Please keep in mind that Login Failure Deamon (LFD) by ConfigServer Firewall is third-party software that is not provided by cPanel.
While we can help point you in the right direction, for direct support with CSF, you can receive support via the following links:
You may find that a user's directory is being disabled automatically. In this case, the directory is set to 000 permissions with the +i (immutable) attribute.
The LFD log file at /var/log/lfd.log will retain logs with information like this:
Sep 14 12:00:32 hostname lfd: '/home/username/public_html/wp-admin' has been disabled
You can typically check for this with the following command:
grep disabled -i /var/log/lfd.log
If LFD is disabling the data it is recommended to review the lfd.log further with a system administrator to determine why and address the issue.
If you are in need of a system administrator please see the following link:
See how to remove the immutable attribute:
Please keep in mind that if the issue is not resolved, the CSF/LFD software may disable it again.