Hi @romonoutic
The first screenshot with the block message Reason: Blocked by login security setting means that you or someone else tried to login with a banned username set in the option Immediately block the IP of users who try to sign in as these usernames found in the Brute Force Protection section on the All Options page.
If you are seeing that block page and you didn’t try to login then it appears that you haven’t configured Wordfence yet to detect IP addresses correctly. If Wordfence currently sees all visitors to the site as coming from the same IP address and it has already been blocked for a brute force login attack then you will be blocked as well as Wordfence sees you as having the same IP address as the hacker.
You can use the email recovery tool to remove this block. The email will only be sent to an email address if that email address is registered to a WordPress account.
Instead, to gain access to your site immediately, you can rename the Wordfence plugin via FTP/SSH or your hosting control panel file manager. If you are not sure what to do your hosting provider may be happy to help.
Find the Wordfence directory in the file path below and rename the Wordfence directory as below:
~/wp-content/plugins/wordfence-disabled
You will now be able to login to WordPress.
Install the Wordfence Assistant plugin and press the Clear all locked out Wordfence IPs, locked out users and advanced blocks button.
You then need to rename the Wordfence directory again to reactivate Wordfence as below:
~/wp-content/plugins/wordfence
At this point you won’t see Wordfence in the WordPress menu. Click the WordPress Dashboard menu item and you will then see the Wordfence main menu item appear.
You will now need to make sure that Wordfence is detecting IP addresses correctly:
https://www.wordfence.com/help/dashboard/options/#general-wordfence-options
Fortunately I recognized your second screenshot is from https://www.iplocation.net/ even though you didn’t provide details.
If Wordfence is seeing all visits from a SiteGround IP address then did you get an email from SiteGround like this below recently:
The DNS of domains that are managed by SiteGround will be updated automatically without any action required on your end.
We kindly ask you to update manually the DNS of your external domains. Once we perform the migration, we will send you an email with a list of all such domains on your account and the new DNS settings. You will have 7 days from that moment to update the settings, during which we will redirect automatically all the traffic from your old server to the new server, ensuring that there will be no downtime or loss of visitors.
Once you have implemented the DNS changes SiteGround have requested that you make then IP detection in Wordfence should be fixed if you save the option Use the X-Real-IP HTTP header. Only use if you have a front-end proxy or spoofing may result.
Once you have done that you can check it by finding your IP address here:
https://www.whatsmyip.org/
Then in the General Wordfence Options section on the Wordfence All Options page you should see your correct IP address, instead of a SiteGround IP address, on the line Your IP with this setting.
The third screenshot simply shows the top 5 failed login attaempts.
The firewall will see some legitimate Elementor requests as being potentially malicious and blocking them. You can either whitelist these requests via the Learning Mode feature or from the Tools >> Live Traffic tool page. Both whitelisting methods are described in our instructions in the link below:
https://www.wordfence.com/help/firewall/learning-mode/
The fourth screenshot can happen if you manually disable a plugin by renaming the plugin directory and then activating it again with the new incorrect plugin directory slug name and then installing the plugin again from the plugin repository which will be located in the directory with the correct plugin directory slug which results in a duplicate installation.
