Whoof. You’d need to see if the cloud server forwards IPs for logging at all.
Thread Starter
thels
(@thels)
how would check that?
do I need to speak to the host provider?
thanks
Wow, I hope we dont run into this. We just launched production today. But we have a similar configuration. We are not in the cloud, but an enterprise. We have load balancers in front of our web servers. Our web servers get the IP addresses of the Load Balancer, so we had to configure our load balance to pass the user’s IP address in another header, x-forwarded-for.
I was not aware that WP would lock out IP address for multiple login failures. Is this a core function or a plugin?
It’s a plugin, jkhongusc – http://wordpress.org/plugins/limit-login-attempts/
thels – Yeah, ask your host if they retain the original IP of visitors. They SHOULD ( x-forwarded-for is pretty common).
Thread Starter
thels
(@thels)
Yea the host using mod_rpaf to forward the IP address. any guesses on why wordpress not seeing the forward IP address
thels –
You should try verifying that WP is seeing the forwarded user IP address. I create a test script that prints out phpinfo(). You should see all the header, verify that you are seeing the header set by mod_rpaf.
If you are seeing the user’s IP address, then the plugin needs to be configured to accept it. You need to check the plugin you are using to see if it accepts that particular header.
I wonder if ANYTHING can see the real IP, actually.
http://matthieu.yiptong.ca/tag/mod_rpaf/ implies that mod_rpaf does that on it’s own.
Thread Starter
thels
(@thels)
Hi
yea that has solved the problem
thank you
Wordfence reports my host IP for all visitors. Even my admin displays as my Host’s IP.