My web host, 1and1, are currently redirecting all wordpress login attempts to 127.0.0.1 by sending a 302 redirect to all requests to wp-login.php – I can only post this via my iPhone… It seems wordpress for many of us using 1and1 is therefore currently uneditable. The blog itself is up, mind you.
[ later ]
The issue now seems to be resolved, thankfully.
One of the comments to this post suggests editing wp-admin.php, which sounded ideal, but my install doesn’t have such a file. It’s possible yours does, maybe if it’s not been updated for a while, and that this workaround could work. I say this because I suspect this is going to happen again in the future.
Why? Well, from a bit of googling around, it looks like there’s a chance that 1and1 (and other hosting companies) are using this tactic to reduce load on their systems when they are under a DDoS attack, potentially a specific DDoS attack which is targetting WordPress installations. Unfortunately, there was no such attack on my site, but that doesn’t mean that other sites hosted by 1and1 were also unaffected, and there’s little chance of getting much info out of them about it. Personally, I doubt it’s a DDoS attack intended to bring down the hosting company – I’d have thought it’s more likely to be a script kiddie attempting to brute force their way in to as many blogs as they can. But either way, an attack of some kind appears likely.
All in all, though, I’m not going to suggest that 1and1 are terrible and start investigating other suppliers; I’ll be honest, these guys are pretty damn stable, and their actions yesterday only prevented me from adding posts via my browser, while the blog itself was up the entire time. And it’s working fine today. If this starts to happen regularly, then yeah, I’ll start to get annoyed, but as things stand right now, it’s no biggie.