Title: IP Detection Settings Last modified: May 24, 2026 --- # IP Detection Settings * Resolved [websgt](https://wordpress.org/support/users/websgt/) * (@websgt) * [1 week, 4 days ago](https://wordpress.org/support/topic/ip-detection-settings/) * I recently installed your suite of plugins (AIOS, Updraft Backup/Restore, WP- Optimize, Internal Link Juicer and Burst Statistics). * In the IP Detection Settings I have 2 options (and I have tried them both). Any form that I submit via the site has the submitter’s IP address I received from my site. No matter which setting I use, they both now report the IP address my host. I used Bluehost, and I do have Cloudflare, which I have no control over except turning it on/off via the Cpanel. * I have been digging into this because SITE HEALTH reports this error: Unable to detect page cache due to possible loopback request problem. Please verify that the loopback request test is passing. Error: Forbidden (Code: http_403). * I have been trying to resolve 1 issue but stumbled upon this issue. I currently have the firewall and security features disabled. * Here is the debug info from our app. * ```wp-block-code This is from your Debug screen:All-In-One Security diagnostics report===================================--- AIOS plugin information ---AIOS plugin version - 5.4.7AIOS DB version - 2.1.4AIOS firewall version - 1.0.10AIOS Premium installed - No===================================--- Server information ---Operating system - Linux 5.14.0-162.23.1.9991722448259.nf.el9.x86_64Server - ApacheMemory usage - 20 MBTotal space - 73.3 GBUsed space - 21.1 GB===================================--- WordPress information ---WordPress version - 7.0Multisite - NoABSPATH - /home2/alnxwgmy/public_html/mclwestchester/WP_DEBUG - OffWP_DEBUG_LOG - DisabledWP_DEBUG_DISPLAY - EnabledSCRIPT_DEBUG - OffSAVEQUERIES - OffDB_CHARSET - utf8DB_COLLATE -WP_SITEURL - (not set)WP_HOME - (not set)WP_CONTENT_DIR - /home2/alnxwgmy/public_html/mclwestchester/wp-contentWP_CONTENT_URL - https://www.mclwestchester.org/wp-contentWP_PLUGIN_DIR - /home2/alnxwgmy/public_html/mclwestchester/wp-content/pluginsWP_LANG_DIR - /home2/alnxwgmy/public_html/mclwestchester/wp-content/languagesWPLANG - (not set)UPLOADS - (not set)TEMPLATEPATH - /home2/alnxwgmy/public_html/mclwestchester/wp-content/themes/freshwp-proSTYLESHEETPATH - /home2/alnxwgmy/public_html/mclwestchester/wp-content/themes/freshwp-proAUTOSAVE_INTERVAL - 300WP_POST_REVISIONS - 5COOKIE_DOMAIN -COOKIEPATH - /SITECOOKIEPATH - /ADMIN_COOKIE_PATH - /wp-adminPLUGINS_COOKIE_PATH - /wp-content/pluginsNOBLOGREDIRECT - (not set)CONCATENATE_SCRIPTS - NoWP_MEMORY_LIMIT - 40MWP_MAX_MEMORY_LIMIT - 512MWP_CACHE - DisabledCUSTOM_USER_TABLE - (not set)CUSTOM_USER_META_TABLE - (not set)FS_CHMOD_DIR - 493FS_CHMOD_FILE - 420ALTERNATE_WP_CRON - DisabledDISABLE_WP_CRON - Cron is disabledWP_CRON_LOCK_TIMEOUT - 120EMPTY_TRASH_DAYS - 7WP_ALLOW_REPAIR - DisabledDO_NOT_UPGRADE_GLOBAL_TABLES - NoDISALLOW_FILE_EDIT - NoDISALLOW_FILE_MODS - NoIMAGE_EDIT_OVERWRITE - NoFORCE_SSL_ADMIN - YesWP_HTTP_BLOCK_EXTERNAL - NoWP_ACCESSIBLE_HOSTS - (not set)WP_AUTO_UPDATE_CORE - DefaultWP_PROXY_HOST - (not set)WP_PROXY_PORT - (not set)MULTISITE - NoWP_ALLOW_MULTISITE - NoSUNRISE - NoSUBDOMAIN_INSTALL - NoVHOST - NoDOMAIN_CURRENT_SITE - (not set)PATH_CURRENT_SITE - (not set)BLOG_ID_CURRENT_SITE - (not set)WP_DISABLE_FATAL_ERROR_HANDLER - NoAUTOMATIC_UPDATER_DISABLED - No===================================--- PHP information ---PHP version - 8.5.6PHP expose php - InactivePHP allow url fopen - ActivePHP memory limit - 512MPHP upload max filesize - 512MPHP post max size - 516MPHP max execution time - 60PHP max input time - 60Process owner - alnxwgmyOpenSSL support - OKOpenSSL version - OpenSSL 3.0.7 1 Nov 2022cURL support - OKcURL features code - 29345693cURL host - x86_64-redhat-linux-gnucURL support protocols - dict, file, ftp, ftps, gopher, gophers, http, https, imap, imaps, ldap, ldaps, mqtt, pop3, pop3s, rtsp, scp, sftp, smb, smbs, smtp, smtps, telnet, tftpcURL SSL version - OpenSSL/3.5.1cURL libz version - 1.2.11Checking display_errors - Disabled===================================--- Database information ---Database version - 5.7.44DELETE - OKINSERT - OKUPDATE - OKSELECT - OKCREATE TABLE - OKALTER TABLE - OKDROP - OKTRUNCATE - OK===================================--- Plugin information ---All-In-One Security (AIOS) (wp-security) [5.4.7] - ActiveBasePress (basepress) [2.17.0.2] - ActiveBranda (ultimate-branding) [3.4.29] - ActiveBurst Statistics - Privacy-Friendly Analytics for WordPress (burst) [3.4.3] - ActiveCode Manager (code-manager) [1.0.46] - ActiveE2Pdf (e2pdf) [1.32.18] - ActiveEasy Media Gallery Pro (easy-media-gallery-pro) [1.6.0.43] - ActiveForminator (forminator) [1.53.2] - ActiveGutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor (gutentor) [3.5.6] - ActiveHealth Check & Troubleshooting (health-check) [1.7.1] - ActiveImageMagick Engine (imagemagick-engine) [1.8.0] - ActiveInternal Link Juicer (wp-internal-linkjuicer) [2.26.0] - ActiveLink Library (link-library) [7.9.2] - ActiveMenu In Post (menu-in-post) [1.5.0] - ActiveMy Calendar - Accessible Event Manager (my-calendar) [3.7.13] - ActivePublishPress Capabilities Pro (capabilities-pro) [2.43.0] - ActiveQuotes llama (class-quotesllama) [3.1.1] - ActiveSimple File List Access (ee-simple-file-list-access) [3.1.2] - ActiveSimple File List Email (ee-simple-file-list-email) [1.2.2] - ActiveSimple File List Pro (ee-simple-file-list-pro) [6.1.12] - ActiveSimple File List Search (ee-simple-file-list-search) [3.1.2] - ActiveTablePress (tablepress) [3.3.1] - ActiveThe Bluehost Plugin (bluehost-wordpress-plugin) [4.16.1] - InactiveUpdraftPlus - Backup/Restore (updraftplus) [1.26.4] - ActiveWP-Optimize - Clean, Compress, Cache (wp-optimize) [4.5.3] - ActiveWP-PageNavi (wp-pagenavi) [2.94.5] - ActiveWPCode Lite (ihaf) [2.3.5] - ActiveWP Crontrol (wp-crontrol) [1.21.0] - ActiveWP Go Maps (formerly WP Google Maps) (wpgooglemaps) [10.0.10] - ActiveWP Go Maps - Pro Add-on (wp-google-maps-pro) [9.0.36] - ActiveWP Rollback (wp-rollback) [3.1.2] - Active===================================--- Must-use plugin information ---Burst REST API Optimizer (burst_rest_api_optimizer) [1.0.0] - ActiveEndurance Page Cache (endurance-page-cache) [2.2.2] - ActiveHealth Check Troubleshooting Mode (health-check-troubleshooting-mode) [1.7.2] - Activesimba-tfa-encryption-key.php (simba-tfa-encryption-key) [] - ActiveSSO (sso) [0.4] - Active===================================--- Drop-in information ---advanced-cache.php [Advanced caching plugin.] - Inactivedb.php [Custom database class.] - Activedb-error.php [Custom database error message.] - Activeinstall.php [Custom installation script.] - Activemaintenance.php [Custom maintenance message.] - Activeobject-cache.php [External object cache.] - Activephp-error.php [Custom PHP error message.] - Activefatal-error-handler.php [Custom PHP fatal error handler.] - Active===================================--- Theme information ---FreshWP PRO (freshwp-pro) [1.0.2] - ActiveTwenty Twenty-Five (twentytwentyfive) [1.5] - Inactive===================================--- IP detection methods ---REMOTE_ADDR - IP: 71.183.235.10 - status: OnHTTP_CF_CONNECTING_IP - IP: 71.183.235.10HTTP_X_FORWARDED_FOR - IP:HTTP_X_FORWARDED - IP:HTTP_CLIENT_IP - IP:HTTP_X_REAL_IP - IP:HTTP_X_CLUSTER_CLIENT_IP - IP:===================================--- Cron information ---Failed cron jobs - 0action_scheduler_run_queue -cf7pp_payment_check_status - hourlymojo_cron_hourly - hourlywp_privacy_delete_old_export_files - hourlyepc_scheduled_purge_all -wp_update_plugins - twicedailywp_update_themes - twicedailymojo_cron_twicedaily - twicedailywp_version_check - twicedailygutentor_daily_scheduled_events - dailywp_update_user_counts - twicedailyfs_data_sync_wp-data-access - dailyrecovery_mode_clean_expired_keys - dailywp_scheduled_delete - dailydelete_expired_transients - dailywp_scheduled_auto_draft_delete - dailytribe_common_log_cleanup - dailytribe_daily_cron - dailywsm_dailyScheduler - dailyschedule_report_event - dailyschedule_daily_report - dailymojo_cron_daily - dailyfs_data_sync_basepress - dailymojo_cron_weekly - weeklywp_delete_temp_updater_backups - weeklywpcode_usage_tracking_cron - weeklywp_site_health_scheduled_check - weeklybh_data_cron - weeklygutentor_weekly_scheduled_events - weeklyaiowps_weekly_cron_event - weeklyaiowps_clean_old_events - dailyburst_every_ten_minutes - burst_every_ten_minutesburst_monthly - burst_monthlyprocess_smush_tasks -upgrader_scheduled_cleanup -prune_smush_logs -burst_clear_test_visit -wpo_webp_convert_compressed_images - dailyupdraftplus_clean_temporary_files - twicedailypuc_cron_check_updates-ee-simple-file-list-pro - twicedailypuc_cron_check_updates-ee-simple-file-list-access - twicedailywpo_weekly_cron_tasks - wpo_weeklypuc_cron_check_updates-ee-simple-file-list-search - twicedailypuc_cron_check_updates-ee-simple-file-list-email - twicedailyburst_every_hour - burst_every_hourburst_daily - burst_dailyburst_weekly - burst_weeklyfs_install_sync_code-manager -fs_install_sync_internal-links -e2pdf_cache_tmp_cron - dailywpo_reset_webp_conversion_test_result - wpo_dailywpo_prune_webp_logs - weeklywpo_prune_404_log - wpo_dailywpo_smush_clear_backup_images - dailywpo_smush_clear_failed_tasks - wpo_monthlyemg_cron_event - onedaynfd_data_sync_cron - minutelyaios_15_minutes_cron_event - aios-every-15-minutesaiowps_hourly_cron_event - hourlyaiowps_daily_cron_event - dailynfd_htaccess_daily_scan - dailyfs_data_sync_internal-links - dailyfs_data_sync_code-manager - dailywpo_minify_purge_old_cache - dailynfd_data_cron - weeklywpo_reset_stats_counter -mojo_cron_monthly - monthly=================================== ``` * Thank you in Advance for your assistance in this matter. * Regards, Steve * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fip-detection-settings%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 2 replies - 1 through 2 (of 2 total) * Plugin Support [hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/) * (@hjogiupdraftplus) * [1 week, 3 days ago](https://wordpress.org/support/topic/ip-detection-settings/#post-18917976) * Hi [@websgt](https://wordpress.org/support/users/websgt/), * From the debug log, it appears that the IP address 71.183.235.10 is being detected, and `REMOTE_ADDR` from the server information is being used for IP detection. This matches the `HTTP_CF_CONNECTING_IP` value generally provided by Cloudflare. * ```wp-block-code REMOTE_ADDR - IP: 71.183.235.10 - status: OnHTTP_CF_CONNECTING_IP - IP: 71.183.235.10 ``` * If the detected IP address does not match the address shown on [https://whatismyipaddress.com/](https://whatismyipaddress.com/), the server may be behind a proxy or may not be configured properly. It needs to make sure that the server IP address is not detected as the visitor IP address; otherwise, it may block the server IP address and show a 403 forbidden error. * Regards - This reply was modified 1 week, 3 days ago by [hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/). * [Culture Dev](https://wordpress.org/support/users/websolman/) * (@websolman) * [4 days ago](https://wordpress.org/support/topic/ip-detection-settings/#post-18924553) * Steve, a couple of things stand out in your debug that should narrow this down. * **IP detection is actually working in your case.** Your report shows: * ```wp-block-code REMOTE_ADDR - IP: 71.183.235.10 HTTP_CF_CONNECTING_IP - IP: 71.183.235.10 ``` * Both resolve to the same address, and that’s your real client IP – so AIOS is already seeing the visitor, not your host. On a Bluehost + Cloudflare cPanel box Apache often _doesn’t_ restore the client IP, but here it clearly is (Bluehost sets it at the server level), so you can leave IP Detection on `REMOTE_ADDR`. Switching to `CF-Connecting-IP` would only matter if `REMOTE_ADDR` were showing a Cloudflare `104.x/172.x` address – which it isn’t. * One caveat worth knowing: only trust `CF-Connecting-IP` when the request actually comes from a Cloudflare IP range. If a plugin forces it unconditionally, someone bypassing the proxy can spoof their IP by sending that header directly – which would let them dodge lockouts. * **Your real symptom is separate from IP detection.** “Unable to detect page cache… loopback request… Forbidden (403)” is a loopback issue: your server calls its own URL (`https://www.mclwestchester.org/...`), that request leaves the box, hits Cloudflare, and comes back – and Cloudflare (or Bluehost’s Endurance Page Cache / a security rule) answers **403** to that server-to-self call. Common fixes: - Keep loopback local: point your domain to `127.0.0.1` in the server hosts file so the loopback never leaves the box (often not possible on shared Bluehost). - In Cloudflare, make sure your own origin IP isn’t being challenged/blocked, and that WP-Cron/loopback paths aren’t cached or filtered. * So: IP detection is fine to leave as-is; chase the 403 loopback separately – that’s what’s actually failing Site Health. Viewing 2 replies - 1 through 2 (of 2 total) You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fip-detection-settings%2F%3Foutput_format%3Dmd&locale=en_US) to reply to this topic. * ![](https://ps.w.org/all-in-one-wp-security-and-firewall/assets/icon-256x256. png?rev=2798307) * [All-In-One Security (AIOS) – Security and Firewall](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/) * [Frequently Asked Questions](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#faq) * [Support Threads](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/) * [Active Topics](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/unresolved/) * [Reviews](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/reviews/) * 2 replies * 3 participants * Last reply from: [Culture Dev](https://wordpress.org/support/users/websolman/) * Last activity: [4 days ago](https://wordpress.org/support/topic/ip-detection-settings/#post-18924553) * Status: resolved