InMotion Hosting Support Center

In this tutorial:

If you're visiting this page, most likely it is because you have been locked out of your WordPress site and cannot login. In this tutorial, we'll explain exactly what has happened and how you can regain access.

Why has my WordPress Dashboard been blocked?

Access to your WordPress Dashboard has been blocked because our systems have detected a possible attack against your site. We have blocked access to prevent the hackers from continuing to target your website.

How long will this block be in place?

The block will be in place for usually 15 - 20 minutes. This means that neither the hackers nor yourself will be able to access your WordPress Dashboard. After the 15 - 20 minutes has passed and the block has been removed, the login page for your WordPress website will be available again. This also means however that hackers can once again target your site, cause the block to occur, and the vicious cycle to continue. This can be frustrating if you're trying to login, we understand, and we'd like to help you permanently resolve this issue.

How can I fix this issue

There are generally two things you can do to fix this issue for the long haul. The first option is to hide your WordPress login URL from hackers. They won't know where to try to login to your site from, and the blocks should stop. The second option requires you to edit your .htaccess file (can be difficult if you've never done it before).

OPTION #1 - Hiding my WordPress login page - RECOMMENDED

As explained above, if you hide your WordPress login page, hackers won't be able to find it. If they can't find it, they can't bruteforce your website and try to attack it! Problem solved!

To hide your WordPress login URL:

  1. You must first wait for the block on your WordPress login page to be lifted. It usually lasts roughly 15 - 20 minutes.
  2. After the block has been lifted, follow the steps in this article to change / hide your WordPress login page from hackers.

    Please note!
    If you've waited 20 minutes and cannot login to your dashboard, you will need to follow the directions in this article and then start again at Step 1 (above).

OPTION #2 - Block ALL access except your own IP address - ADVANCED

If you're familiar with editing files and you're comfortable with editing your .htaccess file, you can follow the steps in this article to block all IP addresses except your own to your WordPress login page. This will stop hackers from reaching your login page all together.

Continued Education in Course WordPress
You are viewing Section 4: WordPress Login Temporarily Disabled - FIX
Section 3: I received a "Your site has updated to WordPress 3.x.x" email
Section 5: 10 recommended steps to lock down and secure WordPress

Support Center Login

Social Media Login

Social Login Joomla

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question
n/a Points
2014-03-02 4:51 pm

Hi, Our wp-admin access has been blocked for longer than 15 - 20 minutes, more like 1 hour. Please lift the ban so we can make the necessary changes to protect it from future.

We appreciate you taking the steps to protect our site. May we have it back now. Thanks!

T. Zimmer


11,186 Points
2014-03-03 11:28 am
This is a systematic lockdown that is in effect for all users. To avoid it, you will need to lock down your WordPress admin using .htaccess. Both of these methods are shown within this article. Once this is in place, your WordPress admin will then become available within 10-15 minutes.
n/a Points
2014-03-11 1:05 am

You can also disable the ModSec manager through cpanel, and it will unlock your site.. just while you do necessary security changes and then re-enable it to enforce more security. 

n/a Points
2014-03-25 2:29 pm

This is an incredibly annoying feature. I wish I had known about the ModSec manager before importing a new version of a site to an existing WP install. After pointing to the new DB in wp-config.php and refreshing /wp-admin to log in, an attempt of entering my credentials immediately resulted in this block. Now, the site I'm trying to work on is stuck in limbo for the moment. Extremely annoying for power users. Thanks for the mention, Fernando. Now I know for future reference. And now, back to waiting...

28,417 Points
2014-03-25 3:06 pm
Hello D. Hitem,

Sorry for the headaches with the WordPress login headaches. Unfortunately, as noted by WordPress, brute force attacks to hit their application because of its popularity. While turning off ModSec can help you avoid some of the security foibles, it's not recommended as you're removing the server-wide rules to help mitigate these attacks. The .htaccess rules are highly recommended. Check out this article for further information:

Stopping WordPress brute force

Please understand that this is definitely a hot-button topic with web hosting these days, so it's constantly being reviewed. We should hopefully see improvements to the modsec rules to prevent these issues from continually happening in the near future.

Arnel C.
n/a Points
2014-04-03 7:02 am

I am baffled as to what to do.

I was told to advised to use Inmotion and Wordpress as for those with very limited IT experience this was by far the easiest and most reliable team.

I am still locked out and am starting to get extremely frustrated I do nove to go and pay for a webmaster which is exactly at I didn't want !!!

11,186 Points
2014-04-03 8:03 am
Both hiding your WordPress login and restricting access to your own IP as explained in this article are great ways to stop the brute force attacks as well as allow you back into your site. If you are unable to successfully accomplish his based on the steps in this article as well as the articles that are linked from it, you may want to contact technical support where they are able to access your account and locate what exactly you may be doing wrong.
n/a Points
2014-04-03 3:50 pm

What do I do in the case where I have member to my site that login to view training videos? I can't hide the login page for them.


9,968 Points
2014-04-03 4:43 pm
Hello Sam,

You would just need to give your members the new login page URL if you decided to use the HC Custom WP-Admin URL plugin to change your login URL.

Otherwise you'd need to lock down WordPress admin access with .htaccess by either using a secondary admin password or restricting access by IP address.

Please let us know if you had any further questions at all.

- Jacob
n/a Points
2014-06-04 6:27 pm

Okay, so after being blocked.  I'm now back in..........Admin login page has been changed by the suggested plugin.

But my front end is GONE.  I can still get around in the Admin area just fine, my pages and post are just fine.  But when I go to Visit Site, there is nothing.......just a blank screen.  I've changed themes to see if that would work, and still nothing.

HELP, Please.   (

28,417 Points
2014-06-04 6:55 pm
Hello Sonny,

Jacob and I were looking at the site and it appears that there was a plugin conflict with wp-live-chat-support-pro and htcustom admin plugin. We disabled them and the page comes up with no problem. However, you may want to login with with the WordPress admin and disable the plugins for now. The problem is definitely related to a conflict with one or both of these plugins, because the front end does work when it's disabled. We unfortunately cannot resolve that for you, but you may want to contact the author of the plugin to proceed.

Let us know if you have any further questions or comments.

Arnel C.
n/a Points
2014-07-18 12:40 am
Did not tell me how to regain access to my webpage as stated
11,186 Points
2014-07-18 10:05 am
Within this article, you may review the various options under the How can I fix this issue? header which will block unauthorized attempts that cause your login to become disabled.
n/a Points
2015-01-21 12:23 pm

I am one of two admins for our account. I tried the htcustom, but then all users immediately say a pop-up login screen that did not allow them to retreive a lost password so I had to remove that.


What I would like to do is have a special way for only admins to get in, but we work from different locations and via traveling laptop, so i don't think the IP solution will work.


What do you suggest?

28,417 Points
2015-01-21 12:31 pm
Hello Tere,

Sorry for the problem with the login. If you were having problems with the custom login plugin, it's possible that another security setting or plugin was interfering. There are other plugins that you might want to try. For example, Custom login URL. There are others such as Custom Login 3.0 (updated 1/20/2015) which might also provide a solution for you. If the plugins aren't working for you then you may need to contact a developer to create a custom way for you to login to the website.

Arnel C.
2015-04-27 2:26 am
I changed my login URL's s several months ago when this first happened, and I'm getting the blockage again! I have the longest most complicated passwords in history. Perhaps I could worry about my own blogs instead of the system getting all nervous when it sees too many log on attempts! I've never had an issue with Wordpress until I began hosting here!
31,565 Points
2015-04-27 4:53 pm
Hello MysticInvestigations,

You can contact our Live Support and have them disable the mod_security rule for your account that performs this check.

Kindest Regards,
Scott M
n/a Points
2015-05-09 1:43 am

We apologize for the inconvenience! You are seeing this message because your site has recently been targeted by attackers attempting to gain access to your WordPress Dashboard. In order to protect your site your WordPress Login page has been temporarily disabled.

Unfortunately, you will be unable to login to the Dashboard until the block expires.

PLz solve you solution for admin

19,934 Points
2015-05-11 11:41 am
Hello Kazim,

Thank you for contacting us. Sorry to hear you are having trouble logging into WordPress. Have you tried one of the 2 methods described above?

If your problems persist, you can disable Mod_security as a test.

Thank you,
n/a Points
2015-07-16 1:31 pm


I have been locked out of my site for 24 hours now. My understanding is that the block is only supposed to last for 15-20 minutes. Is something wrong? My site is


This is extremely frustrating. It appears I cannot use the mehtods described in this article until the block expires. Why hasn't the block expired?!?!

19,934 Points
2015-07-16 2:15 pm
Hello andrew,

Thank you for contacting us today. If you are still locked out after 20 minutes, most likely the brute-force attempts on your site are continuing, or there is a 3rd party plugin/addon issue.

In step 2 above, it states: "Please note!
If you've waited 20 minutes and cannot login to your dashboard, you will need to follow the directions in this article..."

This should allow you to regain access within 20 minutes.

Thank you,
n/a Points
2015-09-11 5:38 pm

Just to comment that the Single IP suggestion worked perfectly for me and I am back in after a lock out.  I might emphasize to others that part of the complete fix to work is "waiting the 15-20 minutes" after making the htaccess update.  I waited 23 mins. and right in I thanks guys for the great instructions.

n/a Points
2015-09-15 11:40 am

Hi,I have hided my login page now. And thanks to that, now I no longer have access to my admin at all. Not via the old login url and not via the new login url.

I have a security plugin that protects me from login attempts so why are you interfering in? Everything was fine before you blocked my website. And it still is blocked. This is BULLSHIT ! Stop it or I will move to other hosting provider !

28,417 Points
2015-09-16 10:11 am
Hello Ines,

Apologies for the problems with the Wordpress login. Can you give us some more information on the login page that you're having issues with? We would need to test with the URL that you are now using. If you can provide us a little more info, we can investigate it further.

Apologies for the continued issues. Please provide us a little more info and we can look further into the problem.

Arnel C.

n/a Points
2015-10-10 2:42 pm

Hi Team,

I´m not able to access Wordpress for for the 4th consecutive day now, but still getting the error above. Our external websupport just informed me that they have added a wordpress plugin that limits bad passwords to 4 then it locks them out for a period of time. The Error seems to be coming from inmotion they say, as they´ve just tested and can connect to the wp-admin.

Therefore, can you please remove the block for my ip address!?






31,565 Points
2015-10-12 8:39 am
Hello Susann,

If you have followed the instructions above and implemented a security mechanism to prevent this, you can contact our Live Support and have them remove the mod_sec rule that triggers the block for your account.

Kindest Regards,
Scott M
n/a Points
2015-10-29 7:58 pm

So, if I have members who have to log in through WP to access their accounts, and I have more than one person who logs in as admin to work on the site, (both of which appears to mean that I cannot limit access to one IP address and that I cannot hide the login URL), what are my options to keep the site from displaying this message whenever our members are trying to log in and access their recipes (we are a recipe database website)?  I'm puzzled and frustrated with the process since our old hosting (WebSynthesis), which we just moved from a couple of months ago, did protect our database without having to lock the system down.  Thank you for your help.

19,934 Points
2015-10-30 10:38 am
Hello Melanie,

Thank you for contacting us. If your IP addresses change, you can protect your WordPress site by only allowing login requests coming directly from your domain name.

Alternately, you can also allow access from multiple IP addresses.

Thank you,

Post a Comment

Email Address:
Phone Number:

Please note: Your name and comment will be displayed, but we will not show your email address.

29 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?


Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail:
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!