I believe this might be related to CloudFlare APO on our WordPress site, although it’s been enabled on our site for about a month and we haven’t had problems until now.
We just started seeing this error when trying to log in:
Jetpack has locked your site’s login page.
Your IP address 18.104.22.168 has been flagged for potential security violations. You can unlock your login by sending yourself a special link via email.
That IP address is CloudFlare’s, not mine. Also, sending that special link to myself and trying to log in again gives the message “An error was encountered when trying to authenticate. Please try again.” on the WordPress login page.
I also tried whitelisting my IP address in wp-config.php, but it doesn’t work either - I guess because Jetpack doesn’t even see my IP, it sees CloudFlare’s?
In WordPress, when looking under Jetpack->Settings->Security->Brute force attack protection, it also shows my IP address as 22.214.171.124, which is another CloudFlare IP, not mine.
So I’m not sure if this an issue with CloudFlare or Jetpack, and how would we go about solving it. We’d rather not disable CloudFlare APO or Jetpack Brute force protection.