# Access & Lockouts

Access &amp; Lockouts

# Unable to Access Admin

## What This Means

This issue occurs when you are unable to access the WordPress admin area after applying one or more hardening controls.

---

## Common Symptoms

- unable to log in via `/wp-login.php`  
- admin page returns an error (e.g., 403 Forbidden)  
- login page does not load  
- access is blocked unexpectedly  

---

## Why This Happens

Some hardening controls restrict access to sensitive endpoints, including login functionality.

This may occur if:

- access is limited by IP or conditions  
- endpoint restrictions are too strict  
- server rules block legitimate requests  

---

## How to Fix It

Try the following steps:

---

### 1. Use an Alternate Access Method

- try accessing the site from a different network or device  
- disable VPN or proxy services if in use  

---

### 2. Revert the Most Recent Change

If you recently applied a hardening control:

- disable the last applied control  
- confirm whether access is restored  

---

### 3. Access via Hosting Panel

If you cannot log in:

- access your site files through cPanel, FTP, or file manager  
- locate the Steel Security plugin configuration or rules  
- temporarily disable the relevant restriction  

---

### 4. Disable the Plugin (Temporary)

As a last resort:

- rename the Steel Security plugin directory  
- this will deactivate the plugin  
- restore access to your admin area  

You can then re-enable and adjust settings safely.

---

## What to Expect After Fixing

After resolving the issue:

- admin access should be restored  
- login functionality should behave normally  
- you can reapply protections more carefully  

---

## How to Prevent This

- apply hardening controls incrementally  
- test access after each change  
- ensure your access method is allowed before restricting endpoints  

---

## When to Seek Help

If you are unable to regain access:

- note recent changes  
- gather any error messages  
- contact support with details  

---

## Key Principle

Always ensure you have a reliable way to access your site before applying restrictive controls.

---

## Related

- [Restrict Sensitive Endpoints](https://docs.steelsecurity.com/books/hardening-reference/page/restrict-sensitive-endpoints)
- [Unexpected Site Behavior](https://docs.steelwp.com/books/troubleshooting/page/unexpected-site-behavior)
- [Safe Rollback Practices](https://docs.steelsecurity.com/books/plugin-guide/page/safe-rollback-practices)

# Blocked by Hardening Rules

## What This Means

This issue occurs when legitimate requests are being blocked by one or more hardening controls.

This may affect access to certain pages, features, or functionality.

---

## Common Symptoms

- receiving a 403 Forbidden error  
- specific pages or endpoints not loading  
- features or integrations failing  
- inconsistent access depending on location or device  

---

## Why This Happens

Hardening controls restrict access to improve security.

In some cases, these restrictions may:

- block legitimate requests  
- conflict with plugins or themes  
- interfere with integrations or APIs  

This is more likely in environments with custom configurations or external services.

---

## How to Fix It

Try the following steps:

---

### 1. Identify the Blocked Resource

- determine which page, endpoint, or feature is affected  
- note any error messages or response codes  

---

### 2. Review Recent Changes

- identify recently applied hardening controls  
- consider which control may be responsible  

---

### 3. Adjust the Control

- modify the configuration if possible  
- allow necessary access for specific functionality  
- reduce overly strict restrictions  

---

### 4. Test Incrementally

- reapply controls one at a time  
- test after each change  
- confirm which control is causing the issue  

---

### 5. Revert if Necessary

- disable the problematic control  
- restore functionality  
- re-evaluate whether the protection is required  

---

## What to Expect After Fixing

After resolving the issue:

- affected pages or features should function normally  
- appropriate protections can remain in place  
- unnecessary restrictions can be removed or adjusted  

---

## How to Prevent This

- apply hardening controls gradually  
- test functionality after each change  
- understand how controls affect your environment  

---

## When to Seek Help

If the issue persists:

- document the affected functionality  
- note which control is involved  
- include any error messages  
- contact support with details  

---

## Key Principle

Security controls should protect your site without interfering with legitimate use.

---

## Related

- [Unexpected Site Behavior](https://docs.steelwp.com/books/troubleshooting/page/unexpected-site-behavior)
- [Restrict Sensitive Endpoints](https://docs.steelsecurity.com/books/hardening-reference/page/restrict-sensitive-endpoints)
- [Safe Rollback Practices](https://docs.steelsecurity.com/books/plugin-guide/page/safe-rollback-practices)