How to Fix IP Blocking Issue by Jetpack Plugin?

Jetpack is the popular plugin comes with bundled features consists of more than 35 modules or functions. Though this helps to achieve multiple tasks with single plugin it is not a good idea to get specialized tasks like security with generic plugin. Protect is one of the module of the bundled Jetpack plugin helps to stop brute force attack from malicious IP addresses. But this feature may block out your own IP or the CDN IP and make it difficult to log back to your WordPress dashboard. In this article we will discuss various options to fix IP blocking issue by Jetpack plugin.

How Will You Know IP Blocked by Jetpack?

It will be really difficult to find whether Jetpack blocks any IPs during login / logout unless you find it yourself or someone reports to you. Jetpack basically protects the WordPress login page “yoursite.com/wp-login/” from brute force attacks and blocks the suspected IPs. You will see the message like below when the IP is blocked by Jetpack:

The IP address shown in the above screenshot belongs to CloudFlare CDN.

The funny fact is that the login from own IP works fine and Jetpack does not allow logging out from dashboard since the site is connected through the IP address of CloudFlare CDN at that point of time.

How to Access Back the Dashboard?

When the IP is blocked, whether it is your own or the CDN IP, the only way to log back to the dashboard is through FTP. Launch your FTP client like FileZilla and navigate to “/wp-content/plugins/” folder. Change the name of the Jetpack folder to something like “Jetpack_old”.

This will deactivate the plugin and allows you to login to the WordPress dashboard from your IP address.

How to Fix the IP Blocking Problem with Jetpack?

There are multiple ways to fix the issue based on the usage and other plugins installed on your site.

1. Multiple Security Plugins

There are dedicated security plugins available to protect your WordPress site. Especially when you have another security plugin installed on your site doing the same brute force attack prevention then it is recommended to deactivate Jetpack Protect module.

2. Whitelist IP Address from Dashboard

If you have only Jetpack plugin for stopping brute force attack then configure the Protect module to whitelist IP addresses. This can be done from the menu “Jetpack > Settings > Protect > Configure”. Jetpack will allow the whitelisted IPs without checking so they will not get blocked.

IP whitelisting will work if you are a single owner of your site and there is no user registration enabled on your site. When you have user registration enabled, it is not possible to whitelist all users logging into your site. Also Jetpack will block your customers who try to login using default WordPress login URL. Customers if get blocked will never going to order thus causing the revenue loss for you. It is also not possible for you to get all customers IPs and add them in the whitelist.

Note: Plugins like WooCommerce use different login URL for customer login / registration. Hence Jetpack or any other brute force attack prevention plugins will not stop them from logging into your site. But when logging out, Woocommerce uses default WordPress URL “yoursite.com/wp-login.php…./” thus Jetpack will throw security error and not allowing to log out.

3. Whitelist IP Address with wp-config.php File

The alternate way to whitelist an IP address with Jetpack is to add the following line under “wp-config.php” file. Learn more on how to edit wp-config.php file.

define('JETPACK_IP_ADDRESS_OK', 'IP Address');

Again this can be done to gain access to your dashboard and can’t be used as a permanent fix to avoid blocking your users and customers.

Conclusion

Security of your WordPress is important, but it comes after the accessibility of the dashboard through login URL. We highly recommend using a dedicated security plugins like WordFence, All in One WP Security and Firewall to protect your WordPress login page instead of using Jetpack Protect. Also ensure you have activated the brute force attack prevention with one plugin and not on multiple instances causing conflicts. When you have user registration and online store then test the login / logout after activating the security features to ensure your site is accessible.