iThemes Security Lockout Fix

Updated February 26, 2026 • Expert Guide • Prime AI Tech Solutions

Looking for the best options? Compare top-rated services and get expert guidance.

Get Free Quote ›

iThemes Security Lockout Fix: Regaining Access to Your WordPress Site

iThemes Security (now Solid Security) is a powerful plugin that helps protect your WordPress website. However, sometimes, it can inadvertently lock you out, preventing you from accessing your admin panel. This article outlines several methods to resolve an iThemes Security lockout and regain control of your site.

Understanding Lockout Causes

Lockouts usually occur because iThemes Security detects suspicious activity, such as too many failed login attempts within a short period, often set to 5 attempts within 5 minutes. This triggers the plugin to block the suspected IP address to prevent brute-force attacks. While this is a beneficial security feature, it can sometimes mistakenly block legitimate users, including yourself.

Troubleshooting and Solutions

Here are several methods to fix an iThemes Security lockout. Start with the easiest and move down the list.

  1. Wait it Out: The simplest solution is to wait. iThemes Security usually has a temporary lockout period, often around 15-30 minutes. After this time, your IP address should be unblocked, and you can try logging in again.
  2. Check Your Email: iThemes Security often sends an email notification when a lockout occurs. This email may contain a link to immediately unlock your IP address. Look for an email with the subject "WordPress Site Lockout Notification" or similar.
  3. Use FTP to Rename the Plugin Folder: If waiting doesn't work, you can disable the iThemes Security plugin via FTP.
    1. Connect to your website using an FTP client (e.g., FileZilla).
    2. Navigate to the /wp-content/plugins/ directory.
    3. Locate the ithemes-security folder.
    4. Rename it to something like ithemes-security-disabled.
    5. Try logging into your WordPress admin panel. With the plugin disabled, you should be able to access it.
  4. Access Your Database via phpMyAdmin: As a last resort, you can manually disable the plugin through your database.
    1. Access your hosting control panel (e.g., cPanel).
    2. Open phpMyAdmin.
    3. Select your WordPress database.
    4. Find the wp_options table (the prefix 'wp_' may vary).
    5. Search for the active_plugins option.
    6. Edit this option and remove the line containing ithemes-security/ithemes-security.php. Be very careful when editing the database.

After regaining access, reactivate iThemes Security (if you disabled it) and review your plugin settings. Consider whitelisting your IP address or adjusting the lockout thresholds to prevent future lockouts. Remember to consult iThemes Security's official documentation for detailed configuration instructions.

Ready to take the next step? Get personalized recommendations from verified experts.

Compare Options ›
Recommended on Amazon Shop on Amazon ›