Support

Check the blocked requests log. What is the reason and target URL there?

Based on the information you have provided the only logical conclusion is that she was not blocked by Admin Tools.

When you use the Unblock IP feature Admin Tools looks for the IP address in the blocked requests log, the automatic IP bans, the automatic IP ban history and the site IP deny list. You said that using this feature came back with a message that the IP address was not found [in any of the only places where a blocked request, temporary blocked IP or permanently blocked IP would be listed].

Furthermore, you said that the problem seems to be that the user is being deactivated but Admin Tools does not allow you to turn on the disable user feature since it correctly detects that it would be impossible to unblock yourself in this case. If this feature was turned on Admin Tools would have logged a blocked request on each login failure (which is why I asked you to look at the log) before blocking the user. In fact, this feature queries the log to see how many times in the past the current IP address has been blocked due to a failed login to determine whether to block a user. So, not seeing anything in the log means your user is not deactivated by Admin Tools.

Admin Tools is NOT the only thing that will deactivate the user. When a user asks for a password reset their account becomes disabled until they finish the password reset.

I suspect that she's asking for a password reset after mistyping her password a few times but the Joomla password reset email ends up in spam. Please ask her if this is the case. It would probably be a better use of your limited available time confirming she's using password management in her browser and syncs it to all her devices than chasing windmills.

The only feature in Admin Tools that can block a user is “Deactivate user after” which requires three things:

1. “Deactivate user after” of course having non-zero values.
2. Joomla's “New User Account Activation” being set to Self or Admin.
3. The “Treat failed logins as a reason for blocking the request” feature in Admin Tools being enabled.

Your site does not meet the second requirement which means this feature is disabled.

Further to that, if the “Treat failed logins as a reason for blocking the request” feature was enabled you'd see Login Failure entries in the Blocked Requests Log for that user. This is what would be used by the settings in the “Deactivate user after” feature to determine if the user needs to be blocked. You have already confirmed this is not the case.

Therefore, Admin Tools is NOT the source of the user deactivation.

The fact that it didn't happen when you disabled Admin Tools is happenstance. It does not prove anything, especially since you tell me that now that Admin Tools is enabled that person can successfully log in. You just proved that regardless of whether Admin Tools is enabled her ability to log into your site isn't affected.

The only core Joomla feature which can automatically disable a user is requesting a password reset. You have confirmed this is not the case.

Therefore we can conclude that this issue is caused by a feature in a 3rd party extension other than Admin Tools OR someone else is requesting the password reset (I don't know if you checked the last password reset request date in their user account). Maybe someone has found out the user's email address and their username and is requesting a password reset just so they can block them?  Maybe Community Builder has a feature to disable users after a number of unsuccessful logins? Maybe you are using another third party security plugin?