Support » Plugin: Wordfence Security » Wordfence locked me out while I was editing a post

  • I was happily working on my site, basically in the middle of writing a new post when after saving a draft of the post I got locked out of my own site. I have Wordfence installed for several months now and this has never happened before. I literally panicked, first I thought my site was hacked or something. Then upon searching on Google for the message, I realized it’s Wordfence that is kicking me out of my own site.

    The message is very unspecific without giving me a reason:

    You have been temporarily locked out of this system. This means that you will not be able to sign-in or use several other features that may compromise security. Please try back in a short while.

    Return to the site home page

    If you are a site administrator and have been accidentally locked out, please enter your email in the box below and click “Send”. If the email address you enter belongs to a known site administrator or someone set to receive Wordfence alerts, we will send you an email to help you regain access. Please read this FAQ entry if this does not work.

    So I sent added my email address to the text box, got an email telling me to login, same thing. I can’t access my own website. It’s been 10 minutes, I’m still locked out. Next step is go go to my cpanel to delete it, I guess.

    Edited to mention – if I get back my site AND if I find a reasonable reason for me getting locked out, I’ll edit my review rating.

    • This topic was modified 1 week, 4 days ago by  kislany.
Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author WFSupport

    (@wfsupport)

    Hi,

    We’re sorry you had the issue but without more information I can’t possibly tell you what happened. I searched for a post from you here, but didn’t find one. Did you post a question? We actually have paid staff there to assist our free customers.

    From the page you saw I would guess you tripped a rate limiting rule but again, that’s all speculation. If you’d like to post in the link I gave we’d be happy to help. If you already have and I missed it, post a url link to it here so I can make sure someone takes a look. Include a screenshot of the error you saw, if you have one, there. Other good info to include would be the specific steps you took right before it locked you out, any other security plugins you are running, and if you were able to get back in at all.

    If you get back in, you can install the wordfence assistant plugin. Activate that plugin and click the button marked “Disable Wordfence Firewall”. This will deactivate the login security rules and the rate limiting rules for wordfence, even if it is not active. Then activate wordfence (install if you deleted it) and as long as you didn’t remove the database tables you should be able to activate live traffic and find your IP address there to see what happened. The message should be in red. What I think may have happened is either
    1.) Your server isn’t seeing the correct IP addresses of visitors and other attempts to login locked you out. In that case, setting the wordfence option for “How does Wordfence get IPs” to the correct options would fix it. (you can google ‘whats my ip’ to see yours. If you want to see which setting sees what IP, look at the wordfence > tools > diagnostics page in the IPs section. The one that lists your correct IP is the one you should use.
    2.) You are breaking a rule you set in your rate limiting rules. It might be that there is a missing pixel or something on the generated pages that is causing you to exceed the rule for a ‘human’s pages not found (404s)’. If that is the case, in the post I asked you to make, let us know and I can suggest some that might work better for you. I can also show you how to whitelist that missing file just from the rate limiting rules so it doesn’t block you again.

    We’re looking forward to assisting you further in the forums. Please let me know when the post is live.

    Yes, I’m back on the site. I renamed the plugin in my Cpanel, logged in and then renamed it back. So far so good. I don’t have a screenshot of the error message, but I copied it in my post above, that’s basically what it said.

    So far I had no more problems. I still don’t understand why it kicked me out, but hopefully it was for a good reason.

    Updated my rating.

    Plugin Author WFSupport

    (@wfsupport)

    Just let us know on the forums I linked to if it does. Capture a screenshot of the error and try to remember exactly what was going on right before it did.

    Did you check the IPs section of the Diagnostics page to see if your IP was being reported correctly? I’d rather make sure that was working now than have to scramble after a lockout. Also, if you want to email me your current rate limiting rules to wftest [at] wordfence [dot] com (reference this url if you do – https://wordpress.org/support/topic/bye-bye-wordfence-was-good-while-it-lasted/ ) I can look and tell you i they are likely the issue.

    tim

    Will do, thanks.

    In the IP section nothing was recorded, nothing was banned, etc. But will check again in case I looked in the wrong place.

    Thanks for all your help.

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this review.