category

Password Hell: WordPress Jetpack Protect, LastPass collide

password-hell

So, I tried to log into this blog last night and it said “wrong password.” Hmm. I try two more times and WordPress pops up a message saying it’s blocking my IP because I must be evil, and points me to cryptic instructions explaining how to allow myself back on my blog by whitelisting my IP address. Sigh.

If you are blocked from entering your site, you can enter the IP or IPv6 address(es) via WordPress.com by visiting My Sites → Settings → Security → Whitelist. You can also whitelist one IP address by setting it as the JETPACK_IP_ADDRESS_OK constant in your wp-config.php  define(‘JETPACK_IP_ADDRESS_OK’, ‘X.X.X.X’);

Many earth people would probably look at that and go WTF? However, being as I’ve bashed around WordPress for a while, I knew what to do, which was FTP to the server and add the magic line to wp_config.php.

This stopped WordPress from blocking my IP address. Since I always come prepared, I logged in using another admin account and changed my main account password back to what it was.

Here’s what happened. I use LastPass as my password program. It has a dubious option to auto-change passwords, which I must have accidentally clicked for my main blog account. It changed the password, which is ok, except it didn’t put in a user name. So LastPass then had two entries for my main blog account and both were wrong. Thus I couldn’t log in. And after three wrong attempts, WordPress blocked my IP address.

However, after getting unblocked I could log in using the backup account. Which is why you should always have backup accounts. WordPress has a useful plugin called JetPack that has many great features. JetPack Protect was enabled. It stops brute force attacks and is what locked me out of my own site.  It also keeps asking you to re-login and answer math problems, which is really annoying. So I disabled it.

Now everything is back to normal. Whew.

Comments are closed.

Powered by WordPress. Designed by WooThemes