So I was troubleshooting the configuration on my server and removed all non-essential code. This meant that the proxy was not forwarding the IP address of visitors to the backend.
Imagine my surprise to try to login to post to the blog when I found access to admin blocked with “your ip 127.0.0.1 has been flagged for security reasons find out more“. It had popped up in the login popup wordpress shows when your login has expired and clicking “find out more” does nothing beyond showing a rotating gif indicating loading.
Luckily, I was logged into another blog on the same server which had Jetpack installed as well. Clicking another link on it gave me the same warning on the page instead of a popup and i was able to follow through to the Jetpack site for the explanation.
Apparently to fix this, you have to add
to wp-config.php in the root of your wordpress blog. In my case, this was LOCALHOST!
Here’s my irritation with Jetpack.
- I have access to the server. What if any other user on the blog had tried to make a post?
- I don’t recall activating security. I have another plugin I use for security. I was not even aware that Jetpack offers security. How appropriate is it to activate something that can block access for potential users onto someone’s blog without consent?
- What sort of non-consensual inflicted code blocks access to localhost? Surely the forward facing IP and localhost at least ought to be whitelisted by default? Not according to Jetpack, it seems.
This is yet another straw piled onto my back about the ever bloating Jetpack plugin. One of these days, I’m going to take some time to configure alternatives and ditch them.