For a time on December 30th, 2013, my hosting provider 1and1.com was redirecting all WordPress logins to 18.104.22.168 whenever one hit wp-login.php effectively blocking all attempts to login — and logout for that matter – from any WordPress installation on their servers.
Their response was less than desired; they stated that this issue was effecting only .5% of their customers. Even if that were to be true, which I would find doubtful given the widespread use of WordPress, and it seems to discount the severity of the issue for WordPress user, a program that they say they support completely.
While trying to determine the root cause, I tested and found a temporary workaround. Downloading a copy of the wp-login.php page, I renamed it and all references within it to
wp-login.php and moved this file to the same location as the original. My temporary login was something like designmissionhack.php — and it worked. This tells me that 1and1 had some mod_rewrite at the Apache conf level that was doing the redirect to the localhost IP, overriding the domain name path. I reported my workaround on a WordPress.org message board and waited for 1and1 to fix the issue before removing my temporary work around. It helped me get access to my client’s websites for critical updates and gave me a bit more peace of mind as it confirmed for me the cause was not in my htaccess or other account settings, but at the server level and beyond my control.
If you have encountered a similar problem, I’m hoping this post will be a guide to a temporary work around, too.