Jetpack WordPress plugin recently added a new feature call Protect. This is a security module which protects your blog from brute force attack. Unlike other WordPress brute force protection plugin, this plugin works differently.
It monitors the I.P., which tried to log in to various WordPress blog and ban it to protect the blog. Which I believe is a better way than locking out someone who tried failed login into your WordPress blog.
This all sounds convenient, but today I faced something unexpected. I own about 10+ WordPress blog, and while I was trying to login to my WordPress blog, I couldn’t log in. I got a message saying:
Your IP (18.104.22.168) has been flagged for potential security violations. Find out more…
I was in shock mode since I didn’t try logging into any other WordPress blog, and neither of my logins was a failed login. Indeed it was due to the new Protect module by Jetpack, but I was out of my WordPress blog and was unable to log in.
I checked the official doc to find out for how long I will not be able to log in, and here is the solution:
“The length of time is based on factors and is not a set amount of time.”
So, technically I was unsure if I could log in in few minutes or I’m locked out for a few days. If you are in a similar situation like me, here is the solution to Jetpack protect module issue.
How to login to WordPress After Jetpack locked you out:
The easy & simplest way is to whitelist your I.P. If you have access to your blog at this moment; you can go to Jetpack > Settings > Protect > Configure & whitelist your I.P.
And if you are unlucky like me who are locked out and cannot whitelist your I.P. You need to edit your WP_config file or go to WordPress.com & whitelist your I.P. For WordPress.com method, refer to the official
Login to your FTP via FileZilla or your cPanel FTP manager, and open your wp_config file, which is in the root of your WordPress installation. Add these lines:
Replace x.x.x.x with your own I.P.
You can check your I.P by going to site WhatismyIP
Another simple trick is to use a VPN. This will change your I.P and you should be able to log in without any hassle. However, you should try logging in using incognito mode or either open a different browser.
If you are already logged into your blog on a different tab, and you are getting the error when you opened a new tab.
Simply go to http://www.domain.com/wp-admin/edit.php (replace domain.com with the actual domain), and you might be lucky enough to see your dashboard directly.
Since your cookie is already stored, you should be able to get inside your dashboard. If not, follow the above two methods.
I believe this is one issue which many users will face, as this was a false alarm. If you faced this issue, let me know how you resolved it.