Wordfence locking me out if I block a different IP address

  • Resolved birdbrainsolutions

    (@birdbrainsolutions)


    4 years, 6 months ago

    Hi,

    We noticed a bot using the IP address 159.65.155.63 trying to login with the username ‘admin’. It was successfully blocked by wordfence, and I manually added an IP block as well https://i.imgur.com/YZERDEO.jpg

    Now, we cannot access the site (from 42.106.209.70):

    ———————————————————————————–
    Your access to this site has been limited
    Your access to this service has been temporarily limited. Please try again in a few minutes. (HTTP response code 503)

    Reason: Manual block by administrator
    ———————————————————————————–

    and the unlock email shows the wrong IP address (my ip address is 42.106.209.70):

    ———————————————————————————–
    Either you or someone else at IP address 159.65.155.63 requested instructions to regain access to the website Treasures Corporate Gifting.
    ———————————————————————————–

    I renamed the wordfence folder in the plugins directory through file manager, installed Wordfence Assistant, and cleared all blocked IPs, after which I was able to login to the site. I changed the folder name back to ‘Wordfence’, but as soon as I added the IP address block for 159.65.155.63, wordfence blocked me out again (my ip address is 42.106.209.70).

    Please help, thank you!

    yours sincerely,

    Nick

    The page I need help with: [log in to see the link]

Viewing 9 replies - 1 through 9 (of 9 total)
  • WFGerroald

    (@wfgerald)

    4 years, 6 months ago

    Hey @birdbrainsolutions,

    I believe this might be your server IP. Can you please try reinstalling once again, then check to make sure Wordfence is getting the correct IP in Wordfence > All Options > General Wordfence Options?

    https://www.wordfence.com/help/dashboard/options/

    Please let me know what you find.

    Thanks,

    Gerroald

    Thread Starter birdbrainsolutions

    (@birdbrainsolutions)

    4 years, 6 months ago

    Hi Gerroald,

    Firstly, thank you for the quick reply 🙂

    I used wordfence assistance to once again delete all blocked ips, reactivated wordfence, and you are correct, wordfence does consider the blocked ip as the server ip

    View post on imgur.com

    What steps should I take now to ensure it doesn’t happen again?

    yours sincerely,

    Nick

    WFGerroald

    (@wfgerald)

    4 years, 6 months ago

    Hey @birdbrainsolutions,

    Thanks for the update!

    Can you try switching through the different ways for Wordfence to Get Your IP until you see your IP? Once you’ve set it to the correct way to detect IPs this shouldn’t happen.

    Please let me know how it goes.

    Thanks,

    Gerroald

    Thread Starter birdbrainsolutions

    (@birdbrainsolutions)

    4 years, 6 months ago

    Hi Gerroald,

    I changed it to:

    Use PHP’s built in REMOTE_ADDR and don’t use anything else. Very secure if this is compatible with your site.

    and it showed my IP address.

    I tried the other options after than and they all show my IP address (including the original option: Let Wordfence use the most secure method to get visitor IP addresses. Prevents spoofing and works with most sites. (Recommended)), so not sure what to think.

    Waiting for your reply to set the option. Thanks!

    yours sincerely,

    Nick

    Thread Starter birdbrainsolutions

    (@birdbrainsolutions)

    4 years, 6 months ago

    UPDATE:

    Okay, I used

    Use PHP’s built in REMOTE_ADDR and don’t use anything else. Very secure if this is compatible with your site.

    and the IP address changed to 159.65.155.63 again after saving.

    Does that mean that my site is hacked?

    Thanks,

    Nick

    WFGerroald

    (@wfgerald)

    4 years, 6 months ago

    Hey @birdbrainsolutions,

    Thanks for the updates.

    I don’t believe that this is evidence of a hack.

    Can you try once more, then check for any errors in the browser console when saving the setting?

    If that doesn’t help, can you send me a Diagnostics report so I can get a better overview of your environment? Please navigate to Wordfence > Tools > Diagnostics. Here you can select SEND REPORT BY EMAIL. Please include your WordPress.org username and update this thread after you’ve sent it.

    Thanks,

    Gerroald

    Thread Starter birdbrainsolutions

    (@birdbrainsolutions)

    4 years, 6 months ago

    Hi Gerroald,

    Thanks, I saved it as:

    Use the X-Forwarded-For HTTP header. Only use if you have a front-end proxy or spoofing may result.

    and get this issue in the scan:

    ‘How does Wordfence get IPs’ is misconfigured
    Type: IP Detection

    Details: A test request to this website was detected on a different value for this setting. IP blocking and live traffic information may not be accurate. Get More Information For maximum security use PHP’s built in REMOTE_ADDR.

    Diagonistic report sent to wftest@wordfence.com with forum username: birdbrainsolutions.

    Thank you in advance for all your help! And have a great day!

    yours sincerely,

    Nick

    WFGerroald

    (@wfgerald)

    4 years, 6 months ago

    Hey @birdbrainsolutions,

    My apologies for the delayed response here.

    It looks like Wordfence is able to detect the correct IP now, from the looks of the Diagnostic. But it looks like one or both IPs are tripping a Firewall rule you have in place. Can you take a look at Wordfence > Live Traffic to see the reason for this? If we can resolve this I believe it will resolve your issue.

    Please let me know.

    Thanks,

    Gerroald

    WFGerroald

    (@wfgerald)

    4 years, 5 months ago

    Hey @birdbrainsolutions,

    We haven’t heard back from you in a while, so I’ve gone ahead and marked this thread as resolved.

    Please feel free to open another thread if you’re still having issues with Wordfence.

    Thanks,

    Gerroald

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Wordfence locking me out if I block a different IP address’ is closed to new replies.