How to unblock my own admin account after 5 failed login attempts?
I got the message:
Sorry, there have been more than 5 failed login attempts for this account. It is temporarily blocked. Try again later or request a new password.

But when I log in my account is active and after I log out I cannot log in ;/

Any hints?
Regards
Greg

Comments

dman’s picture

Start with the troubleshooting guide (or a search. Limiting the search to handbook pages usually helps)

drupalnesia’s picture

Read this:Recovering your Drupal 7 administrator account password

The easiest way is use "Request new password" which will send new password to your email.

Note: Drupal 7 password reset method different than Drupal 6. I have edited the link above to include the flooding protection in Drupal 7.

mcdoolz’s picture

go into your mysql

'delete from flood'

Necro editing my 3 year old post to say if you're using Drush you can punch in 'drush sql-query "delete from flood"'

-
Be the occasion.

Alan Oliveira’s picture

it works!

pfhenley86’s picture

This worked for me as well. Thanks!

gash7’s picture

thank you...

leistiko_texvet’s picture

I went in, found the "flood" table, deleted all entries (But not the table. That would be a silly thing to do.), and my blocked users were able to log in again. Woot.

skobe’s picture

kudos and appreciation for this precise answer!

jbleys’s picture

thank you!

TheSyndicateX’s picture

works fine thanks!

hiramanpatil’s picture

This worked for me...thanks.

Gapster’s picture

Thanks! Works...I was deleting user denied records from the watchdog table.

MichaelP’s picture

the drush command worked like a charm for me

glauberjs’s picture

Thanks @mcdoolz!!

Marmouset’s picture

Thank you !

so simple that I didn't even thought about this =)

ddease2’s picture

thanks!

tansylam’s picture

I did the most stupid thing by blocked my own account after 5 failed login. The Drupal 7 website is running on acquia stack right now and I need to upload to the hosting company ASAP.
I checked the troubleshooting post at http://drupal.org/node/329274. However, I couldn't find the mask, %admin% in the accessing table in the SQL DB.

I have the email set up to email my gmail account and probably tried to email the reset password link from drupal page hundred times tonight.
However, I didn't receive any email at all.

Can anyone help??

Tansy

dman’s picture

a search may help.

If you are running a local host and haven't got a local mail server configured then there is a good chance that your emails aren't getting out, so you need to admin the database yourself.

dman’s picture

Thanks for the updates to the docs, Heine!
Does this mean that in D7 the old mysql MD5() method doesn't work any more at all?

joshicsin’s picture

Go to your phpmyadmin (or the one you have) and navigate to users table in your database.
Edit the row with the uid 1.
Provide your credentials like name, password and set status to 1
Also, select MD5 as function against the password field.

Let us know if this works for you.

Regards.

audster’s picture

Nope this didn't work either.

I tried creating a completely new user in the DB, and I can't log in as that person either!

banging head against wall now...

ouch ouch ouch

FloridaMark’s picture

Hi-

I searched the documentation and don't see where the timeout period is given. How long does D7 block access after 5 failed login attempts?

I am trying to learn D7 and goofed my login up on a hosted installation but would like to know the answer to this for general purposes.

Thanks!

Heine’s picture

FloridaMark’s picture

None of the links or articles posted that I could find explain what the time out period is on the password logout. After extensive trial and error I think it is about two hours. It seems to be longer than one hour and shorter than three hours.

Anyway, lot's of helpful posts for the others who also locked themselves out. Thank you for posting.

audster’s picture

Thanks, but I've tried that in every form imaginable and get nothing but
"command not found"

Doesn't matter from where I try to invoke, how I specify dir (.. / . // )
will not generate a has of my new password.

I sent a reply to that post also detailing this.

Any one have any ideas how to get back in?

I was working on the site 2 days ago and everything was fine.
I go to log in today and when I click "login" it's as if nothing happened.

I've tried refreshing the page. I've emptied browser cache. Used different browsers.
Site has emailed password link, sends me back to home page to login.
Verified my settings.php file for base URL and cookie domain...

Am i really going to have to wipe the server clean and start again??

jimeast123’s picture

My question is how do we turn off the login block. Certainly admins must have that ability. Please don't answer if you don't know the answer and especially don't send a link to a non answer.

kvguser’s picture

.

UpTil4Music’s picture

Not the best solution, but it worked for me.

  • Temporarily changed file permissions for /sites/default and /site/default/settings.php to 777
  • Pasted the $drupal_hash_salt from settings.php on another working install to settings.php on problem site
  • Reset file permissions for /sites/default and /site/default/settings.php to original (something like 505 and 444, write down the original)
  • Pasted encrypted password from user 1 on working install to user 1 on problem site
  • Emptied 'flood' table on problem site
  • Logged in with user 1 password from working install

Downsides to consider:

  • Major problem with this approach is that all outstanding one-time login links will be invalidated, and possibly every other user's password, too. Everyone else may have to request a new password to get back in. This was a site under development with only a few test accounts, so no big deal for me, but you could make a user base of any size pretty upset doing this.
  • Second problem, you now have two sites using the same salt for password encryption. Not sure how big of a security risk this would pose for either site, but it is something to consider. Copying from a local working install would be the safest route.

Hope this helps someone else.


And without faith it is impossible to please God, because anyone who comes to him must believe that he exists and that he rewards those who earnestly seek him. - Hebrews 11:6
fxarte’s picture

This is D7 behavior.
Here is the solution:http://drupal.org/node/1023440

Basically, if you can access your DB, you need to do this:

DELETE FROM `{flood}`;
saji89’s picture

After deleting all the entries in table 'flood' I was able to login again in Drupal 7.

HyperD’s picture

Excellent! thank you for the help.
I was stuck just now. I deleted the content of the table flood and everything worked

mwbyrd’s picture

Solved my problem!

ambientdrup’s picture

Syntax was not working for me. This worked:

DELETE FROM flood

-Trevor

mariohernandez’s picture

I had already reset my password by creating a PHP page in the root of my site and navigating to that page in the browser. The content of the php page is

<?php
define('DRUPAL_ROOT', getcwd());
require_once DRUPAL_ROOT . '/includes/bootstrap.inc';
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);

require_once 'includes/password.inc';
echo user_hash_password(‘temp-pwd');

die();
menu_execute_active_handler();
?>

(Where "temp-pwd" was the temporary password I assigned). Navigating to this page in the browser generates a long code string which I copied to my clipboard. Then I navigated to the "users" table and edited the Administrator account (User 1). Pasted the code generated by the page I above into the "pass" field. However even after doing this I was not able to login because I had attempted to login more than 5 times. This is when I cleared the "flood" table and that solved the problem.

wscomn’s picture

Yep, clearing the Flood table worked for me... Thanks so much!

sami-an’s picture

Ok

DELETE FROM `{flood}`;
joshicsin’s picture

Here is another way to get it working

Add following code in your index.php after drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);

/**
 * Reset password
 */
  require_once 'includes/password.inc';
  echo user_hash_password('admin'); 
  die();

Get the hash and paste in the password field in db.

Regards.

extremist99’s picture

Solved by above code. thanks joshicsin.

shinoj999’s picture

At first Thanks joshicsin.
Solved by above code. my problem

dildileep’s picture

i tried all the solution provided here .. but some thing has gone wrong... its not working for me.. i have changed password and deleted flood nut still its showing unrecognised password

johanneshahn’s picture

Hi,
i tried clearing flood table, cache tables and restart my apache
deleted browser session and cookies, but cant login.

how to clear that, without wait one or two hours?
what is the process in background?

a hacker can flood admin account.
and admin cant access.

there needs to be a ip based login for roles.

johanneshahn’s picture

hi,
i truncate flood table then i have to wait one or to hours to login again.
function "flood_is_allowed" in file common.inc near line 1222 returns FALSE because
$threshold is bigger then $number from query. After a while $number is lower than $threshold.
But how to reset $number to 0 immediately?
tried FLUSH variables, close tables, restart mysql, etc. but nothing helps.

function flood_is_allowed
....
  $number = db_query("SELECT COUNT(*) FROM {flood} WHERE event = :event AND identifier = :identifier AND timestamp > :timestamp",      
  array(
    ':event' => $name,
    ':identifier' => $identifier,
    ':timestamp' => REQUEST_TIME - $window))
    ->fetchField();
....
  return ($number < $threshold);
wizonesolutions’s picture

If you can get into the server, install Drush and use the upwd command. This is by far the easiest method. You should be able to do it remotely too using a local Drush installation if you're on shared hosting. You just have to set up a site alias for your remote site. See drush docs-aliases.

Support my open-source work: Patreon | Ko-Fi | FillPDF Service

pjbarry21’s picture

1) Login into your phpMyAdmin panel and select the 'flood' table
2) Click the all the record in the table (or click the "select all" link at the top or bottom of the check boxes)
3) Click the delete action, then confirm when it asks you again
4) Clear your browser cache and close all your web browsers
5) As far as PW recovery, I'm not sure how to do it.

Good luck!

maxplus’s picture

Thanks,

deleting the entries in the flood table through phpmyadmin solved my problem

ramugo1’s picture

Yes...truncating the table 'flood' my problem is solved!!!

Thanks guys,
Ramu

volde001’s picture

Goto location
wamp/www/drupal/sites/default/settings.php
Edit that settings.php file with default settings.php file

Thats it
Execute and njoy!!!!

Chimos’s picture

Accidentally, I blocked my user in Drupal through the users administration (the only admin... yes). Then the page refreshed and naturally I had no access to anything in admin/config.
I accessed the database and in 'users' table and edited my user:
status was in '0' and I changed it to '1'. And I was active again.
That worked for me.

franciscoomana’s picture

I made the same mistake but I don't know how to access the database and correct user status. Please help.

VM’s picture

using your database tool on your host. typically phpmyadmin

franciscoomana’s picture

It did not work.

VM’s picture

That would be odd considering it's the only setting for a blocked user. Are you sure you performed the task properly?

Bes2theFort’s picture

This is the fastest and easiest way the log in after 5 failed login attempts.

1. Install the Flood module https://drupal.org/project/flood_control
2. Enable the Flood module
3. Go to admin/settings/system/Flood control
4. Change the "Failed login (username) window" from 6 hours to None
5. Save
6. Try to login again. It worked for me

Your welcome

VM’s picture

actually the fastest and easiest is to empty the flood table in the database.

albertomota’s picture

Plus it is an easy option for anyone, even someone inexperienced who blocked their own admin account. Just truncate "flood" table from the database. Careful not to delete the table, just truncate the rows.

igenroot’s picture

Thanks for sharing.... It work for me.. :D

BassPlaya’s picture

Thanks Bes2theFort! This worked for me.

Authentically,
BassPlaya

jshcd’s picture

DELETE FROM flood

Also worked for me.

Padmini karthik’s picture

update users SET pass='$S$DPPhpOAx3B.3LhaDQpO1wcVEUzARK8UCPdCjDFWXrTeQZkZXLmnL' where uid=1;

$S$DPPhpOAx3B.3LhaDQpO1wcVEUzARK8UCPdCjDFWXrTeQZkZXLmnL = newpwd

thank you

LynetteW’s picture

If you have drush:

drush unifusername to see if a user is blocked

drush uublkusername to unblock the user

devad’s picture

"DELETE FROM flood" works in Drupal 8 as well. Thnx!

---------------------------------------------------
Drupal developer. Available for new projects

SivaprasadC’s picture

Yep, clearing the Flood table worked for me too... Thanks much!

phthlaap’s picture

drush php-eval '\Drupal::database()->query("DELETE FROM `flood`")'