Invalid key provided for authentication.

Hi ritesh2190,
Did you request the unlock email from a different IP than the one you are trying to access your site from?

Are you currently locked out of your site? If you are blocked by Wordfence it’s your IP that has been blocked and you should be able to reach your site via another internet connection. If you try via your cell phones internet connection or such for example.

Hi fritzbarnes,
The IP is mainly relevant because blocks are made on an IP level. So if for example every IP that accesses the site gets blocked I was thinking that the person might be getting blocked again before reaching the unlock function if they were coming from a new IP.

When an unlock email is requested a local value is stored on your site. Then when you attempt to use the link that was emailed the site tries to verify that the link contains that value. The purpose of this is to make sure that the unlock function can not be exploited. A request must have been made in a proper way for the link to work.

Is it possible that your email program is adding some character to the URL or somehow changing the URL structure?

If not, it is possible that your site is not able to save the local value that it in a later stage attempts to verify against. In other words, your site could be having issues saving things in the database. If you are using any type of cache it is also possible that the cache is causing WordPress transients to work in an unexpected way. When we store the value that is used for validation we use the WordPress function “set_transient” and they are expected to be valid for 30 minutes.

• This reply was modified 9 years, 6 months ago by wfasa.

Hi again fritzbarnes,
I checked our records and it appears we have a recent bug filed that could be related. It pertains to the use of ipv6 addresses when using the unlock function. If using an ipv6 address the unlock may fail. Our internal case reference number is FB3248 and it’s scheduled to be fixed in one of the upcoming versions of Wordfence.

For now, if you need to regain access to your site quickly you can always log in via FTP/SSH and rename the wordfence folder in wp-content/plugins. Once logged in you can enable Wordfence again by naming the folder back to “wordfence” and then change the setting that caused you to be locked out.