Recently, I locked myself out of a WordPress site that used the All-In-One Security plugin to prevent logins from blocked IP addresses. After running some tests, the plugin did its job and blocked the IP range, preventing me from logging in to the admin. This problem presents as being unable to login with credentials you know to be valid and no error message on the login page. This can also be due to session issues, or disabling login error messages altogether.
To verify that the security plugin is the problem, you should check out the security log. From the repository root, the file can be found at
all-in-one-wp-security/logs/wp-security-log.txt. In the more likely event that you installed the plugin via WordPress, look for
Unblocking Your IP Range
You’ll need command line access, or the ability to run SQL commands. Any of the following should work:
- MySQL CLI
- Ability to upload and run PHP scripts.
First, check that the table exists. If you use table prefixes, be sure to modify the table name in these examples to match your table name.
SHOW TABLES LIKE '%login_lockdown%';
If you see a table name, you’re in good shape. If not, you’re probably in the wrong database, not using the same plugin, etc. In the next step, verify that your IP address range is blocked. Use the % character to do wildcard searches, since it can block an entire range.
SELECT * FROM aiowps_login_lockdown WHERE failed_login_ip LIKE "123.45.67.%";
If results are returned, look at the rows and see which usernames/times are safe to unblock. If all the rows are safe to unblock, the following command will delete everything you just selected.
DELETE FROM aiowps_login_lockdown WHERE failed_login_ip LIKE '123.45.67.%';
To delete specific entries, use the ID column to specify which rows to delete:
DELETE FROM aiowps_login_lockdown WHERE id IN (324, 325, 326);
You should now be able to log in!
The PHPMyAdmin method is similar to what’s listed above:
- Find the appropriate database
- Locate the login_lockdown table
- Find any records that are blocking your IP range
- Delete them