Hi - i experienced some strangeness that i think might be attributable to Wordfence thus share as fyi in case it is ...
while developing on a recent site i noticed that two of my client machines on my internatl network were blocked from my WP Multisite development server ... no matter what user i tried to log in with from those two machines, WordPress login message would fire generic message about needing to turn on cookies ... yet on the primary client machine, i could log in no problem with any user name ...
fast forward and solution = turns out that after i emptied the Wordfence tables, i was able to log in thus the problem cleared ...
inbetween figuring out what was going on, i had un-activated all plugins, tried different themes, removed mu plugins, enabled debug mode, etc but to no avail ... i then re-optimized WordPress tables, restarted server just incase there was a leech process being triggered at lower level but i digress ...
once the Wordfence tables (meta values and not the config options), everything came back to life ... hence this forum post ...
my sense is that my ip got flagged for some reason and maybe then matched to my machine address which might explain why one machine was fine but the other two could not log in* ... i'm running a firewall going out through cable provider so even my 3rd machine that was on wireless network all three showed same cable provider ip address ...
if i'm correct in that there is some kind of throttle going on, then perhaps a better error message would be in order -e.g., instead of saying "get your cookies" (which is not the problem thus misleading) to something like -> "hey - log ins from this ip are flagged - please call tech support yada yada" ...
the other thing i thought strange was even with Wordfence turned off (deactivated) the failed logins from other machines were present ... which further suggests something got stuck into a WP table somewhere that really locked that throttle ..??...
Kudos to a really cool plugin as Wordfence is awesome ... best of ongoing success ... cordially, chuck scott
*technically limiting logins to one machine per session = BRILLIANT and i was testing WP-Bouncer plugin last week that does similar - only allows one log in from one device at a time ... so my reason for posting this is not so much about the way Wordfence works, as much as it is about the error message that was not helpful ...