If you locked yourself out or are experiencing unwanted blocks.
If you locked yourself out
The following instructions are for site owners. If you are trying to regain access to a site that you do not manage, please contact the site owner for access.
First, please make sure that it’s actually Wordfence that is locking you out of your site. There are many plugins that offer a “lock out” feature and if you’re running any of these, there’s no telling what could be blocking access to your website.
If Wordfence is what’s locking you out, you’ll see a message giving you a reason you’re locked out and explaining how to unlock access to your own site. Whenever the Wordfence firewall locks out a user, it provides a “Reason:” with a reason describing why you’re locked out. You can use this reason to determine which firewall rule you need to modify to prevent this from happening in future.
If the message only says that you have been temporarily locked out, then you have been blocked by settings in the “login security options” section.
If you post on the forums, make sure you include the “Reason: [explanation]” text or a screenshot of the locked-out page so that we can tell you what to change to prevent getting locked out in future.
How to regain access to your site:
The easiest way to solve this problem immediately is to simply rename the /wordfence folder in your WordPress installation. You can do that as follows:
- Connect to your server using the method your normally use to upload files. Most people either use FTP or SFTP to do this.
- Rename the Wordfence folder located in wp-content/plugins/wordfence/.
The above procedure will immediately deactivate Wordfence, so if Wordfence is the blocking agent, you should now be unblocked. If you are still seeing a message from Wordfence that you’re locked out, make sure you disable any caching plugins like W3 Total Cache, or clear their cache. If you can’t access the site to disable the caching plugin, you may have to temporarily rename the caching plugin directory to disable it. You may also have to clear any caches on a front-end caching proxy if you have an advanced configuration.
In the highly unusual case that you don’t have access to your own files on your server, you will need to log a support call with your web hosting company or whoever manages your server and ask them to rename the wp-content/plugins/wordfence folder.
How to reactivate Wordfence once you’re regained access:
Once you have disabled Wordfence by renaming the folder, if you rename the folder back to the original name, you may be locked out again. Here is how you avoid this from happening:
- Don’t rename the Wordfence folder back to the original name yet.
- Install the Wordfence Assistant plugin. You can find it by going to Plugins and Add New. Then do a search for “wordfence assistant” without quotes. You can also find it on this page in the official Wordfence plugin repository.
- Activate the plugin.
- Go to the “WF Assistant” menu.
- Click the button to disable the Wordfence firewall.
Now you can rename the Wordfence folder back to the original name and you won’t be locked out. Once Wordfence has been reactivated, disable or adjust the feature of Wordfence that locked you out.
Then reactivate the Wordfence firewall by going to the Wordfence options page and checking the box to activate the firewall and hit Save. You can then optionally uninstall the Wordfence Assistant plugin.