Jetpack has locked your site’s login page

  • Resolved Hal

    (@halburgissnet)


    2 years ago

    Getting this error message “Jetpack has locked your site’s login page” from occasional random users on our website. It seems this error message is from a Jetpack feature called “Protect”. It is blocked the owner of the website among others. This site is on Cloudflare, so any ip address is a cloudflare ip address. Does the Protect feature work with Cloudflare? Should I disable it? (I find plenty of others with same issue but no answers).

    The page I need help with: [log in to see the link]

Viewing 13 replies - 1 through 13 (of 13 total)
  • Plugin Contributor Jen H. (a11n)

    (@jenhooks)

    Hi @halburgissnet,

    Looks like Jetpack isn’t connected at all on your site right now. We’re seeing a 403 error when we try to connect, which indicates a security block. It looks like Cloudflare, specifically. Have you checked out our documentation on how to get Jetpack working with Cloudflare?

    https://jetpack.com/support/getting-started-with-jetpack/configure-jetpack-cloudflare/

    We’ll need you to get connected properly to Jetpack before we can troubleshoot further.

    In the meantime, we do have some DIY troubleshooting guidance on our support documentation here (check out the bottom, under “Jetpack locked me out”):

    https://jetpack.com/support/protect/

    There are also some cases where Cloudflare IP addresses are forwarded along with user IP addresses, which can cause problems. If we get to that point in troubleshooting, we’ll send you a link here where you can contact us via email.

    Cheers!

    Thread Starter Hal

    (@halburgissnet)

    Thanks! I whitelisted jetpack’s ips. xmlrpc should work now. I did read all the documentation. This a pretty active site, and I only know of 2 instances of this happening. That makes it pretty hard to know of a “fix”. One of those was the site owner too. Both said they never got the email.

    I guess my real question is since the site/jetpack sees cloudflare ip addresses, and not the user’s real ip, does that cause any problem since those can be re-used by more than one person? example: somebody does something suspicious and leaves the site. Then that ip is assigned to someone else at some point. Could that “someone else” be blacklisted?

    Plugin Support Bruce (a11n)

    (@bruceallen)

    Happiness Engineer

    Hi @halburgissnet

    As some background, the Protect feature can be configured to look at a different header to determine what IP address should be looked at to determine whether the login should be allowed/blocked. For instance, it can be told to look at the remote address of the user trying to log in, rather than at the CloudFlare address.

    Right now, Jetpack isn’t active on your site, so we can’t determine which header that the feature is looking at on your site. Once it is active and the Protect feature turned on, we can check that for you.

    Thread Starter Hal

    (@halburgissnet)

    How do you determine active? It is clearly activated in the CMS and I got this image from the owner of the site: https://www.dbswebsite.com/wp-content/uploads/jetpack.jpg

    Plugin Contributor Jen H. (a11n)

    (@jenhooks)

    Hi @halburgissnet,

    We have a debugging tool that determines if your site is fully and properly connected to Jetpack via WordPress.com. You can view this here:

    https://jptools.wordpress.com/debug/?url=https://www.moderndailyknitting.com/

    Currently, we’re seeing XML-RPC is not responding correctly ( 403 ), which indicates a security block. You can also see the problem in action here:

    https://www.moderndailyknitting.com/xmlrpc.php

    Can you take another look at your Cloudflare settings?

    Thread Starter Hal

    (@halburgissnet)

    The test tool looks good now. Yes there was a cloudflare setting. It took a minute or so to find it. Thanks!

    Thread Starter Hal

    (@halburgissnet)

    I cannot find the Protect feature configuration. Can someone provide a direct link? When I login to cloud.jetpack.com I get a blank page after the login. Thx.

    Plugin Support lastsplash (a11n)

    (@lastsplash)

    Hi @halburgissnet

    The Jetpack Brute Force Protection module is configurable in your dashboard at:

    https://www.moderndailyknitting.com/wp-admin/admin.php?page=jetpack#/settings

    Thread Starter Hal

    (@halburgissnet)

    @lastsplash I see where to whitelist ip addresses there. But I thought there was a setting somewhere to tell jetpack to use the x_forwarded_for header instead that actual ip which be cloudflare’s ip address for the Protect feature, ie for the “Jetpack has locked your site’s login page”.

    Plugin Contributor Dan (a11n)

    (@drawmyface)

    Hi Hal

    There aren’t any public settings for that, but we can configure it for you.

    Jetpack was looking at the HTTP_CF_CONNECTING_IP header, so I’ve updated that to look at the remote user’s address instead. Hope that helps! Let us know if you need anything else.

    Thread Starter Hal

    (@halburgissnet)

    Thats so great! Thank you! We can close this then. Thanks again.

    Hi there!

    I was facing the same problem but after the last update everything went back to normal!

    Please disregard this message.

    Many thanks!

    • This reply was modified 1 year, 8 months ago by yanniskag. Reason: problem resolved
    Plugin Support Ajay Kumar Jain

    (@akumarjain)

    Hi @yanniskag! Glad that your issue is solved. If you need any support in the future, could you please start your own thread, as per the Forum Welcome guidelines

    https://www.ads-software.com/support/plugin/jetpack#new-post

    Thank you!

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘Jetpack has locked your site’s login page’ is closed to new replies.