Here is a short-list of options to get yourself back in to your site if All In One WP Security & Firewall has locked you out of your own site.
All In One WP Security & Firewall is a very popular plugin for WordPress to handle the security of your site. It is very effective at what it does, but it does occassional have some unintended consequences.
This morning I went to get into the admin of this site and I found I was locked out. I knew what it was though, so unlike many users, I had a leg up. I suddenly had an idea for a new blog post. It also made me create a new tag of “Security“, in addition to my “WordPress” tag. Therefore maybe in the future I will post more security related content.
If you get locked out of your own site by All In One WP Security & Firewall You can do a few things:
Easiest and Quickest
The easiest and quickest way to get in is to log in to whatever you use for MySQL management. When you get in find the table named ‘[prefix]_aiowps_login_lockdown’. You might be surprised how large that table is!
Do a query to find any record with your admin login (hopefully it’s unique, and NOT ‘admin’). You can sweepingly delete all records with that username. This is fast and easy but may open up hackers to try again. However, for those on dynamic IP’s, it might be necessary as your IP can change at any time.
After that go to your login and have fun.
A More Focused Method
You can do all of the above to get into the database and find that same table. After that query on your IP and admin login name. See if there are records that match the current IP. You can find your IP address at whatismyip.com. If you find matching records, delete them and then try to log in. If it doesn’t work, you will likely have to resort to the above method.
Disable All In One WP Security Firewall
Another option, though I don’t like it, is to rename the plugin folder. This effectively disables the plugin. Then go login, rename plugin folder back to original and unlock yourself. it works, I just hate disabling and re-enabling plugins for fear of something going sideways.
That being said, it is one of the recommended courses of action, so I had to mention it for a complete list of options.
Conclusion
While I hope you never get locked out of your own site, it does happen on occassion, so be prepared. If it happens to you because of All In One WP Security Firewall, now you have the tools to fix it quickly!
If all of the above fails, you can always reset the plugin.