[ad_1]
We are a small nonprofit with a WordPress site. It is not hosted at wordpress.
We are locked out of the login page with no way to recover anything. Last night i somehow managed to have this page show instead of the plain “admin has locked you out” (i am admin).
I can’t get it to appear again to do email recovery. I am using an FTP client to force my way in and deactivate Wordfence, I get a connection but none of our passwords are working. We have not changed them recently. Could we have been hijacked?
I’m not sure what to do anymore, our IT consultant company wants to get in touch with the host but doesn’t know who hosts our website, only our domain registrar (not the same).
[ad_2]
Yes, possibly been hacked, or the site could be under attack and other people (bots) are trying to log in and locking the account.
You could use a tool like [https://hostingchecker.com/]) to see who hosts the site.
can you get into php myadmin and disable wordfence?