Most of the time this is a problem with your cookie settings being incorrect or inadequate.
By default, MyBB suggests Cookie Domain to be blank, and Cookie Path to be
/. Although this theoretically will work, in many cases it is inadequate.
You can use this tool to generate appropriate cookie settings, but here are some examples of what valid cookie settings look like:
|Forum URL||Cookie Domain||Cookie Path||Cookie Secure Flag|
These cookie settings should work on all MyBB installations. If you have site-integration, your cookie settings may need to be more generalized.
Updating Cookie Settings
Using the ACP
The board’s cookie settings can be found in the Admin CP’s Configuration → Settings → Site Details.
Using the Cached Settings File
When not able to log into the Admin CP, the cookie settings can be temporarily changed by modifying the
Locate the values
cookiesecureflagthat may look like this:
$settings['cookiedomain'] = ".example.com";
$settings['cookiepath'] = "/directory/";
$settings['cookiesecureflag'] = "1";
Apply the necessary changes (
1for Yes, or
0for No), save the file on the server and try logging in.
Once you are able to login into the Admin CP, re-apply the change in Settings to make it permanent.
After you change your cookie settings, you may have to advise your users to log out and clear cookies stored by their browser, so that the new cookies can take effect.
It’s possible to change a user’s password by executing an SQL query — replace
NEW_PASSWORD with desired password, and
USER_ID with targeted user’s ID:
UPDATE mybb_users SET `password` = md5(CONCAT(md5('temp-salt'), md5('NEW_PASSWORD'))), salt = 'temp-salt' WHERE uid = USER_ID;
After this operation, you should change the password again using MyBB’s interface.
Admin CP PIN Change
The Secret PIN can be changed by editing the configuration file (
$config['secret_pin'] = '1234';
Setting an value empty removes PIN verification.
Admin CP Lockout Reset
To allow more login attempts after an administrator account has been locked out, execute the following SQL query (change
USER_ID to user ID of the account):
UPDATE mybb_adminoptions SET loginattempts = 0 WHERE uid = USER_ID;
Admin CP 2FA Bypass
To log into the Admin CP without using the Two-Factor Authentication code:
- Enter your Username and Password and proceed,
- Once you are prompted to enter an Authentication code, execute the following SQL query (change
USER_IDto user ID of the account):
UPDATE mybb_adminsessions SET authenticated = 1 WHERE uid = USER_ID;
- Go to your Admin CP’s URL again.
If you need to reset Two-Factor Authentication or disable it completely for your account, got to Home → Preferences.