Wordfence and blocking non-routable IPs

  • Resolved digory

    (@digory)


    9 years, 11 months ago

    Hi,

    Noticed this text in the Options page:

    “Wordfence automatically whitelists private networks because these are not routable on the public Internet.”

    I have been using a different WP security plugin and have noticed it blocking non-routable IPs that have sent many bad logins. I believe that this might be hackers using proxy servers to make them appear to come from non-routable IPs.

    This has no effect on the other security plugin because it blocks them just the same, but if I was using Wordfence (been thinking about switching) it would mean the hacker could brute-force all day long, as they would be whitelisted!

    Shouldn’t this whitelist of private networks be a user-configurable option?

    https://wordpress.org/plugins/wordfence/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Wordfence Security

    (@mmaunder)

    9 years, 11 months ago

    The other plugin is probably not reading the IP addresses of visitors correctly.

    Wordfence has several ways of doing this – please see the option for “How does wordfence get IP’s” and work with your host to make sure this is set correctly.

    It’s not possible for hackers to use proxies and appear to visit from non-routable private IP address ranges because public internet routers will just drop the packets.

    Regards,

    Mark.

    Thread Starter digory

    (@digory)

    9 years, 11 months ago

    Ah, thank you!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Wordfence and blocking non-routable IPs’ is closed to new replies.