A couple months ago, I got the iThemes Security WordPress plugin and set the auto-away mode from 12:00am to 6:00am. After all, I’m asleep at those times and it would make no sense to keep my admin login and backend open at these times. Or so I thought. There were nights where I would stay up late, and just recently on my trip to China, I was locked out in the middle of the local time of day!

In this situation, it’s not possible to unlock yourself by going to your WordPress admin, because it’s locked down. You’ll have to dig into your site’s files, via an FTP client or SSH. When you get to the plugin’s files, one line of code will disable the auto-away lockout until you can change the settings.

What you will need

• An FTP or SSH Client
  • Preferred: an FTP client. I will demonstrate using the ever-popular FileZilla.
  • Alternate: (for experts only). Command-line SSH access. Must have a CLI text editor such as Vim or Emacs
• If using the preferred method above: a text editor, such as Notepad++ or Sublime Text. Choice is up to you.
• Your site’s FTP/SSH details. If you don’t know, ask your site/network administrator or manager. The details you will need are:
  • The FTP host name. Usually this is just your site’s address or something like ftp.yoursitename.com.
  • Port. By default this is 21, although secure connections require port 22.
  • Type of connection: SFTP or FTP.
  • FTP Username
  • FTP Password

Step 1: Getting connected

If you already know how to connect to your site via FTP or SSH, you can skip to Step 2.

Via FTP

Open FileZilla, go to File → Site Manager (Ctrl/Cmd + S). Click the “New Site” button and enter your site’s details. Then, hit the “Connect” button.

If you do not know your site’s FTP connection details, you will need to contact your site administrator.

Via SSH

In an SSH-supported terminal (Terminal for Mac OS/Linux, Cygwin/PuTTY for Windows), type:

ssh myusername@mysite

Replace myusername and mysite with the appropriate details. Then follow the instructions.

Step 2: Get to the plugin

In the FTP or SSH client, navigate to your WordPress root. Then, go to the following path:

wp-content/plugins/better-wp-security/core/modules/away-mode

Important note: Depending on when you installed the plugin, the better-wp-security folder may be named something like “ithemes-security“.

Comment: By editing just the Auto Away module, you are ensuring that the other security features of the plugin are not affected. You can also manually disable the plugin by creating a folder called disabled in your wp-content/plugins directory and moving the better-wp-security/ithemes-security folder within. However, this will not change the Auto Away settings once you put the plugin back in its place.

Now you should see a file called class-itsec-away-mode.php. Open this with your text editor. In FileZilla, right click the file, then select “View/Edit”.

Step 3: Edit the plugin file

The critical part. Perform a search for the line “public static function is_active” (Ctrl/Cmd + F in most editors). On the latest version of iThemes, this is on line 27. Now add a new line immediately below:

return false;

What this does is cause the away-mode module to automatically indicate to the plugin, “there is no lock-out in effect”.

Your code around the is_active function should now look like this. You added Line 2.

public static function is_active( $get_details = false ) {
	return false;
	require_once( dirname( __FILE__ ) . '/utilities.php' );

Save the file to the server. FileZilla users: save the file in your text editor and click “Yes” when prompted in FileZilla.

At this point, make sure not to close any FileZilla or text editor windows.

Step 4: Your wp-admin, unlocked

Go to your site’s WordPress Admin. Hooray, it is now unlocked!

Change or remove your site’s Auto Away settings. After you have done that, undo all the changes in your text editor and save the file to the server. That is, remove the return false; line of code that you just added. This is very important lest you want your Auto Away to never work again!