Will Wordfence Interfere?

Resolved openedge1
(@openedge1)

6 years, 8 months ago

We have your plugin installed and set to block every country except US and CA. But, due to a mass attempt of attacks on the site, we also enabled Wordfence.

I just got this report from Wordfence…

A user with IP addr 2a03:b0c0:2:f0::11f:3001 has been locked out from signing in or using the password recovery form for the following reason: Used an invalid username ‘[login]’ to try to sign in.
The duration of the lockout is 4 hours.
User IP: 2a03:b0c0:2:f0::11f:3001
User hostname: 2a03:b0c0:2:f0::11f:3001
User location: Amsterdam, Netherlands

It was not blocked by Cloudguard.

So, is Wordfence to blame? I would hate to turn it off, as the logging is important for us…

Thanks

The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Author pipdig
(@pipdig)

6 years, 8 months ago

Hi @openedge1,

It should be no problem to use both at the same time. I suspect what has happened here is that the IP address was incorrectly geolocated by Cloudflare. This can happen on a very small amount of cases with all geolocation services. Since Cloudflare wasn’t able to geolocated the IP, access to the login page was allowed and then Wordfence blocked it afterwards.

I don’t think you will need to worry about this. It looks like both systems are working and blocking login attempts. However you might like to install https://wordpress.org/plugins/wps-hide-login/ as an extra measure to reduce brute force attempts.

Thread Starter openedge1
(@openedge1)

6 years, 8 months ago

“I suspect what has happened here is that the IP address was incorrectly geolocated by Cloudflare”

I am having an increase in other countries accessing the site now. I actually think your plugin has stopped working.

I will continue to monitor and review where they are coming from. So far I have seen France, Vietnam, Amsterdam. …and IPV4 and IPV6…so no common theme here either.

I will update when I have more info.

Plugin Author pipdig
(@pipdig)

6 years, 8 months ago

This might suggest there is an issue with how your host handles Cloudflare requests. You may want to contact them to ask if they have the Cloudflare module installed on their servers. If not, you will need to install the Cloudflare WP plugin to make sure any IPs are recognized correctly.

Thread Starter openedge1
(@openedge1)

6 years, 8 months ago

Hello,

I am the host (WE are a hosting company actually). We run a custom solution for our customers. We use Litespeed and we are Cloudflare partners. We also have the cloudflare plugin installed on the site to help with cache purges after site updates.

If you had researched the original log entry in my first post and then reviewed the IP that Wordfence has shown, you will see it is a properly resolved IP –
https://www.ultratools.com/tools/ipv6InfoResult?ipAddress=2a03%3Ab0c0%3A2%3Af0%3A%3A11f%3A3001&as_sfid=AAAAAAXRsqO4YG8siIRYsOKKPetu1DO9s6IFoIDBVfw7TnrXrg3Ze_2Z0AFJGK2aN8H3O9Lt0g7prvB4WxGaiTb9KXw5uNFY6QJFyOkE4KaMVrFtyFRslN1cHwW1iREFoqJqbpM%3D&as_fid=10978478c79ebc4b82a4356238998bbb5e28071f

I am just trying to help resolve this issue, but if you feel it is not your plugin…then I apologize.

Thank you for your time…

Plugin Author pipdig
(@pipdig)

6 years, 8 months ago

Hi @openedge1,

I just tried to access your login page from a few locations outside the US/CA and was correctly blocked. So things seem to be working correctly in most cases. I suspect the geolocation data from Cloudflare is incorrectly assigning some of the ipv6 locations. They mention that their ipv4 data is more accurate whilst they work to improve ipv6:

Cloudflare includes this information for both IPv4 and IPv6 addresses. Currently, the IPv4 information is more robust, but we expect the IPv6 data to improve rapidly.

Are you seeing much trafic being blocked by Cloudguard? Or is the majority being blocked by Wordfence?

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Will Wordfence Interfere?’ is closed to new replies.