Why am I being redirected to 127.0.0.1?

Enabling security features in the All-In-One Security (AIOS) plugin is essential for safeguarding your WordPress site, but misconfiguration can accidentally lock you out. This guide outlines proactive steps to avoid being redirected to 127.0.0.1 or blocked from your site when activating key security tools.

What it does: Blocks bots by requiring a secret URL to set a login cookie.

Why lockouts happen: Accessing the login page without visiting the secret URL first.

Prevention tips:

• Save the secret URL: After enabling the feature (WP Security → Brute Force), note the secret URL (e.g., your-site.com/?your-secret-word).
• Bookmark the URL: Save it in your browser or share it with your team.
• Test immediately: After activation, use the secret URL to ensure it redirects to the login page.

What it does: Blocks traffic from specific countries.

Why lockouts happen: Accidentally blocking your own country.

Prevention tips:

• Double-check blocked regions: Before enabling (WP Security → Country Blocking), verify your country is not selected.
• Allowlist your IP: Go to WP Security → Firewall → Block and Allow Lists → Allow List. This ensures your IP bypasses all firewall rules.
• Test with a VPN: Temporarily use a VPN to mimic a foreign IP while configuring the feature.

What it does: Blocks IPs after repeated requests to non-existent pages.

Why lockouts happen: Legitimate users triggering too many 404 errors.

Prevention tips:

• Adjust thresholds: Increase the “404 Detection Threshold” (e.g., from 10 to 20) under WP Security → Firewall → 404 Detection.
• Fix broken links: Regularly audit your site for 404 errors and fix outdated URLs.
• Allowlist your IP: Go to WP Security → Firewall → Block and Allow Lists → Allow List.

What it does: Temporarily blocks IPs after failed login attempts.

Why lockouts happen: Typos or forgotten passwords triggering the lockout.

Prevention tips:

• Increase retry limits: Go to WP Security → Brute Force → Login Attempts and raise the “Max Login Attempts.”
• Extend lockout time: Set a shorter “Login Retry Time Period” (e.g., 10 minutes).
• Use strong credentials: Enable two-factor authentication and use a password manager.

• Test features one at a time: This helps isolate which setting causes an issue.
• Use a staging site: Configure and test security changes before applying them live.
• Backup settings: Store secret URLs and config notes in a secure location.
• Whitelist key IPs: Add your own and team members’ IPs to prevent accidental lockouts.

For advanced users, here’s how to disable features temporarily:

1. wp-config.php: Add the following line before /* That’s all, stop editing! */:

   define('AIOS_DISABLE_COOKIE_BRUTE_FORCE_PREVENTION', true);

2. settings.php (older versions): Edit wp-content/uploads/aios/firewall-rules/settings.php and set:

   aios_enable_brute_force_attack_prevention:""

By configuring these features carefully and following the steps above, you can secure your WordPress site without risking access loss. Always test settings, document changes, and keep recovery options ready. For more help, visit the AIOS support forum or contact premium support.