theITbaby

the IT city, the I.T. Baby

Cloudflare lockout
How-To 

Locked out of WordPress by Jetpack, a quick thing I learned today

Paul King 0 Comments ,

Cloudflare lockout

As I was coming to post fascinating new content this morning I received a notice that my IP had been blocked by Jetpack security and to send myself an unlock email.

I didn’t think I was going to end up writing about this so screenshots are non-existent.

The IP address that was showing was not mine, so thinking this might be a hack I cut and pasted the IP address shown into the search function over at ARIN.NET and it returned that the address listed was Cloudflare.

Cloudflare’s the free front-end I use to improve performance, ensure full HTTPS, and otherwise somewhat protect my WordPress from brute force attacks.

I decided this wasn’t a hack, and sent myself a recovery email. On clicking the link I got the following

“{“error”:”Bad Request”,”message”:”Invalid input.”}”

I tried a few more times, same deal. The next part is what I did to get back in, and then the next is the officially listed solution Jetpack got back to me within about 10 minutes. Officially listed seems easier.

Method I used: disable/re-enable cloudflare DNS

Go to your Cloudflare panel, go to DNS, make the little arrow through the cloud go around the cloud, wait 3 minutes and log in. You might find your HTTPS broken or things look weird. Go to Jetpack settings, security, turn off brute force check.

Re-enable cloudflare DNS/HTTP proxy, you’re golden.

This obviously doesn’t work if you don’t have Cloudflare, and you might run into the issue of your browser having the wrong IPs.

The official Jetpack method

Probably much easier, go to wordpress.com, my sites > settings > security

Thus ends reason why Paul didn’t post fascinating weekend story on theITBaby. My guess is that IP, Cloudflare, is being used to brute force attack several wordpress sites and got blacklisted. As it’s what does the HTTPS proxying I got caught up in the admin lockout.

Cloudflare has its own brute force protections, so I’ll probably just stick with those rather than whitelisting it.

Paul King

Paul King lives in Nashville Tennessee with his wife, two daughters and cats. He writes for Pocketables, theITBaby, and is an IT consultant along with doing tech support for a film production company.