Over the past few days, I’ve gotten an increasing number of “User locked out from signing in” messages, all with the same IP address. But when I went to block it, I realized that WordFence identified it as my IP address. It’s not my IP address. I tried accessing from another IP address, and again, WordFence recorded it as the same incorrect IP address. (In case it is helpful, the IP address WordFence is consistently identifying is 220.127.116.11.)
I tried changing the IP detection method, but no option yields any other result. Every time, it identifies my IP address as the 173 one.
WordFence says it blocked over 25,000 brute-force attacks today, all from this same IP. I don’t know whether this was a real attack, or whether it’s a glitch in the plugin. Stopped seeing new login attempts after I changed the IP detection method a couple times, but it’s now right back where it started (REMOTE_ADDR). Don’t know if the cessation of activity was related, or a coincidence.
Final (possibly relevant) bit of information: While WordFence was misidentifying my IP as of yesterday, it wasn’t until today that I got an error message from it that was unable to accurately detect IPs. After I switched IP detection methods around, the alert disappeared . . . despite the fact that the detection method is right back where it started.
I’ve perused the forums and help pages, but haven’t been able to find anything that’s helped in this particular situation. I’d appreciate any advice you can offer.
Thanks in advance for your time and help!
- The topic ‘Inaccurate IP detection accompanied by brute-force attack’ is closed to new replies.