This is a classic "security clash"-you have two different plugins both trying to validate the same login attempt. Since the first one succeeds, the second one sees the "Success" token as already used (expired) and fails, locking you out.

Since you are locked out, you need to "break" one of the plugins from the back end to get back in.

1. The Emergency Entry (FTP or File Manager)

You need to temporarily disable one of the Turnstile plugins. The easiest way is via your hosting control panel (cPanel/Plesk) or FTP.

• Login to your Hosting File Manager or use FTP.
• Navigate to: /wp-content/plugins/
• Locate the folder for the "other" Turnstile plugin (the one that isn't AyeCode Connect).
• Rename the folder (e.g., rename simple-cloudflare-turnstile to simple-cloudflare-turnstile-OLD).
• Go back to your login page and refresh. One of the boxes will disappear, allowing the remaining one to validate your login properly.

2. The Database Fix (If you don't have FTP)

If you can access phpMyAdmin through your hosting:

• Find the wp_options table.
• Search for active_plugins.
• You'll see a serialized list of your plugins. This is harder to edit manually, so it is highly recommended to use the FTP method above instead.

Once you are back in:

1. Pick one master: Decide which plugin you want to handle the security. Since you're using GeoDirectory, AyeCode Connect is usually the smarter choice as it covers the directory forms too.
2. Clean up: Rename the folder back to its original name in FTP, then immediately go to your WordPress Plugins dashboard and Deactivate the duplicate plugin.
3. Check settings: In AyeCode Connect, ensure "Login Form" is still checked.

Pro-Tip: If you ever see a "Success" message but get a "Security Verification Failed" error, it's almost always a sign that a second hidden security layer (like a firewall or a second captcha plugin) is double-checking the token.