Appears that IP address of admin is blocked for 2 hours

Have you tried:
-deactivating all plugins to see if this resolves the problem. If this works, re-activate the plugins one by one until you find the problematic plugin(s).
-switching to the default theme to rule out any theme-specific problems.

Just a thought, but are you on a WHM/cPanel-based server?

If so, there is a way what you describe can happen, though the error I’ve seen with it is the 403 Forbidden warning.

There is a set of firewall rules, usually OWASP ModSecurity rules, but sometimes other vendors are used, that will block IP addresses for a set time period based on suspicious activity. The OWASP rules, in particular, have a reputation for blocking admin activity on WordPress sites, prompting some server admins to switch to Comodo’s ruleset.

The IP that will be blocked will be the main IP address for your router, not the ones for individual PCs.

Even though the message you’re getting isn’t the same, I would still suspect the problem is a firewall/security related issue on your host’s part. They should be able to look at your server’s access logs and/or the firewall or security suite’s UI to figure it out if you give them your router’s IP address. If they can’t, I’d switch hosts. ??

kmessenger: no, not yet but obviously something I will try if all else fails. I’m on a (child) TwentyFourteen theme which is up to date and has been problem free (although, thinking about it, there was an update a month or two ago, so could be related).

linux4me2: I’m on a shared server with Easyspace rather than a dedicated, so not sure what the platform is, but I will certainly ask.

I agree it seems like a firewall/security issue – I have given them a time limit to sort this with the threat of moving to a different hosting company: my main beef with their (lack of) support is that they don’t read everything I report so suggest things I have already tried (and reported back) and promise to escalate to level 2, but don’t!.

If you’re on a shared server, you’re at the host’s mercy to figure out firewall issues, and that’s a bad position to be in when they’re behaving as you describe. It’s all too common with shared hosting, unfortunately.

You could switch to one of the hosting companies that offers a 30-day trial, move your site, and test it on their server using a temporary URL to see if the problem goes away.

Any suggestions of hosting companies to try?

I would move our site in-house as we have with the email (it is a niche-interest site with low traffic) but there’s no fibre (yet) so the uplink speed is abysmal and I don’t want to end up with a sluggish site ??

See the last entry in this thread.

https://www.ads-software.com/support/topic/locked-out-of-admin-cannot-reset-in-cpanel-or-reset-password-help?replies=17

Yes, I use TML – settings are the default 5 failed logins and 24 hour lockout. There is no “admin” account now – it has been deleted and a new admin account created with a different login name (too many attempts from Ukraine to login…Ukraine is now totally blocked lol).

We *did* have a successful login to an admin account 3 or 4 months ago, so I had to restore the site from a backup and sort out admins etc., but I an 90% sure this problem didn’t start then.

I will disable that plugin now, though, and try and rule it in or out as the cause.

TML deactivated, removed…tried the usual things to kill the site (adding/deleting whitespace from posts) and website dead for me again, so now 2 hours before I can try anything again ??

Are you able to log in here, https://controlpanel.iomarthosting.com/login

Nope. So guess it’s not WHM/cPanel-based?

Try to log in. When the message comes up do a CTRL+U to look at the source code. That may give you a clue.

I get “the details you entered were incorrect – please try again”.

Can’t see anything in the source but not sure what I’m looking for?

When you went here, https://controlpanel.iomarthosting.com/login was is the same message?

Can you log in to PlusNet?

What does the .htaccess file say>?

Yes, can login to Plusnet.

That Easyspace login isn’t “right” for my domain: I usually login to https://controlpanel.easyspace.com/

Using FileZilla to login to FTP, the .htaccess file is:

AddType application/vnd.ms-xpsdocument xps
AddType application/xaml+xml xaml
AddType application/x-ms-xbap xbap
AddType application/x-silverlight-app xap

AddType application/x-ms-application application
AddType application/x-ms-manifest manifest
AddType application/octet-stream deploy

AddType application/x-msdownload dll

FileETag None
Header unset ETag
Header set Cache-Control “max-age=0, no-cache, no-store, must-revalidate”
Header set Pragma “no-cache”
Header set Expires “Wed, 11 Jan 1984 05:00:00 GMT”

# BEGIN WPSuperCache
# END WPSuperCache

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

The message does not look like a server message. More like an application message. You could try logging in to your host, renaming the plugins folder plugins-old and changing to just twenty fourteen.