Hi there,
Sorry to hear of the trouble you’re having. Can you have your web person login and check who is setup to receive alerts from WordPress? This is setup in WordPress and not in Wordfence. Is your account a site administrator? What other plugins do you have installed?
-Brian
It looks like Wordfence might not be set up correctly for your server, but I’m not positive why a reason is not listed. (There might be some cases where that is ok, though.)
There could be a few reasons why your web person isn’t locked out — but before we check on that, could you ask him or her if your site uses a “reverse proxy,” such as CloudFlare, Varnish, nginx (in certain setups), or any other?
If so, they may need to adjust the Wordfence Option, “How does Wordfence get IPs”.
If it’s CloudFlare, they could add the CloudFlare plugin, or choose the “CF-Connecting-IP” option in the “How does Wordfence get IPs” option. (One or the other — not both!)
Most others would use the option “X-Real-IP” or “X-Forwarded-For”.
But if the site is not using any of these, it should be left as the first option, and let us know here — then we can check some other items.
Thank you for your responses. I don’t have any of those answers. I am going to forward this to my web person and see what he says. Thank you!
So all he did was send me a screen shot of this message:
“Your request was received
We received a request to email “info@____.ca” instructions to unlock their access. If that is the email address of a site administrator or someone on the Wordfence alert list, then they have been emailed instructions on how to regain access to this sytem. The instructions we sent will expire 30 minutes from now.”
I have done that myself multiple times and never get an email. My web person is ZERO help. Is there a company or someone I can pay that will take care of this? I have a major project coming up and NEED my website to be functioning ASAP. Please help!
Do you mean that the developer has now been locked out as well? (Is that their email address?) Sorry to hear they couldn’t help so far.
If you can still get the developer to do one thing, they should be able to disable Wordfence so you can log back in, using this process.
They should connect by FTP or SFTP (whichever way they uploaded the original site files), look in the folder “/wp-content/plugins/”, and rename the “wordfence” folder to “wordfence-disabled”
Once it is disabled you should be able to log in again.
(If you have used FTP before and have the FTP password to your site, you might be able to do this yourself.)
The site won’t be protected from the people who keep getting you locked out, so there are longer instructions here for setting Wordfence back up:
http://docs.wordfence.com/en/Help!_I_locked_myself_out_and_can%27t_get_back_in._What_can_I_do%3F
I’m not sure why you’re getting the lockout email, unless it’s being sent to your spam folder — that is common with small sites and/or shared hosting.
^^ Thank you for your help! He was able to remove word fence and I can now login. We will have to look at reinstalling I guess to prevent the site getting hacked… hopefully this doesn’t happen again.
That’s great that you are able to log in again!
When reinstalling Wordfence, you might want to temporarily disable the firewall and login security options, and have the developer check out this link, to make sure Wordfence is set up correctly for your server first:
How does Wordfence get IPs?
Once that option is set correctly, it should be ok to turn the firewall and login security options back on.
I’m marking this request resolved, but if there is trouble when reinstalling, you can make a new post, of course.
