So you aren’t able to connect to your newly configured WordPress DigitalOcean Droplet (specifically Ubuntu WordPress 4.7 on 16.04) within 5 minutes of turning it on because you accidentally tried to log in to wp-admin with the wrong password too many times?
Well you’re one in a million. Luckily smart people like me, who would never do such a thing, are here to help.
If you see this, you very likely are just as smart as I am.
First, you should disable your firewall with the command
sudo ufw disable, oh wait, that’s what the other people claim fixes this issue, don’t do this 😉 .
What really happened is your IP was flagged, automatically, and dropped into the bad part of your iptables, which is what linux can use to allow and reject specific IP addresses, ranges, and ports. This droplet is pre-configured to ban people who are doing naughty things, you were being naughty by trying a bunch of passwords in wp-admin, so you got the axe!
What you want to do is check your iptables for your own IP address with the following command:
root@nickmanderfieldcom:~# iptables -L -v --line-numbers
This will return quite a bit of information, if you’re lucky, you’ll see your server protecting itself from potential compromises right off the bat (see the 126.96.36.199 down there? that’s a Chinese IP up to no good), and ultimately your own IP next to the words REJECT.
Chain INPUT (policy ACCEPT 433 packets, 34340 bytes) num pkts bytes target prot opt in out source destination 1 92 7818 f2b-wordpress-soft tcp -- any any anywhere anywhere multiport dports http,https 2 37 4298 f2b-wordpress-hard tcp -- any any anywhere anywhere multiport dports http,https 3 600 52985 f2b-sshd tcp -- any any anywhere anywhere multiport dports ssh Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 362 packets, 32213 bytes) num pkts bytes target prot opt in out source destination Chain f2b-sshd (1 references) num pkts bytes target prot opt in out source destination 1 31 2820 REJECT all -- any any 188.8.131.52 anywhere reject-with icmp-port-unreachable 2 569 50165 RETURN all -- any any anywhere anywhere Chain f2b-wordpress-hard (1 references) num pkts bytes target prot opt in out source destination 1 37 4298 RETURN all -- any any anywhere anywhere Chain f2b-wordpress-soft (1 references) num pkts bytes target prot opt in out source destination 1 55 3520 REJECT all -- any any cpe-13-37-01-010.new.res.rr.com anywhere reject-with icmp-port-unreachable 2 37 4298 RETURN all -- any any anywhere anywhere
Once you find your IP address (Line 24), simply take the Chain name (Line 22: f2b-wordpress-soft) and the line number of your IP (Line 24), and use it in this simple command:
iptables -D chainrulename linenumber, so in my case I would enter:
root@nickmanderfieldcom:~# iptables -D f2b-wordpress-soft 1
Run the first command one more time just to make sure you’re off your own list, and voila, back into your own server you can go!