Jetpack WordPress plugin recently added a new feature call Protect. This is a security module which protect your blog from brute force attack. Unlike other WordPress brute force protection plugin, this plugin works differently. It monitors the I.P., which tried to login to various WordPress blog and ban it to protect the blog. Which I believe is a better way than locking out someone who tried failed login into your WordPress blog.
This all sounds convenient, but today I faced something unexpected. I own about 10+ WordPress blog, and while I was trying to login to my WordPress blog, I couldn’t login. I got a message saying:
Your IP (18.104.22.168) has been flagged for potential security violations. Find out more…
I was in shock mode since I didn’t try logging into any other WordPress blog, and neither of my login was a failed login. Indeed it was due to new Protect module by Jetpack, but I was out of my WordPress blog and was unable to login.
I checked official doc to find out for how long I will not be able to login, and here is the answer:
“The length of time is based on a number of factors and is not a set amount of time.”
So, technically I was unsure if I could login in few minutes or I’m locked out for few days. If you are in the similar situation like me, here is the solution to Jetpack protect module issue.
How to login to WordPress After Jetpack locked you out:
The easy & simplest way is to whitelist your I.P. If you have access to your blog at this moment; you can go to Jetpack > Settings > Protect > Configure & whitelist your I.P.
And if you are unlucky like me who is locked out and cannot whitelist your I.P. You need to edit your WP_config file or go to WordPress.com & whitelist your I.P. For WordPress.com method, refer to the official
Login to your FTP via FileZilla or your cPanel FTP manager, and open your wp_config file, which is in the root of your WordPress installation. Add these lines:
Replace x.x.x.x with your own I.P.
You can check your I.P by going to site WhatismyIP
If you are already logged into your blog on a different tab, and you getting the error when you opened a new tab. Simply go to http://www.domain.com/wp-admin/edit.php (replace domain.com with the actual domain), and you might be lucky enough to see your dashboard directly. Since your cookie is already stored, you should be able to get inside your dashboard. If not, follow the above two methods.
I believe this is one issue which many users will face, as this was a false alarm. If you faced this issue, let me know how you resolved it.