In this tutorial:

If you're visiting this page, most likely it is because you have been locked out of your WordPress site and cannot login. In this tutorial, we'll explain exactly what has happened and how you can regain access.

Why has my WordPress Dashboard been blocked?

Access to your WordPress Dashboard has been blocked because our systems have detected a possible attack against your site. We have blocked access to prevent the hackers from continuing to target your website.

How long will this block be in place?

The block will be in place for usually 15 - 20 minutes. This means that neither the hackers nor yourself will be able to access your WordPress Dashboard. After the 15 - 20 minutes has passed and the block has been removed, the login page for your WordPress website will be available again. This also means however that hackers can once again target your site, cause the block to occur, and the vicious cycle to continue. This can be frustrating if you're trying to login, we understand, and we'd like to help you permanently resolve this issue.

How can I fix this issue

There are generally two things you can do to fix this issue for the long haul. The first option is to hide your WordPress login URL from hackers. They won't know where to try to login to your site from, and the blocks should stop. The second option requires you to edit your .htaccess file (can be difficult if you've never done it before).

OPTION #1 - Hiding my WordPress login page - RECOMMENDED

As explained above, if you hide your WordPress login page, hackers won't be able to find it. If they can't find it, they can't bruteforce your website and try to attack it! Problem solved!

To hide your WordPress login URL:

  1. You must first wait for the block on your WordPress login page to be lifted. It usually lasts roughly 15 - 20 minutes.
  2. After the block has been lifted, follow the steps in this article to change / hide your WordPress login page from hackers.

    Please note!
    If you've waited 20 minutes and cannot login to your dashboard, you will need to follow the directions in this article and then start again at Step 1 (above).

OPTION #2 - Block ALL access except your own IP address - ADVANCED

If you're familiar with editing files and you're comfortable with editing your .htaccess file, you can follow the steps in this article to block all IP addresses except your own to your WordPress login page. This will stop hackers from reaching your login page all together.

Continued Education in Course WordPress
You are viewing Section 2: WordPress Login Temporarily Disabled - FIX
Section 1: I received a "Your site has updated to WordPress 3.x.x" email
Section 3: 10 recommended steps to lock down and secure WordPress
Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question
n/a Points
2014-03-02 4:51 pm

Hi, Our wp-admin access has been blocked for longer than 15 - 20 minutes, more like 1 hour. Please lift the ban so we can make the necessary changes to protect it from future.

We appreciate you taking the steps to protect our site. May we have it back now. Thanks!

T. Zimmer

Domain: www.joyofhandspinning.com

Staff
9,162 Points
2014-03-03 11:28 am
This is a systematic lockdown that is in effect for all users. To avoid it, you will need to lock down your WordPress admin using .htaccess. Both of these methods are shown within this article. Once this is in place, your WordPress admin will then become available within 10-15 minutes.
n/a Points
2014-03-11 1:05 am

You can also disable the ModSec manager through cpanel, and it will unlock your site.. just while you do necessary security changes and then re-enable it to enforce more security. 

n/a Points
2014-03-25 2:29 pm

This is an incredibly annoying feature. I wish I had known about the ModSec manager before importing a new version of a site to an existing WP install. After pointing to the new DB in wp-config.php and refreshing /wp-admin to log in, an attempt of entering my credentials immediately resulted in this block. Now, the site I'm trying to work on is stuck in limbo for the moment. Extremely annoying for power users. Thanks for the mention, Fernando. Now I know for future reference. And now, back to waiting...

Staff
17,293 Points
2014-03-25 3:06 pm
Hello D. Hitem,

Sorry for the headaches with the WordPress login headaches. Unfortunately, as noted by WordPress, brute force attacks to hit their application because of its popularity. While turning off ModSec can help you avoid some of the security foibles, it's not recommended as you're removing the server-wide rules to help mitigate these attacks. The .htaccess rules are highly recommended. Check out this article for further information:

Stopping WordPress brute force

Please understand that this is definitely a hot-button topic with web hosting these days, so it's constantly being reviewed. We should hopefully see improvements to the modsec rules to prevent these issues from continually happening in the near future.

Regards,
Arnel C.
n/a Points
2014-04-03 7:02 am

I am baffled as to what to do.

I was told to advised to use Inmotion and Wordpress as for those with very limited IT experience this was by far the easiest and most reliable team.

I am still locked out and am starting to get extremely frustrated I do nove to go and pay for a webmaster which is exactly at I didn't want !!!

Staff
9,162 Points
2014-04-03 8:03 am
Both hiding your WordPress login and restricting access to your own IP as explained in this article are great ways to stop the brute force attacks as well as allow you back into your site. If you are unable to successfully accomplish his based on the steps in this article as well as the articles that are linked from it, you may want to contact technical support where they are able to access your account and locate what exactly you may be doing wrong.
n/a Points
2014-04-03 3:50 pm

What do I do in the case where I have member to my site that login to view training videos? I can't hide the login page for them.

Thanks

Staff
9,968 Points
2014-04-03 4:43 pm
Hello Sam,

You would just need to give your members the new login page URL if you decided to use the HC Custom WP-Admin URL plugin to change your login URL.

Otherwise you'd need to lock down WordPress admin access with .htaccess by either using a secondary admin password or restricting access by IP address.

Please let us know if you had any further questions at all.

- Jacob
n/a Points
2014-06-04 6:27 pm

Okay, so after being blocked.  I'm now back in..........Admin login page has been changed by the suggested plugin.

But my front end is GONE.  I can still get around in the Admin area just fine, my pages and post are just fine.  But when I go to Visit Site, there is nothing.......just a blank screen.  I've changed themes to see if that would work, and still nothing.

HELP, Please.   (www.sonnyslisttmp.com)

Staff
17,293 Points
2014-06-04 6:55 pm
Hello Sonny,

Jacob and I were looking at the site and it appears that there was a plugin conflict with wp-live-chat-support-pro and htcustom admin plugin. We disabled them and the page comes up with no problem. However, you may want to login with with the WordPress admin and disable the plugins for now. The problem is definitely related to a conflict with one or both of these plugins, because the front end does work when it's disabled. We unfortunately cannot resolve that for you, but you may want to contact the author of the plugin to proceed.

Let us know if you have any further questions or comments.

Regards,
Arnel C.
n/a Points
2014-07-18 12:40 am
Did not tell me how to regain access to my webpage as stated
Staff
9,162 Points
2014-07-18 10:05 am
Within this article, you may review the various options under the How can I fix this issue? header which will block unauthorized attempts that cause your login to become disabled.

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

13 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!