Hi @zian00, sorry to hear you’ve had trouble with hackers and now blocking.
It’s quite likely that malware linked to the breach running when you navigate the site, or high amounts of activity attempting to access your site could be blocking you by mistake. When IP detection is wrong, a legitimately triggered block for somebody else may affect all visitors including yourself.
When you’ve been accidentally blocked, rename the /wp-content/plugins/wordfence plugin folder to “wordfence_bak” (without quotes). This should let you access and log into your site normally.
You can then rename the folder back to “wordfence”, but if you become blocked again immediately it’s sometimes necessary to install the Wordfence Assistant plugin to disable the firewall before trying to reenable Wordfence. This would allow you to remove your IP block from the Wordfence > Blocking page.
Take note of your own IP on your main device: https://www.whatsmyip.org and head over to Wordfence > All Options > General Wordfence Options > How does Wordfence get IPs. Reference the area under that section that says Detected IPs and Your IP with this setting. See if any of the options there when picked accurately reflect your IP. If one does, don’t forget to hit the SAVE CHANGES button in the top-right after you’re done.
Don’t forget to also reenable the firewall again.
In terms of the hack on your site, we always recommend updating the passwords for your hosting control panel, FTP, WordPress admin users, and database no matter where you think the threat may have originally come from.
Our site cleaning instructions are here: https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
We always recommend using complex unique passwords along with 2FA for your administrative accounts Additionally, you might find the WordPress Malware Removal section in our free Learning Center helpful.
I hope that helps you out!
Peter.
