Locked out of my blog account because Wordfence 2FA stopped working

Hi @hayzen11, thanks for getting in touch!

I’m happy to provide you instructions on how to get back into your site. If you have lost or replaced your old phone and can no longer access your site(s), and you have misplaced the 2FA backup codes, you can follow these steps:

• Please use FTP/SFTP — or any file manager your web host provides via their administration panel.
• Look inside the /wp-content/plugins/ directory and rename the wordfence directory to wordfence.bak. This will deactivate Wordfence and allow you to login without the 2FA code.
• Once you have logged in to your WordPress admin you can name the folder back to wordfence again.
• Go to your user profile and add 2FA back to your account, making sure to download the backup codes in case of problems in the future.

Thanks,

Peter.

That sounds like an Authy issue, not a Wordfence issue because of the backup password. Still, the way Pete told you to get in is correct. I do know that we give you backup codes when you enable 2FA for your account. Make sure you download those when you re-enable 2FA again.

There is another way to get in too but only if you have added the site in Wordfence Central (a free site management tool in your account on wordfence.com).

• Login to Wordfence.com and look for the Configuration tab.
• Click the gear icon at the end of the row that the site you need to access is on.
• Scroll down to the Login Security Options section and expand it by clicking the small black arrow to the right.
• In the section that says “Allowlisted IP addresses that bypass 2FA” add your public facing IP address.

NOTE : You can get your public facing IP by clicking this link.

• Scroll back to the top of the screen and save the changes.
• You should now be able to login to your site with just a username and password.

Tim

Thank you, that worked!