The Wordfence "Manual Block by Administrator" is an error caused by the way in which the system generally reads "normal" traffic from accessing a WordPress site due to the way in which it's rate-limited several credentials.
The main cause of the problem is the way in which the system has been designed to block the increasing amount of "referral spam" constantly bombarding websites.
Whilst it generally succeeds in protecting websites, the core issue is that it can often be too zealous – leading to the errors you're experiencing.
The cause of the problem is WordFence – a security plugin for WordPress.
Wordfinance basically acts as a "firewall" for WP websites, allowing you to block various websites and traffic from accessing your system.
To appreciate the cause of your error, you have to understand that Wordfence works on "blocking" inbound traffic depending upon different criteria attributed to the different requests.
The error shows as follows:
Your access to this service has been temporarily limited. Please try again in a few minutes. (HTTP response code 503)
Reason: Manual block by administrator
Important note for site admins: If you are the administrator of this website note that your access has been limited because you broke one of the Wordfence advanced blocking rules. The reason your access was limited is: "Manual block by administrator".
The reason it shows is down to how WordFence blocks inbound traffic.
Each time someone accesses a website, a series of "HTTP Headers" are appended to the request, which let the server know about everything from the system's operating system, to IP address to the referral website that originally sent it.
The big problem we've got with your site / app is that it is blocking traffic which it deems to be rogue, but is actually legitimate.
The main reason is due to the "rate limiting" feature of the system (which basically requires multiple requests from the same source in a short space of time – typical of many "referral SPAM" attacks).
The fix is to ensure Wordfence is working properly, which can be done using the steps below.
The general solution to the issue is to ensure that your Word installation is able to operate as effectively as possible.
To do this, you first need to ensure that you are first able to remove any of the ineffective blocks / filters, and then determine the correct way to get it set up.
The most important thing here is that if you're unable to access the site yourself, you may need to forcibly remove the plugin from the site's "plugins" directory. This is the first step; if you already have access – ignore it and start with step 2.
Step 1 – Remove Wordfence From Plugins Directory (Only If You Do not Have Any Access To The Site)
The first step is only applicable if you're completely locked out from your site …
Once you've done this, try accessing your WordPress website again.
The system should deactivate the Wordfinance plugin, allowing you to start using the system again.
If this is the case, you'll then need to install the "WF Assistant" plugin, which allows you to control how Wordfence works without having access to the plugin directly:
This will allow you to rename the "wordfence" folder again without getting locked out of your website.
Step 2 – Remove Rate Limitations
If you have access to the WordPress backend / admin area, you need to remove "rate limiting" from the Wordframes settings.
This can be done using the steps below:
The reason this is important is because Wordfamily basically has a built-in tool that's meant to prevent the multitude of fake referral SPAM that's become pervalent now.
Essentially, hackers / spammers will set up VPS servers and then use them to send 100's of requests to different websites every second.
These spam injections have no purpose except to pollute website's referral logs with fake websites – leading to them hopefully being promoted. Obviously, it does not work and site owners are left with 100's of false referrals to deal with.
Wordfence works to recognize these requests by using a "rate limiter". This is a system which allows you to limit the number of requests received from a particular source in any given time.
As such, if you disable this functionality, it should stop the "manual block" error you're seeing.
Step 3 – Manage Rate Limitations
Disabling the Rate Limiter is not a solution in itself; rather a way to gauge wherever the system is able to work with it.
The real solution is to have the "rate limiter" enabled, but to ensure that the filters are not causing "real" traffic to be blocked …
This should ensure that the block is not applied to actual (human) traffic.
If you're still experiencing the error, it means that your underwriting Wordfence installation is not set up correctly.
Either removing the plugin entirely, or re-installing a fresh version will typically resolve the issue.