I am experiencing the same thing. Two of our full Admins (but never me) get a “Your access to this site has been temporarily limited by the site owner”. The message asks that they contact the owner of the site for assistance. How can I set Wordfence to reduce its aggressiveness? I don’t see a Settings capability. If I can’t reduce its aggressiveness, where do I go in the WP dash to undo our Admin’s inability to log in?
Hi @johnp, thanks for getting in touch.
We don’t recommend allowlisting IP addresses unless absolutely unavoidable as this allows them to bypass all Wordfence protection. Naturally if these aren’t fixed IPs and are later reassigned to somebody with malicious intent, that could become an issue.
When looking at your Live Traffic feed to determine the users’ IP addresses, were you able to find the cause of the block, usually given in red text when expanding the table row?
The blocks could be linked to your Brute Force or Rate Limiting settings, or you may be told about a firewall rule that blocked them automatically.
IP detection being wrong on your site is also a common reason, so a legitimately triggered block for another user/bot may now be affecting all visitors including legitimate ones. Take note of your own IP on your main device: https://www.whatsmyip.org.
Once in (using the rename method above) head over to Wordfence > All Options > General Wordfence Options > How does Wordfence get IPs and reference the area under that section that says Detected IPs and Your IP with this setting. See if any of the options there when picked accurately reflect your IP. If one does, don’t forget to hit the SAVE CHANGES button in the top-right after you’re done.
Let me know how you get on!
Peter.
Thread Starter
JohnP
(@johnp)
I agree that whitelisting IPs is not an ideal solution, especially now that many people “work from home” ie: all over the place.
When I expand the table row in Live Traffic, the only information in red text is “failed login”. WordFence considers them to be human.
I am new to the site in question, and only just installed WordFence (always one of my top priorities), so the Brute Force and Rate Limiting settings are the default.
I have changed to new, strong passwords for all admin users.
My (new) username has never been blocked, and IP detection is accurate in my case.
I have made a new account for the main Administrator, and she is now able to log in successfully (via a whitelisted IP).
The third Admin was able to log in without being whitelisted, so it seems my immediate issue is sorted.
Thank you very much for your advice Peter.
I’ll mark this as resolved, although any further information would be welcome.
