The extension doesn't forbid access to any account. There is an option to forbid new administrative accounts if enabled (Waf configuration -> user session protection tab), but in this case the account is automatically deleted after creating it and you get a message when that happens.
The issue is that the new admin account enter the wrong password during the first attempt, but when it key in the right password second time, it said "denied access from web master". I had to disable the web firewall in order for the new admin account to log in. Nay i know how to fix this issue?