (isset($_SERVER[‘HTTP_X_FORWARDED_HOST’])) {
    $_SERVER[‘HTTP_HOST’] = $_SERVER[‘HTTP_X_FORWARDED_HOST’];
    }

    Reply
  38. Carlos Martínez

    Love you. Thanks so much!

    Reply
  39. Evandro

    Thank you so much. I didn’t know what to do anymore!

    Reply
  40. Ricardo de Jesús Pelcastre Cervantes

    Solve the problem as you indicated.

    The question is, can the same problem happen again within the same code.

    Thank you

    Reply
    • Indrek Kõnnussaar

      Yes.

      Reply
  41. Jamal

    Worked for me

    Reply
  42. Ahmet Parıltı

    thank you so much. that was what i was looking for

    Reply

Leave a Reply

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×