Solve Login Attempt Lockouts on WordPress

“Too many failed login attempts” is a frustrating message that you may have seen. If you see “Please try again later” when you try to get into your WordPress site, you’re not the only one. One of the most common problems WordPress users have is this one. It can be annoying and stressful, especially if you need to make changes right away.

I can still remember the first time this happened on one of my writing blogs. After typing the wrong password a few times, I was locked out of my own website. I had added a security plugin to stop brute-force attacks. It was funny because I had set up security to keep hackers out, but it also locked me out!

The good news is that this problem has a clear answer. You can fix WordPress login try lockouts in this guide. We’ll also talk about why they happen and how to stop them from happening again.

Login Attempt Lockouts: Why They Happen

It is important to know why the problem happens before we try to fix it.

1. Plugins for security

Limit Login Attempts Reloaded, Wordfence, and iThemes Security are some plugins that will block users instantly if they try to log in too many times with the wrong password. A brute-force attack can’t get into your site, but the owner can’t get in if they forget their password.

2. Protect against brute force attacks

Bots often go after WordPress sites and try thousands of different username and password combinations. Locking out users from logging in is meant to slow down or stop these hacks.

3. Incorrect or Forgotten Credentials

People make mistakes all the time—if you type your password wrong a few times, the system locks you out.

4. The detection of suspicious activity

Some security systems will block IP addresses if they see strange login behavior, even if it’s the site owner.

As a side note, I used to handle a client site whose IP address kept changing (dynamic internet connection). The security plugin locked out every new IP address because it thought it was strange. Some fine-tuning was needed to fix it.

How to Fix WordPress Lockouts After Trying to Login

Let’s go over the steps you need to take to get back in. Start with the simpler fixes and work your way up to more complex ones if you need to.

1. Wait it out

Having to wait is sometimes the easiest thing to do. Most security apps only block you for a short time, usually between 15 and 60 minutes. You can try to log in again after the timer runs out.

If you are not in a hurry and are aware of your credentials, this is perfect. But if you need to get something done quickly, you’ll want faster fixes.

2. Delete your browser’s cookies and cache

Messages that lock you out are sometimes saved in your browser’s cache. Try this:

• Clearing your cookies
• Refreshing your browser
• Using incognito mode to access the website

This works if the lockout is caused by the browser and not the service.

3. Use a different IP address

If your IP address is blocked, try these things:

• Restarting your wireless router frequently results in a new IP address.
• Moving to mobile data.
• Using a VPN.

This briefly gets around the blocked IP restriction.

4. Use FTP or File Manager to turn off the security plugin.

If you’re still locked out, you might need to turn off the app that’s locking you out.

How to do it:

• Go to the cPanel or control page for your hosting account and log in.
• Open File Manager or join through FTP (FileZilla).
• Go to this link: /wp-content/plugins/
• Find the plugin folder (“wordfence” or “limit-login-attempts”).
• Change the folder’s name (limit-login-attempts-disabled, for example).

At this point, the plugin is turned off right away, and the lockout limit is gone. Once lockout is fixed, you were now able to sign in and change the settings.

5. Clear all logged-in attempts from the database (phpMyAdmin)

You can clear the lockout information manually if it is saved in the database:

1. Use your hosting’s cPanel to log in.
2. Open phpMyAdmin.
3. Choose the database for WordPress.
4. Check for tables that have to do with failed logins (these are often made by plugins).Example: (limit_login_attempts and wplog-ins_failed wp)
5. If there are any rows with blocked IPs, delete them.

Tip: Before you make changes, you should always back up your information.

6. .Modify the rules in .htaccess (Advanced)

Lockouts are sometimes set up with.htaccess rules.

1. Use FTP or File Manager to connect.
2. Look in the root location for the.htaccess file and open it.
3. Check for rules that block IPs, such as “Deny from 192.168.xx.xx.”
4. Get rid of or cross out the line.
5. Save, then upload again.

7. Change your WordPress login credentials

If you got locked out because you forgot your password, changing it might help.

Methods for resetting:

• By clicking “Forgot Password” on the login page.
• In phpMyAdmin, go to the wp_users table, change your username, and then change your password (using MD5 encryption).
• If your host allows it, through the WP-CLI command line:

• wp user update admin –user_pass=newpassword

8. Get in touch with your web host

Your server company can help if none of these work. These things are possible:

• Add your IP to the whitelist.
• Reset the access to your account.
• Verify the firewall rules on the server side.

This is how I fixed a client’s lockout when the host’s ModSecurity rules were stopping them.

Stopping Future Lockouts of Login Attempts

Is it good to fix the problem or is it better to stop it from happening? If you don’t want to get locked out again, follow these tips:

1. Put your own IP address on a “whitelist.”

You can add known IPs to a “whitelist” in most security plugins. Don’t get locked out; add your home or work IP address.

2. Turn on two-factor authentication

Use 2FA for better protection instead of just limiting the number of times you can log in. You won’t need strict lockout settings this way.

3. Make use of a password manager

With a tool like LastPass, 1Password, or Bitwarden, you’ll never again type in the wrong password or forget it.

4. Set reasonable limits on lockouts.

Avoid implementing overly strict rules, such as “block after two failed attempts.” Instead, consider fairer options, such as:

• After five attempts, you will be locked out.
• Set a timer for 15 minutes.

5. Maintain Backup Access Methods.

Always keep:

• An FTP program installed.
• Login information for hosting saved securely.
• Copies of your admin accounts for additional WordPress users saved.

6. Use a Web Application Firewall (WAF).

Use tools like Cloudflare or Sucuri that filter malicious data before it gets to WordPress instead of just locking out users who have logged in.

7. Maintain an eye on logged-in activity

Set up email notifications for failed logins. So, you’ll be able to tell the difference between your own mistakes and real hacking efforts.

Something I’ve Learnt About Working with Clients

One worried client called me: “I can’t get into my WordPress site; it says I’m blocked for 24 hours!” Their site was hacked, they thought. When I checked, I saw that they had lost their password, which locked them out of Wordfence.

To address the issue, we disabled Wordfence using FTP, logged in, and set up two-factor authentication (2FA) to enhance long-term security.

This experience taught me that not all problems are technical; sometimes, they arise from user error exacerbated by stringent settings. Maintaining a balanced approach is highly beneficial.

What Not to Do: Common Mistakes

• Using “admin” as your username: This is the first thing hackers look for.
• Using lockouts as the only form of security: add more layers, like 2FA.
• Ignoring plugin ban rules: Every plugin has its own rules, so make sure you know them before you enable them.
• Ignoring backup accounts: You should always keep a copy of your WordPress admin account.

Last Thoughts

It can be frustrating to get locked out of WordPress after trying to log in several times, but it also means that hackers can’t get into your site. The important thing is to find the right mix between security and ease of use.

Clearing your browser’s cache, turning off plugins, and refreshing your databases are all things that can help you get back into your site. More importantly, the precautions will make it less likely that you’ll get locked out again in the future.

Looking for professional help with WordPress security or other website issues?

Feel free to get in touch with me if you are still having trouble with login lockouts or if you need help setting up a strong WordPress security system.

• Visit us at Preet Web Vision
• 📞 Phone: +63-9633112000
• 📧 Email: hello@preetwebvision.com

To get video guides, follow our YouTube channels:

• Preet Tech Ideas (English)
• Preet WebXP (Hindi)

Let us know what you think! Have you ever been unable to access your WordPress site? How did you get back in that worked best for you? Leave a comment below with your question or story. We’re always here to help and talk.