Locked out of WordPress by Jetpack, a quick thing I learned today
As I was coming to post fascinating new content this morning I received a notice that my IP had been blocked by Jetpack security and to send myself an unlock email.
I didn’t think I was going to end up writing about this so screenshots are non-existent.
The IP address that was showing was not mine, so thinking this might be a hack I cut and pasted the IP address shown into the search function over at ARIN.NET and it returned that the address listed was Cloudflare.
Cloudflare’s the free front-end I use to improve performance, ensure full HTTPS, and otherwise somewhat protect my WordPress from brute force attacks.
I decided this wasn’t a hack, and sent myself a recovery email. On clicking the link I got the following
“{“error”:”Bad Request”,”message”:”Invalid input.”}”
I tried a few more times, same deal. The next part is what I did to get back in, and then the next is the officially listed solution Jetpack got back to me within about 10 minutes. Officially listed seems easier.
Method I used: disable/re-enable cloudflare DNS
Go to your Cloudflare panel, go to DNS, make the little arrow through the cloud go around the cloud, wait 3 minutes and log in. You might find your HTTPS broken or things look weird. Go to Jetpack settings, security, turn off brute force check.
Re-enable cloudflare DNS/HTTP proxy, you’re golden.
This obviously doesn’t work if you don’t have Cloudflare, and you might run into the issue of your browser having the wrong IPs.
The official Jetpack method
If you're currently blocked, you can unblock your IP at https://t.co/TtSh4XCnsB > My Sites > Settings > Security . Let us know if you need more help! https://t.co/LXk1aOKUyZ
— Jetpack (@jetpack) October 8, 2018
Probably much easier, go to wordpress.com, my sites > settings > security
Thus ends reason why Paul didn’t post fascinating weekend story on theITBaby. My guess is that IP, Cloudflare, is being used to brute force attack several wordpress sites and got blacklisted. As it’s what does the HTTPS proxying I got caught up in the admin lockout.
Cloudflare has its own brute force protections, so I’ll probably just stick with those rather than whitelisting it.