BugWP logo BugWP
Back to Community
Home / Community / PluginAll-in-one security (aios) – security and firewall

Troubleshooting 127.0.0.1 Redirects and Login Lockout Issues in AIOS

23 threads Sep 16, 2025 PluginAll-in-one security (aios) – security and firewall

Content

Experiencing random redirects to 127.0.0.1 or unexpected login lockouts on your WordPress site with the All-In-One Security (AIOS) plugin? You're not alone. This is a common support issue that often stems from a few specific configuration or environmental factors. This guide will help you understand why it happens and walk you through the most effective solutions.

Why Am I Being Redirected to 127.0.0.1?

The All-In-One Security (AIOS) plugin uses redirects to 127.0.0.1 (your local computer) as a method to block malicious traffic. This typically happens for two main reasons:

  1. Your IP Address is on the Permanent Block List: The plugin may have incorrectly identified and blocked your IP address.
  2. IP Address Detection is Misconfigured: If the plugin cannot correctly detect a visitor's real IP address, it may block a shared server IP, affecting all visitors on that server.

How to Troubleshoot and Fix the Issue

1. Check the Permanent Block List

The first step is to verify if your IP address has been mistakenly added to the block list.

  • Go to WP Security > Dashboard > Permanent Block List.
  • Look for your public IP address (you can find it by visiting whatismyipaddress.com).
  • If you find it listed, remove it from the blocklist.

2. Verify IP Detection Settings

Incorrect IP detection is a leading cause of widespread, random lockouts. You must ensure the plugin is detecting visitor IPs correctly.

  • Navigate to WP Security > Settings > Advanced Settings.
  • Look for the IP Address Detection Settings section.
  • Test the different detection methods. The selected method should return your correct public IP address, matching the one shown on whatismyipaddress.com.
  • Save the settings once the correct method is found.

3. Clear Cached Pages (If Using Caching)

As indicated in the support threads, if a malicious actor triggers a lockout and that response is cached by your site or server, all visitors could be served the redirect to 127.0.0.1 until the cache expires.

  • Clear all cache from your caching plugin (e.g., W3 Total Cache, WP Rocket).
  • Clear any server-level cache (e.g., Varnish, NGINX) if applicable. You may need to contact your hosting provider for this.
  • Consider configuring your caching system to not cache responses for the login or admin pages.

4. Regain Access If You Are Locked Out

If you cannot access your WordPress admin to make these changes, you can temporarily disable the login lockout feature via the database.

  • Access your site's database via phpMyAdmin (often provided by your host).
  • Find the wp_options table (the prefix may be different).
  • Locate and delete the record with the option_name aio_wp_security_configs. Warning: This will reset all AIOS settings to default, so use this only as a last resort to regain access.

Conclusion

Random 127.0.0.1 redirects and lockouts are almost always a configuration issue, not a permanent bug. By methodically checking your blocklist, correcting your IP detection settings, and managing your site's cache, you can resolve this frustrating behavior and maintain strong security on your WordPress site.

Related Support Threads Support