Support » Plugin: Wordfence Security - Firewall & Malware Scan » Valid username got blocked – suspected security issue

  • Hi there

    My company’s website just got migrated from a staging site to the production site. I changed the notification email to point to the correct administration email that receives all WF notifications and promptly received a notification regarding an administrator login — which was me. I also received a similar notification when my colleague logged in.

    Then it didn’t occur to me then but both IP and hostnames listed in the emails were not the IP and hostname that we were connected to. It actually pointed twds amazonaws.

    Then the next day, when I tried to log in, I was directed to the WF page notifying that my IP address had been blocked. I referred to my email logs and realised that an invalid username logins were attempted. In the last notification, the IP address and ISP was exactly the same as the one listed in the admin login email.

    At present, it seems like the administrator account that I used to log in has been blocked. However, my colleague’s account is still intact (it was not an administrator account). I have also realised I stopped receiving email notifications from WF regarding the website.

    I’m happy to provide more information. Appreciate any assistance.

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfdave

    (@wfdave)

    Hi @janicechq,

    What I believe happened is that your server is behind a CDN or proxy. So when people connect to your website, Wordfence sees everyone using the same IP address (which is the IP address of your load balancer).

    This means, when that IP address gets blocked for whatever reason, everyone will be blocked from accessing your website.

    What you can do now is:

    1. Regain access to your login

    Rename the folder /wp-content/plugins/wordfence/ -> /wp-content/plugins/wordfence-old, and delete the folder /wp-content/wflogs`.

    2. Change how Wordfence obtains its IP addresses

    After you’ve reinstalled Wordfence (or if you aren’t blocked anymore), you can go into Wordfence -> All Options.

    From the options, you should see How does Wordfence get IPs, and you can cycle through the various options until the Your IP with this setting matches your true IP. Your true IP can be found at https://www.google.com/search?q=what+is+my+ip

    Dave

    janicechq

    (@janicechq)

    Hi @wfdave

    Thank you for your reply.

    I managed to regain access to the website and reconfigured the settings of how WF obtains its IP address.

    However now, it seems like WF is not blocking IP addressed attempting to login with invalid usernames, even with the correct settings. I do believe a few forum posts are indicating they are facing this issue too. Is there an resolution?

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.