Maybe your case was different from mine, but I want to share with you how I fixed this issue, hoping will be useful for other people.
In my case the issue was caused by All In One WordPress Security Plugin (AIOWS), due to “IP RETRIEVAL SETTINGS” configuration.
My site is hosted on AWS, via Elastic Beanstalk environment and I have different instances under a load balancer.
In this case seems the last version of this plugin is no more able to correctly detect the IP of the clients and so start blocking them by redirecting to 127.0.0.1
I fixed this issue by simply changing that configuration from “REMOTE_ADDR (Default)” to “HTTP_X_FORWARDED_FOR”.
You can change this from: “WP Security” => “Settings” => “Advanced Settings”:
