wordfence blocking using cloudflare IPs

  • Resolved efikim

    (@efikim)


    11 years, 5 months ago

    I’m seeing Wordfence email reports of attempted login tattempts that refer to the Cloudflare IP rather than the real user IP address. Surely this will lead to locking out other users as well as the malicious user?

    email message as below –
    ****
    The Wordfence administrative URL for this site is: http://xxx/wp-admin/admin.php?page=Wordfence

    A user with IP address 173.245.49.125 has been locked out from the signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 5. The last username they tried to sign in with was: ”
    User IP: 173.245.49.125
    User hostname: cf-173-245-49-125.cloudflare.com
    ****

    https://wordpress.org/plugins/wordfence/

Viewing 8 replies - 1 through 8 (of 8 total)
  • damoncloudflare

    (@damoncloudflare)

    11 years, 5 months ago

    You’re seeing CloudFlare’s IPs because we’re a reverse proxy for sites. You need to install something to restore the original visitor IP, so mod_cloudflare or the CloudFlare WordPress plugin should fix the issue.

    Thread Starter efikim

    (@efikim)

    11 years, 5 months ago

    Thanks Damon,

    I think it was working ‘correctly’ earlier (the site has been using both cloudflare and WordFence for a considerable time) and I don’t recall making any changes to the site’s cloudflare settings that might have changed anything. In fact over a period of about fifteen minutes about half of the failed attempted logins were given as cloudflare named ips, and half were recorded as purely numeric Ip addresses
    Additionaly, the CloudFlare WordPress plugin isn’t marked as compatible with WordPress 4.0 or up.

    Awaiting comment from Wordfence support.

    Thread Starter efikim

    (@efikim)

    11 years, 5 months ago

    further checking – I already have the ‘use CF-CONNECTING-IP header’ selected in the Wordfence configuration, so surely shouldn’t need the Cloudflare plugin.

    WFSupport

    (@wfsupport)

    11 years, 5 months ago

    We always recommend using the cloudflare plugin. usually the option you selected on “how wordpress gets its IP’s” with it fixes the ip address issue. I’d try using the cloudflare plugin and see if the behavior changes. If it doesn’t, then we’ve at least eliminated that.

    tim

    Thread Starter efikim

    (@efikim)

    11 years, 5 months ago

    Its gone back to working correctly without me changing anything, so I’ll leave it as it is for now, especially as I’m planning to change the hosting shortly.
    Thanks for your help

    WFSupport

    (@wfsupport)

    11 years, 5 months ago

    Weird.

    Not a problem for the help, and as always, thanks to damoncloudflare, the worlds best support guy 🙂

    tim

    damoncloudflare

    (@damoncloudflare)

    11 years, 5 months ago

    “Not a problem for the help, and as always, thanks to damoncloudflare, the worlds best support guy :)”

    I probably fail more than I win…haha.

    WFSupport

    (@wfsupport)

    11 years, 5 months ago

    lol

Viewing 8 replies - 1 through 8 (of 8 total)

The topic ‘wordfence blocking using cloudflare IPs’ is closed to new replies.

Tags