A couple months ago, I got the iThemes Security WordPress plugin and set the auto-away mode from 12:00am to 6:00am. After all, I’m asleep at those times and it would make no sense to keep my admin login and backend open at these times. Or so I thought. There were nights where I would stay up late, and just recently on my trip to China, I was locked out in the middle of the local time of day!
In this situation, it’s not possible to unlock yourself by going to your WordPress admin, because it’s locked down. You’ll have to dig into your site’s files, via an FTP client or SSH. When you get to the plugin’s files, one line of code will disable the auto-away lockout until you can change the settings.
What you will need
- An FTP or SSH Client
- If using the preferred method above: a text editor, such as Notepad++ or Sublime Text. Choice is up to you.
- Your site’s FTP/SSH details. If you don’t know, ask your site/network administrator or manager. The details you will need are:
- The FTP host name. Usually this is just your site’s address or something like ftp.yoursitename.com.
- Port. By default this is 21, although secure connections require port 22.
- Type of connection: SFTP or FTP.
- FTP Username
- FTP Password
Step 1: Getting connected
If you already know how to connect to your site via FTP or SSH, you can skip to Step 2.
Via FTP
Open FileZilla, go to File → Site Manager (Ctrl/Cmd + S). Click the “New Site” button and enter your site’s details. Then, hit the “Connect” button.
If you do not know your site’s FTP connection details, you will need to contact your site administrator.
Via SSH
In an SSH-supported terminal (Terminal for Mac OS/Linux, Cygwin/PuTTY for Windows), type:
ssh myusername@mysite
Replace myusername
and mysite
with the appropriate details. Then follow the instructions.
Step 2: Get to the plugin
In the FTP or SSH client, navigate to your WordPress root. Then, go to the following path:
wp-content/plugins/better-wp-security/core/modules/away-mode
Important note: Depending on when you installed the plugin, the better-wp-security folder may be named something like “ithemes-security
“.
Comment: By editing just the Auto Away module, you are ensuring that the other security features of the plugin are not affected. You can also manually disable the plugin by creating a folder called disabled in your wp-content/plugins directory and moving the better-wp-security/ithemes-security folder within. However, this will not change the Auto Away settings once you put the plugin back in its place.
Now you should see a file called class-itsec-away-mode.php
. Open this with your text editor. In FileZilla, right click the file, then select “View/Edit”.
Step 3: Edit the plugin file
The critical part. Perform a search for the line “public static function is_active
” (Ctrl/Cmd + F in most editors). On the latest version of iThemes, this is on line 27. Now add a new line immediately below:
return false;
What this does is cause the away-mode
module to automatically indicate to the plugin, “there is no lock-out in effect”.
Your code around the is_active
function should now look like this. You added Line 2.
public static function is_active( $get_details = false ) { return false; require_once( dirname( __FILE__ ) . '/utilities.php' );
Save the file to the server. FileZilla users: save the file in your text editor and click “Yes” when prompted in FileZilla.
At this point, make sure not to close any FileZilla or text editor windows.
Step 4: Your wp-admin, unlocked
Go to your site’s WordPress Admin. Hooray, it is now unlocked!
Change or remove your site’s Auto Away settings. After you have done that, undo all the changes in your text editor and save the file to the server. That is, remove the return false;
line of code that you just added. This is very important lest you want your Auto Away to never work again!
an alternative and easier way is to delete the file /wp-content/uploads/ithemes-security/itsec_away.confg
Thanks, After add return false; login to dashboard and edit time auto away
Thanks
In some cases, AwayMode might not be the problem. It could be the Hide Backend feature which redirects any attempt on the default wordpress admin url to a custom location. Or some other iThemes feature. You could try accessing your plugins direcory under wp-content and temporarily renaming the ithemes folder to anything. This will enable access to the admin panel where you can change/disable any ithemes settings
Doesn’t work this at all.
I’ve updated the post, iThemes updated their codebase a while back and the updated solution should work now.
This does not work anymore. Tried the updated solution of Ren, but it would not work. Still locked out.
I’ve updated the post, iThemes updated their codebase a while back and the updated solution should work now.
Please not, as of today (2016-09-19)
the file has moved to:
plugins/better-wp-security/core/modules/away-mode/class-itsec-away-mode.php
The function you’re looking for, and where to place the ‘return false’ is:
public function run_active_check() {
return false;
global $itsec_logger;
…
}
Still works, thanks! 🙂
The
run_active_check
function does not return a value (see its specification). I’ve updated the post though, and the current solution should now work.I had the problem with to many wrong passwords. I didn’t have access to the database so I opened filezilla and browsed threw the iThemes plugin files. I found ‘class-itsec-lockout.php’ which handles the lockout. I emptied the contents of the function ‘execute_lock’ and placed an empty return.
The lock was now gone, I logged in and added my current IP to the whitelist, changed the file back the way it was and my problem was solved.
Hope I helped someone with my solution.
I searched for especially this answer. eveybody wrote about changes in the database, but i’m not good in this. thank you so much!!! it workes perfect.
Hi Geoffrey
I tried this method already.
But when I want to log with wp-admin, its still failed.
Its point me to 404 error pages.
Same goes with this ithemes method. https://ithemes.com/security/fixing-ithemes-security-lockouts/
Again, point to 404 error pages.
please help
You saved my life too, thank you!
Thanks for the guide Geoffrey
Thank you for the quick workaround. Made a mistake by enabling this because didn’t realize my WP timezone wasn’t configured accurately.
You saved my life 🙂 I don’t know anyway why I’ve put this options on :-/
Thanks Ur my hero of this week!
This works for me as back door when I was locked out just like in your case. Thanks for the trick!
Thanks! That solved my issue.
I guess the Away Mode setting went back to the original when I upgraded my plugin. This helped me get back in while I was in the middle of composing a post. Thanks!