You should now be able to login again, and this issue shouldn’t repeat itself. Jetpack’s Protect function looks at the incoming IP address when you try to login, and compares it against our network of blocked IPs. This works pretty well, unless Jetpack’s Protect is being told the wrong IP address by your site’s server. In your case, your server was reporting its own IP address to Protect, which is why it was blocked. This meant that every single time someone with a WordPress site on your site’s server entered the wrong password, we thought it was the same person. If your hosting provider has several hundred WordPress sites on the same server/IP, that adds up fast, leading to a ban on the IP.
I’ve made a couple of changes on our side, and Jetpack’s Protect feature will now determine incoming IP addresses a different way. You’re still protected!
– Jeremy Herve (@jeherve) – Plugin author
Whitelisting Your IP Address
Whitelisting may be necessary if you’ve made too many failed log in attempts to your site. There are three methods for whitelisting your IP address:
If you have access to your site and you’ve not been blocked, you can enter your IP or IPv6 address(es) by going to
Jetpack → Settings → Security → Brute force attack protection.
If you are blocked from entering your site, you can enter the IP or IPv6 address(es) via WordPress.com by visiting
My Sites → Settings → Security → Prevent brute force login attacks
You can also whitelist one IP address by setting it as the JETPACK_IP_ADDRESS_OK constant in your
wp-config.php like this:
You can find your IP by visiting any of the following sites: