Hi @tictag,
Depending on the strictness of your settings, users can be locked out for attempting their email address rather than username. You could send the screenshot to wftest @ wordfence . com. Please include your forum username in the subject and reply here once you’ve sent it so we can take a look.
Thanks,
Peter.
Hi @tictag, thanks so much for sending that over.
This is an issue we have entered a case to resolve in a future update. In testing, if the username for an account is an email address, log in works under regular circumstances but if we use an incorrect password once, a block will be triggered for: Used an invalid username 'zxcvbnm@zxcvbnm.com' to try to sign in. They will be blocked immediately rather than being given the amount of failed password attempts specified in your Brute Force settings.
If the block has already lapsed, they can try again with the correct password (if known) or use the “Lost your password” link on the WordPress login page to reset it to something memorable in the mean time.
Thanks,
Peter.
