LiveChat
Support
Blog
Affiliates
If Jetpack is blocking your access to your own WordPress site, showing a "blocked by Jetpack" message, or causing 403/503 errors, it's usually because Jetpack's Brute Force Protection feature has flagged your IP. This can also happen when ModSecurity on the server conflicts with Jetpack's security features. Here's how to fix it and prevent it from happening again.
Whitelist Your IP in Jetpack
If you're locked out by Jetpack's Brute Force Protection:
- ✓ Access your site via FTP or cPanel File Manager
- ✓ Rename the Jetpack plugin folder:
wp-content/plugins/jetpacktojetpack_disabled - ✓ Log into WordPress, go to Jetpack > Settings > Security, whitelist your IP
- ✓ Rename the folder back to
jetpack
01. Jetpack Brute Force Protection Block
Jetpack's Brute Force Protection feature tracks failed login attempts across all WordPress sites connected to WordPress.com. If your IP triggers too many failed logins (even on other sites), Jetpack blocks it globally. This means you can get blocked from your own site because of failed logins on a completely unrelated WordPress site.
If You Can Still Access wp-admin
- Go to Jetpack > Settings > Security
- Find "Brute force attack protection"
- Add your IP to the whitelist - enter your IP address (search "what is my IP" in Google)
- Click Save
If You're Completely Locked Out
- Connect via FTP - use FileZilla or cPanel File Manager
- Navigate to
wp-content/plugins/ - Rename
jetpacktojetpack_disabled. This deactivates Jetpack and removes the block - Log into WordPress - you should now have access
- Rename the folder back to
jetpack - In WordPress admin - go to Plugins, reactivate Jetpack, then whitelist your IP in Jetpack > Settings > Security
If your IP changes frequently (dynamic IP from your ISP), consider disabling Jetpack Brute Force Protection entirely and using the server-side firewall (CSF) instead. CSF already provides login failure protection and doesn't have the cross-site blocking issue.
02. ModSecurity Conflicts
Jetpack communicates with WordPress.com servers for features like site stats, downtime monitoring, and security scanning. Some of these requests can trigger ModSecurity rules on the server, causing 403 errors or broken Jetpack features.
Symptoms
- Jetpack dashboard shows "connection error" or "site is not accessible"
- Jetpack features intermittently stop working
- Error log shows ModSecurity blocks related to Jetpack XML-RPC calls
Fix
Check cPanel > Errors for ModSecurity entries mentioning xmlrpc.php or Jetpack user agents. If you find them, open a support ticket with the error log entries. We can whitelist the specific ModSecurity rules for your account without disabling security broadly.
Don't disable ModSecurity entirely just to fix Jetpack. XML-RPC is a frequent attack vector and ModSecurity provides important protection. We can surgically whitelist Jetpack's traffic while keeping protection for everything else.
03. Jetpack Connection Issues
If Jetpack can't connect to WordPress.com ("Your Jetpack has a glitch"), check these:
- XML-RPC enabled - Jetpack requires XML-RPC. Some security plugins disable it. Make sure
xmlrpc.phpis accessible. Test by visitingyourdomain.com/xmlrpc.php- it should show "XML-RPC server accepts POST requests only" - WordPress.com IPs whitelisted - if you have IP restrictions in .htaccess or a security plugin, Jetpack's servers need access. Jetpack uses WordPress.com IP ranges which change frequently; Jetpack's own documentation has the current list
- SSL issues - Jetpack requires a working SSL certificate. If your site has mixed content or an expired certificate, the connection may fail. See our Mixed Content guide
04. Lighter Alternatives to Jetpack
Jetpack is a large plugin that bundles many features, most of which you probably don't use. If you're only using it for one or two features, lighter alternatives reduce resource usage and avoid the connection/blocking issues:
- Site stats - use Google Analytics or the Jetpack Stats standalone plugin (without full Jetpack)
- Brute force protection - already provided by the server firewall (CSF/LFD). Or use Wordfence (free)
- Downtime monitoring - UptimeRobot (free for up to 50 monitors)
- Contact forms - WPForms Lite, Contact Form 7
- Image CDN - Cloudflare (free) or ShortPixel
- Related posts - Yet Another Related Posts Plugin (YARPP)
We've seen sites cut their load time in half just by replacing Jetpack with individual lightweight plugins for the features they actually use. If your site is hitting resource limits, Jetpack is one of the first plugins to evaluate.
Need Help With Jetpack Issues?
If Jetpack is causing persistent problems on your site, open a ticket. We can check the server-side logs and ModSecurity rules to find the specific conflict.
Open a Support TicketQuick Recap: Fix Jetpack Blocks
If you only do 5 things from this guide, do these:
- Locked out? - rename the jetpack plugin folder via FTP to disable it, then log in
- Whitelist your IP - in Jetpack > Settings > Security after regaining access
- Check error logs - cPanel > Errors for ModSecurity blocks on xmlrpc.php
- Consider lighter alternatives - Jetpack is heavy; individual plugins may serve you better
- Don't disable ModSecurity - ask support for a targeted rule exception instead
Last updated March 2026 · Browse all WordPress articles · See also: WordPress Security Guide
