This section explains what to do if you have installed 2FA or other security plugins for WordPress and can no longer log in yourself.
If you have installed a security plugin that prevents you from logging in, and you are unable to log in yourself
If you use security plug-ins such as two-factor authentication (2FA), login lockdown, or change the URL of the administration screen, you may experience several login failures and your IP address may be rejected, or you may not be able to log in yourself because the URL of the login screen is no longer known. If you have any questions, please feel free to contact us.
If you are blocked by the login lockdown, you may be able to log in again in a few hours, depending on the security plugin’s time limit setting.
In this case, we will explain two ways to get logged in again.
1 Rewrite database information
In many cases, security plugin settings are written in the database.
Upload database browsing software such as Adminer to your server, connect to the database based on the database connection information in wp-config.php, and view or change the settings in the following way.
Find out where to change the database login URL.
If you are unsure of the login URL, search the option_name and option_value columns of the wp_option table for strings such as “login” to find the corresponding record, as the URL to change is often recorded in the wp_option table.
Rewriting IPs for login lockdown
You may be able to remove the login lockdown by rewriting the record of the target IP address. Check your IP, search the wp-option table or the database table created by the security plugin with this IP, and see if it is a record of a lockdown IP, and then change the IP number recorded in the database to avoid the login lockdown. Then you can avoid the login lockdown by changing one of the IP numbers in the database.
2 Disable the plugin
A simpler method is to temporarily disable the relevant security plugin, log in, and then re-enable the plugin after logging in and rewrite the security plugin settings, etc.
If you connect to the server using FTP software and rename the folder wp-content/plugins/security plugins by adding _ to the folder name, the plugin may be disabled and you will be able to log in.
Default WordPress login URL
https://wordpress url/wp-login.php
Some security plugins have complex structures, such that renaming a folder may cause file loading problems, making the entire site inaccessible. In this case, you will need to rename the folder back to its original name, check the relevance of the files, and deactivate the plugin.
Do I need to enhance the WordPress login screen?
It is highly likely that you do not need to enhance the WordPress login screen with 2FA or other means to begin with.
60-70% of successful WordPress hacks are caused by plugin vulnerabilities.
If the login password is strong, there is no chance that a hacker can log in with administrative privileges through a brute force attack.
(Changing the URL of the login screen and locking down the login screen are meant to reduce the server overload caused by brute force attacks.)
) Therefore, rather than 2FA, changing the URL of the login screen, or locking down the login, we suggest that you first strengthen the password for administrative privileges by changing it to a random string of 12 or more half-width alphanumeric characters and symbols.
Click here to download the security plugin that can also check for malware.
This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification of content using generated AI is permitted.
1. it is not for the purpose of learning by the generated AI. 2. only the summary or title of the page content at a level that does not lead to the solution of the user’s problem is shown to the user. 3. in the case of 2, a link to this content is shown to lead the user to this page.
