Why don’t you take a look at wp_wfBlocks in the database? If it’s not an ip block then it must be a user block. That data has to be in one of the _wf tables
I have also been locked out. Previous install worked beautifully. This one is on a multi-site and I realise after signing out, that I did not see the prompt for the emailed activation.
Now I am getting “Sorry, you are not allowed to access this page” when I try to login with the admin account.
Hello tclaffy,
thank you for answering. But I’m not so fit with doing things in the database. So I don’t really know, what I should do with “wp_wfblocks”. And I only assume that I would find the _wf tables in my SQL database (with PHPMyAdmin)? But I fear, messing around with the database could end in an new catastrophe… 😉
Or can you make clear what I should do to a German “wordpress layman” who has some difficulties with special English vocabulary, too?
My issue turned out to be different. I used a combination of various other reports of similar situations to solve it. I renamed the other plugin installed in the same situation and another security plugin, Loginizer, that had been auto installed with the WordPress instance. I was then able to access the site.
The Wordfence plugin was the current version on a current version of WordPress.
Plugin Support
wfphil
(@wfphil)
Hello,
Are you receiving a Wordfence message on your administrator login page detailing a reason for the block?
If you aren’t seeing a message detailing the block and you have re-named the Wordfence and other cache plugin folders then it is unlikely to be an issue with Wordfence.
Do you have any other plugins that apply brute force login restrictions?
Hello wfphil,
I just re-re-named the Wordfence plugin and tried again to login to my backend and instantly received an e-mail: “[Wordfence Alert] bibelwelt.de Admin Login” with following content:
This email was sent from your website “Bibelwelt” by the Wordfence plugin at Wednesday 22nd of March 2017 at 10:33:30 AM
The Wordfence administrative URL for this site is: https://bibelwelt.de/wp-admin/admin.php?page=Wordfence
A user with username “hs-14_bw-wp” who has administrator access signed in to your WordPress site.
User IP: 2003:dd:fbc3:4800:a00b:6c53:9687:c921
User hostname: p200300DDFBC34800A00B6C539687C921.dip0.t-ipconnect.de
User location: Giessen, Germany
I get no Wordfence message on my admin login page, but why should wordfence react with such an e-mail if it is not wordfence locking me out?
I definitely use no other plugins with login restrictions.
When I activated wordfence I did not put my own IP adress on the whitelist, and I suppose that is the reason why I am locked out. But renaming wordfence doesn’t solve my problem; I remain locked out, only the e-mail message above then doesn’t come.
Plugin Support
wfphil
(@wfphil)
Hello,
Sorry for the delay in replying. I will reply more fully as soon as I can.
Hello wfphil,
a friend who has some IT experience just helped me (in a two hours teamviewer session) to get into my backend again. The solution was: not only rename the wordfence-plugin folder, but also the wflogs folder with filezilla, and then delete all entries of wordfence in the mysql-database.
BUT: I don’t dare to ENABLE LOGIN SECURITY in Wordfence again, because I don’t know why my own login with the accurate password was not accepted. As I have no static IP adress, there is no usw of putting my IP adress onto the whitelist. Do you have any idea, why wordfence had locked myself out?
Best regards, Helmut
Plugin Support
wfphil
(@wfphil)
Hello Helmut,
Sorry again for all the trouble that you have had. Can you describe how you renamed the Wordfence plugin folder. I ask this because if Wordfence was disabled you shouldn’t have received an email saying that you logged in. I completely understand that you are reluctant to enable login security again if it took a friend two hours to enable you to access your administrator screen.
I got the email before I disabled wordfence, not when I had renamed it.
But now I will go to rest – tomorrow very early two of our grandchildren will need our baby sitting…
So good night for today
Helmut
Plugin Support
wfphil
(@wfphil)
Hello Helmut,
Hope you had a good rest and you enjoy looking after your grandchildren.
I understand what you are saying now.
When you disabled Wordfence and caching plugins by renaming their folders can you remember if you received the Standard WordPress login error or was there anything else displayed on the screen?
If Wordfence is disabled then it shouldn’t be causing this problem .
Hello wfphil,
the grandchildren had a nice day with us and are at home with their parents again.
#your question: I didn’t then even receive the Standard WordPress login error, because my password was OK. They just showed me the login window once more to login again.
Then we deleted all wf-files in the mysql-database, and immediately, I could login into my backend again.
And the login goes on working – but, as I said, I didn’t yet “Enable login security” as an option in Wordfence.
Plugin Support
wfphil
(@wfphil)
Hello Helmut,
Can I ask if you have tried to reinstall Wordfence again?
Regardless of whether you have or haven’t tried reinstalling Wordfence, can you paste the contents of your htaccess file in your reply that is in the root directory of your website please.
Thanks.
Hello wfphil,
yes, I have installed Wordfence again – but without setting the hook for “Enable login security”.
And here is the contents of my htaccess file (but I left out most of the lines which only set 301 redirects from my homepage in a former design to the actual one):
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE image/svg+xml
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/css A2419200
ExpiresByType text/x-component A2419200
ExpiresByType application/x-javascript A2419200
ExpiresByType application/javascript A2419200
ExpiresByType text/javascript A2419200
ExpiresByType text/x-js A2419200
ExpiresByType text/html A3600
ExpiresByType text/richtext A3600
ExpiresByType image/svg+xml A3600
ExpiresByType text/plain A3600
ExpiresByType text/xsd A3600
ExpiresByType text/xsl A3600
ExpiresByType text/xml A3600
ExpiresByType video/asf A2419200
ExpiresByType video/avi A2419200
ExpiresByType image/bmp A2419200
ExpiresByType application/java A2419200
ExpiresByType video/divx A2419200
ExpiresByType application/msword A2419200
ExpiresByType application/vnd.ms-fontobject A2419200
ExpiresByType application/x-msdownload A2419200
ExpiresByType image/gif A2419200
ExpiresByType application/x-gzip A2419200
ExpiresByType image/x-icon A2419200
ExpiresByType image/jpeg A2419200
ExpiresByType application/json A2419200
ExpiresByType application/vnd.ms-access A2419200
ExpiresByType audio/midi A2419200
ExpiresByType video/quicktime A2419200
ExpiresByType audio/mpeg A2419200
ExpiresByType video/mp4 A2419200
ExpiresByType video/mpeg A2419200
ExpiresByType application/vnd.ms-project A2419200
ExpiresByType application/x-font-otf A2419200
ExpiresByType application/vnd.ms-opentype A2419200
ExpiresByType application/vnd.oasis.opendocument.database A2419200
ExpiresByType application/vnd.oasis.opendocument.chart A2419200
ExpiresByType application/vnd.oasis.opendocument.formula A2419200
ExpiresByType application/vnd.oasis.opendocument.graphics A2419200
ExpiresByType application/vnd.oasis.opendocument.presentation A2419200
ExpiresByType application/vnd.oasis.opendocument.spreadsheet A2419200
ExpiresByType application/vnd.oasis.opendocument.text A2419200
ExpiresByType audio/ogg A2419200
ExpiresByType application/pdf A2419200
ExpiresByType image/png A2419200
ExpiresByType application/vnd.ms-powerpoint A2419200
ExpiresByType audio/x-realaudio A2419200
ExpiresByType image/svg+xml A2419200
ExpiresByType application/x-shockwave-flash A2419200
ExpiresByType application/x-tar A2419200
ExpiresByType image/tiff A2419200
ExpiresByType application/x-font-ttf A2419200
ExpiresByType application/vnd.ms-opentype A2419200
ExpiresByType audio/wav A2419200
ExpiresByType audio/wma A2419200
ExpiresByType application/vnd.ms-write A2419200
ExpiresByType application/font-woff A2419200
ExpiresByType application/vnd.ms-excel A2419200
ExpiresByType application/zip A2419200
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
AddHandler x-mapp-php5.5 .php
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+?)/+$ http://%{HTTP_HOST}/$1 [R=301,L]
RewriteEngine on
Redirect 301 /category/interreligion/ https://bibelwelt.de/category/interreligioeser-dialog/
Redirect 301 /category/religion/ https://bibelwelt.de/category/religion-und-weltanschauung/
Redirect 301 /html/77mal.html https://bibelwelt.de/70-mal-7-mal-vergeben/
…
[further Redirects 301]
…
Redirect 301 /html/body_index.html https://bibelwelt.de/
# Wordfence WAF
<Files “.user.ini”>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# END Wordfence WAF
Plugin Support
wfphil
(@wfphil)
Hello Helmut,
Thanks for the feedback. I would like to really clarify your situation:
- You install Wordfence with Login Security enabled. You are then unable to login to the WordPress administration screen. Wordfence sends an email saying that you, as a user, has logged in. Also WordPress doesn’t display
ERROR: The username or password you entered is incorrect. Lost your password?
- You disable Wordfence and caching plugins by renaming their directories. You are still unable to login to the WordPress administration screen. Wordfence still sends an email saying that you, as a user, has logged in. Also WordPress doesn’t display
ERROR: The username or password you entered is incorrect. Lost your password?
- Your friend renames the wordfence & wflogs directories and delets all Wordfence tables from the database. You are now able to login.
- You have re-installed Wordfence and left the Security Login feature disabled. You are now able to login.
Is the above correct please?
