Modern versions of WordPress should prevent you activating a plugin that is going to completely break your site, but there may still be other situations that cause a problem.
For example, if you enable 2FA in Wordfence and then lose your phone, you will find yourself unable to login when Wordfence requests your six digit code.
In such circumstances where a plugin is blocking you from being able to login, it is possible to disable a plugin. Exactly how you do this will vary depending on your web hosting, so I will explain the general approach.
Most web hosts include a file manager in your site’s control panel. This allows you to access all the files that help your site to run.
If there’s no file manager, you will need to use an FTP client. You can download Filezilla for free from https://filezilla-project.org/download.php?type=client.
Using the file manager or FTP client, from the root directory of your site, open the wp-content directory and then the plugins directory.
You now just need to rename the directory that contains the plugin you want to disable. In Filezilla, you can right-click the plugin and click Rename in the context menu that opens. If you’re using a file manager, how you rename a plugin will vary. I add .deactivated to the end of the directory name.
If that plugin was causing the problem, you should now be able to access your site again.
In the event that you need to disable all the plugins on your site, you can rename the plugins directory itself. Any name will disable all the plugins, but plugins.deactivated makes sense as it’s quite descriptive.