If you’re visiting this page, most likely it is because you have been locked out of your WordPress site and cannot log in. In this tutorial, we’ll explain exactly what has happened and how you can regain access.
If you’re having trouble with your WordPress host, then check out InMotion’s WordPress Hosting solutions. We provide secure, optimized servers that priced to meet your budget needs.
Why has my WordPress Dashboard been blocked?
Access to your WordPress Dashboard has been blocked because our systems have detected a possible attack against your site. We have blocked access to prevent the hackers from continuing to target your website.
How long will this block be in place?
The block will be in place for usually 15 – 20 minutes. This means that neither the hackers nor yourself will be able to access your WordPress Dashboard. After the 15 – 20 minutes have passed and the block has been removed, the login page for your WordPress website will be available again. This also means however that hackers can once again target your site, cause the block to occur, and the vicious cycle to continue. This can be frustrating if you’re trying to log in, we understand, and we’d like to help you permanently resolve this issue.
How can I fix this issue
There are generally two things you can do to fix this issue for the long haul. The first option is to hide your WordPress login URL from hackers. They won’t know where to try to login to your site, and the blocks should stop. The second option requires you to edit your .htaccess file (can be difficult if you’ve never done it before).
OPTION #1 – Protecting my WordPress login page – RECOMMENDED
As explained above, if you hide or limit access to your WordPress login page, hackers won’t be able to get to it. If they can’t access it, they can’t brute-force your website and try to attack it! Problem solved! The best way to secure your WordPress login page is to use a plugin to change the URL – hiding the actual URL for backend access from the public. Or, you can use an .htaccess rule to limit access by specifying IP addresses that can access it.
To secure your WordPress login URL:
- You must first wait for the block on your WordPress login page to be lifted. It usually lasts roughly 15 – 20 minutes.
- After the block has been lifted, follow the steps in this article to change/hide your WordPress login page from hackers. You can use a plugin like iThemes Security to change your WordPress backend URL, or you can use .htaccess rules to allow only specific IP addresses to your WordPress Administrator URL.
For more steps you can take to prevent brute force attacks, check out our tutorial on WordPress Brute Force attacks.
OPTION #2 – Block ALL access except your own IP address – ADVANCED
If you’re familiar with editing files and you’re comfortable with editing your .htaccess file, you can follow the steps in this article to block all IP addresses except your own to your WordPress login page. This will stop hackers from reaching your login page altogether.
Congratulations! You’re now familiar with fixing a WordPress login that has been temporarily blocked. If you continue to have issues with your WordPress login, then we recommend that you contact our live technical support team for immediate assistance.