Jetpack WordPress plugin recently added a new feature call Protect. This is a security module which protects your blog from brute force attack. Unlike other WordPress brute force protection plugin, this plugin works differently.
It monitors the I.P., which tried to log in to various WordPress blog and ban it to protect the blog. Which I believe is a better way than locking out someone who tried failed login into your WordPress blog.
This all sounds convenient, but today I faced something unexpected. I own about 10+ WordPress blog, and while I was trying to login to my WordPress blog, I couldn’t log in. I got a message saying:
Your IP (27.124.7.21) has been flagged for potential security violations. Find out more…
I was in shock mode since I didn’t try logging into any other WordPress blog, and neither of my logins was a failed login. Indeed it was due to the new Protect module by Jetpack, but I was out of my WordPress blog and was unable to log in.
I checked the official doc to find out for how long I will not be able to log in, and here is the solution:
“The length of time is based on factors and is not a set amount of time.”
So, technically I was unsure if I could log in in few minutes or I’m locked out for a few days. If you are in a similar situation like me, here is the solution to Jetpack protect module issue.
How to login to WordPress After Jetpack locked you out:
The easy & simplest way is to whitelist your I.P. If you have access to your blog at this moment; you can go to Jetpack > Settings > Protect > Configure & whitelist your I.P.
And if you are unlucky like me who are locked out and cannot whitelist your I.P. You need to edit your WP_config file or go to WordPress.com & whitelist your I.P. For WordPress.com method, refer to the official
Login to your FTP via FileZilla or your cPanel FTP manager, and open your wp_config file, which is in the root of your WordPress installation. Add these lines:
define(‘JETPACK_IP_ADDRESS_OK’, ‘X.X.X.X’);
Replace x.x.x.x with your own I.P.
You can check your I.P by going to site WhatismyIP
Use VPN
Another simple trick is to use a VPN. This will change your I.P and you should be able to log in without any hassle. However, you should try logging in using incognito mode or either open a different browser.
Another trick:
If you are already logged into your blog on a different tab, and you are getting the error when you opened a new tab.
Simply go to http://www.domain.com/wp-admin/edit.php (replace domain.com with the actual domain), and you might be lucky enough to see your dashboard directly.
Since your cookie is already stored, you should be able to get inside your dashboard. If not, follow the above two methods.
I believe this is one issue which many users will face, as this was a false alarm. If you faced this issue, let me know how you resolved it.
walif says
Thanx buddy.My ip is blocked by jetpack.Now i find the right solution and it works successful.
Lisa says
Thank you so much! I just got this notice a few minutes ago. I tried adding the code to my wp_config file but my blog went dead. Went back and added these symbols: /** . My blog came back and I was able to log in and whitelist my IP address.
Thanks for the help!
Hi Lisa! I was wondering where you pasted those lines? I tried it and my website went dead as well. Tried adding /** like you suggested but I was still blocked from my website. I’m not sure if it is because I pasted it on the wrong line. Please help a sister out. 🙁
robert says
The ftp method worked for me perfectly, but i made a slight changes which was from
define(‘JETPACK_IP_ADDRESS_OK’, ‘X.X.X.X’); to
define(‘JETPACK_IP_ADDRESS_OK’, ‘X.X.X.X’);
Just make sure u re not using the inverted comma but a single quote sign.
Greg says
My question is, what about regular blog users? Will they run into this also? I mean, I don’t even know why I got locked out. So will a regular user get locked out with no explanation? Does it have to do with opening a new tab?
Thanks for this valuable information that I didn’t know I needed until now.
Thanks for this. Not sure where in the wp_config file I should add this though. Can you please let me know? And the same with the /** in Lisa’s comment?
robert says
At the top, that is where you should paste it
Deli says
Thanks a lot! I got the notice several times already and I just waited it out but with the help of your article, I was able to whitelist my ip 🙂 Thanks!
I am not sure this is the solution as the IP that is listed in the error message is NOT my IP.
This is what I got – Your IP (110.85.105.189) has been flagged for potential security violations. Find out more…
I searched and this IP is from China and if I whitelist this IP THEN Whoever owns can hack my site. When I check what is my IP. I get a different IP that is already white listed.
I am worried that if I whitelist the IP in the error message then the message may go away but I actually white listed a hacker IP and invited them to my site. Pls help.
Glenn says
This was a show stopper for me. This is a case of security gone wrong!! I went in the ssh and deleted the jetpack plugin from my wp_contents/plugins folder. I’ve decided to do without it rather than wonder if one day I will not be able to login to my site again. If I need IP security on my site I would do it using my web server configs.
Thank you so much 🙂 this is very helpful article for me, I able to whitelist my IP Thanks
Gulshan Kumar says
This is called perfect solution.
Kindly note: There is a little error. The curly comma do not work. Consider changing it to normal.
For example,
define('JETPACK_IP_ADDRESS_OK', '128.185.25.223');
Gulshan Kumar says
Wow, this really solved my problem. Thanks a lot.
Kindly note: There is a little error. The curly inverted comma is not allowed to use. Please consider changing it to normal.
For example,
define(‘JETPACK_IP_ADDRESS_OK’, ‘128.185.25.223’);
kashif says
this trick not success for my problem stay on this Your IP (xxx.xxx.xxx.xxx) has been flagged for potential security violations. condition please send me another solution
Soumik Sadman Anwar says
Thanks a lot Mr. Agrawal. It worked. 🙂
Lazy says
Thanks mate it worked 🙂 your article saved my day..
Lokesh Tanwar says
I am facing this problem right now and I dont know how to edit wp_config files
Can u tell me some another way.
Not able to whitelist my IP
and IP shown in error is also not mine
You’re awesome, it worked! Tnx!