How to Access WordPress Site if Locked out by Wordfence 2FA

If Wordfence 2FA (Two-Factor Authentication) has locked you out of your WordPress site, follow the two steps in this guide to regain access.

Step 1: Install FileZilla

FileZilla is a popular Secure File Transfer Protocol (SFTP) software required to FTP to your WordPress site’s backend. If you have not installed FileZilla, download and install it before proceeding to Step 2 below.

Step 2: Disable Wordfence

1. Open FileZilla and enter your WordPress hosting Server’s IP address in the Host field, SFTP username and password, and the port (22 for SFTP). After entering the details, click Quickconnect.

2. Once you successfully FTP to the server, navigate to “/public_html/wp-content/plugins,” right-click the wordfence folder, select Rename and append “_” to the end without the quotes.

Step 3: Sign in to WordPress

After disabling the Wordfence plugin, you should be able to sign in without 2fa.

Step 4: Re-enable Wordfence

While logged in to WordPress, return to the FileZilla and rename the Wordfence plugin folder to its original name, without the “_”. Once you do that, the plugin will be activated.

Once it is activated, open the Wordfence Login Security page. Then, disable and re-enable 2FA.

Conclusion

If you’re locked out of your WordPress site by Wordfence 2FA, it can be scary, but recovering your site is very straightforward. As this guide demonstrates, all you need to do is sign in to the host server via an FTP client like FileZilla.

Once you sign in, navigate to the Wordfence plugin folder and rename it. After renaming the folder, the plugin is deactivated, which allows you to sign in without requiring a 2FA.

Finally, from the FTP, rename the Wordfence folder to its original name, then, back in your WordPress dashboard, deactivate and reactivate 2FA.

I’m confident I made your day with this guide, but I would like to hear from you. Provide feedback by clicking the “Was this page helpful?” feedback request below.