Skip to main content

Why Am I Being Redirected to 127.0.0.1?

This article explains how popular security plugins can use a redirect to 127.0.0.1 as a defence mechanism.

Nick avatar
Written by Nick
Updated yesterday

Overview

If you're being redirected to 127.0.0.1 (localhost) when trying to access your WordPress site hosted on Wordify, this is typically caused by a WordPress security plugin's blocking mechanism. This redirect is a protective measure that security plugins use to block what they perceive as suspicious traffic.

What is 127.0.0.1? The IP address 127.0.0.1 is known as "localhost" - it always refers to your local computer. When security plugins redirect you here, they're essentially blocking your access by sending you to a non-functional address.


Security Plugins That Cause 127.0.0.1 Redirects

All-in-One WP Security (AIOS)

The most common cause of 127.0.0.1 redirects. This popular security plugin has several features that can trigger these redirects:

Cookie-Based Brute Force Prevention

When this feature is enabled, you must visit a secret URL before accessing your site. If you are trying to access the site without first visiting the secret URL, then you will be redirected to 127.0.0.1.

How to fix:

  • Visit your secret URL first (format: yoursite.com/?secretword=1)

  • Or add this to your wp-config.php file: define('AIOS_DISABLE_COOKIE_BRUTE_FORCE_PREVENTION', true);

Login Lockouts

If you're redirected to 127.0.01 it could also be because of a login lockout. The 'Login Lockout' feature is a security measure that can help prevent brute-force attacks on your website's login page.

Smart 404 Blocking

You may be redirected to 127.0.0.1 because of a 404 lockout. A 404 lockout could occur due to a security feature called "Smart 404 Blocking." This feature is designed to detect and block repeated requests for non-existent pages on your website.

Comment Spam Protection

The plugin may redirect comment submissions to 127.0.0.1 when "Block SpamBot Comments" is enabled but misconfigured.

AIOS Plugin Reference: Why am I being redirected to 127.0.0.1?

Wordfence Security

Wordfence can cause 127.0.0.1 redirects when its IP detection is misconfigured.

IP Detection Issues

It appears that seeing 127.0.0.1 entries could be down to IP detection being incorrect for visitors to your site in the Wordfence settings. When IP detection is wrong, a legitimately triggered block for somebody else may affect all visitors including yourself.

How to fix:

  • Go to Wordfence → All Options → General Wordfence Options

  • Check "How does Wordfence get IPs" setting

  • Try "Use the X-Forwarded-For HTTP header" option

  • Test until your real IP is detected correctly

Wordfence Reference: Blocking Troubleshooting

Limit Login Attempts Reloaded

This plugin can cause 127.0.0.1 issues when server configurations aren't properly detected.

Other Security Plugins

Many other WordPress security plugins use similar blocking mechanisms:

  • iThemes Security - Can redirect malicious traffic to localhost

  • Sucuri Security - May block and redirect suspicious requests

  • WPS Hide Login - Can cause redirects when URL protection is active

  • Login Lockdown - May redirect after failed login attempts

How to Resolve 127.0.0.1 Redirects

Step 1: Identify the Security Plugin

Check your active plugins for any security-related plugins, particularly:

  • All-in-One WP Security

  • Wordfence

  • Limit Login Attempts Reloaded

  • iThemes Security

  • Sucuri Security

Step 2: Temporary Access Recovery

If completely locked out, you can disable the problematic plugin through your Wordify dashboard:

  1. Log into your Wordify dashboard at my.wordify.com

  2. Navigate to Configure Site → WordPress → Plugins

  3. Find the security plugin causing the issue

  4. Click to disable the plugin

  5. Try accessing your site again

Alternative method (if dashboard access isn't working):

  1. Access your site via Wordify's FTP service

  2. Navigate to /wp-content/plugins/

  3. Rename the security plugin folder (add -disabled to the name)

  4. Try accessing your site again

Step 3: Plugin-Specific Solutions

For AIOS:

  • Add to wp-config.php: define('AIOS_DISABLE_COOKIE_BRUTE_FORCE_PREVENTION', true);

  • Check WP Security → Brute Force → Cookie Based Brute Force Protection

  • Disable "Block SpamBot Comments" if comment issues persist

For Wordfence:

  • Test different IP detection methods in Wordfence settings

  • Whitelist your IP address in the firewall

  • Check if country blocking is affecting your location

For Limit Login Attempts:

  • Enable "under reverse proxy" setting

  • Verify trusted IP origins configuration

Step 4: Re-enable and Configure

  1. Return to Configure Site → WordPress → Plugins in your Wordify dashboard

  2. Re-enable the security plugin

  3. Access your WordPress admin

  4. Adjust the security plugin settings based on the solutions above

  5. Test access from different devices/networks

Prevention Tips

  1. Test Security Settings: Always test new security configurations on a staging site first

  2. Whitelist Your IP: Add your IP address to security plugin whitelists

  3. Document Changes: Keep track of security settings you enable

  4. Regular Monitoring: Check security plugin logs for false positives

  5. Backup Before Changes: Always backup before enabling aggressive security features

Need Help?

If you're still experiencing 127.0.0.1 redirects after trying these solutions:

  1. Contact Wordify Support: Our team can help identify server-side issues and assist with plugin configuration

  2. Check Plugin Documentation: Refer to the specific security plugin's documentation for advanced troubleshooting

  3. Disable and Test: Temporarily disable all security plugins to confirm they're the cause

Remember: These redirects are security features working as intended, but they sometimes affect legitimate users due to overly aggressive settings or configuration issues. The key is finding the right balance between security and accessibility.

Did this answer your question?