Conversation
supportI tried to log into my website and was denied access with an error message stating that 2FA was required. I am the only website administrator. I tried a second time and now Wordfence has locked me out. I requested the unlock email and never received anything. I tried a few times with no success. Any assistance would be greatly appreciated!
Have the same problem, wordfence locked me out despite my IP is in White list for 2fa and when I try to send unlock email I see “There has been a critical error on this website.” Looks like I should delete Wordfence immediately after unlocked
Hi @ascenteducation2023 , sorry to see you’re having issues. If you’ve configured 2FA through Wordfence and no longer have the recovery codes or ability to access via the authenticator app as normal, you can do the following: Please use FTP/SFTP – or any file manager your web host provides via their administration panel. Look inside the /wp-content/plugins/ directory and rename the wordfence directory to wordfence.bak . This will deactivate Wordfence and allow you to login without the 2FA code. Once you have logged in to your WordPress admin you can name the folder back to wordfence again. You can reapply 2FA and download new backup codes from your user profile later, although I would recommend we try to solve any other issues with the site first. Emails are sent using the default functions WordPress itself uses on your server, so if they’re not arriving there may be an issue with an email configuration, an SMTP plugin, or sendmail/postfix (whichever your server uses). Many thanks, Peter. @vwe3evs : If the above doesn’t work to regain access, please open a new topic referencing your issue (and post here if you like), as dealing with multiple issues in the same topic can be hard to follow for the original poster.
The only reason I suspect it’s Wordfence is because when I try to login in multiple times, I get blocked. I don’t even see a folder called Wordfence in my File Manager to change the name, as suggested. But somehow the Wordfence shows the HTTP response code 503. When I request the unlock email, I never receive it. I’ve tried at least 6 times on both admin accounts.
Hi @ascenteducation2023 , thanks for the extra background. If the 503 is a Wordfence-branded page it sounds like you might be caught out there by the amount of allowed login attempts. There could be a change in server configuration that’s now affecting “How does Wordfence detect IPs” in Wordfence > All Options , or if you’ve recently installed another plugin that affects the login flow (membership plugins, role editors, etc.) Wordfence’s Login Security features such as 2FA and reCAPTCHA are only guaranteed to work with WordPress and WooCommerce default login/registration pages. If the login flow is being affected by another plugin with one or both of those enabled in Wordfence, I can see why you may have failed at multiple attempts despite having the correct username/password. It sounds unusual that /wordfence would not be present in /wp-content/plugins/ , so if you do have Wordfence installed, there’s a chance your host doesn’t show you the full contents of the WordPress folder. I would check with them where WordPress installations are so you can regain access to your site. Thanks again, Peter.
Have the same problem, wordfence locked me out despite my IP is in White list for 2fa and when I try to send unlock email I see “There has been a critical error on this website.” Looks like I should delete Wordfence immediately after unlocked
Hi @ascenteducation2023 , sorry to see you’re having issues. If you’ve configured 2FA through Wordfence and no longer have the recovery codes or ability to access via the authenticator app as normal, you can do the following: Please use FTP/SFTP – or any file manager your web host provides via their administration panel. Look inside the /wp-content/plugins/ directory and rename the wordfence directory to wordfence.bak . This will deactivate Wordfence and allow you to login without the 2FA code. Once you have logged in to your WordPress admin you can name the folder back to wordfence again. You can reapply 2FA and download new backup codes from your user profile later, although I would recommend we try to solve any other issues with the site first. Emails are sent using the default functions WordPress itself uses on your server, so if they’re not arriving there may be an issue with an email configuration, an SMTP plugin, or sendmail/postfix (whichever your server uses). Many thanks, Peter. @vwe3evs : If the above doesn’t work to regain access, please open a new topic referencing your issue (and post here if you like), as dealing with multiple issues in the same topic can be hard to follow for the original poster.
The only reason I suspect it’s Wordfence is because when I try to login in multiple times, I get blocked. I don’t even see a folder called Wordfence in my File Manager to change the name, as suggested. But somehow the Wordfence shows the HTTP response code 503. When I request the unlock email, I never receive it. I’ve tried at least 6 times on both admin accounts.
Hi @ascenteducation2023 , thanks for the extra background. If the 503 is a Wordfence-branded page it sounds like you might be caught out there by the amount of allowed login attempts. There could be a change in server configuration that’s now affecting “How does Wordfence detect IPs” in Wordfence > All Options , or if you’ve recently installed another plugin that affects the login flow (membership plugins, role editors, etc.) Wordfence’s Login Security features such as 2FA and reCAPTCHA are only guaranteed to work with WordPress and WooCommerce default login/registration pages. If the login flow is being affected by another plugin with one or both of those enabled in Wordfence, I can see why you may have failed at multiple attempts despite having the correct username/password. It sounds unusual that /wordfence would not be present in /wp-content/plugins/ , so if you do have Wordfence installed, there’s a chance your host doesn’t show you the full contents of the WordPress folder. I would check with them where WordPress installations are so you can regain access to your site. Thanks again, Peter.