Allowing regular users?

On the Wordfence Options page, you can use “Whitelisted IP addresses that bypass all rules” under the “Other Options” section, to whitelist IPs. Most internet service providers will change people’s IPs from time to time, so if her IP changes, you may have to change the whitelist.

You could also make some of the firewall or login security rules less strict, if the issue was from typing the wrong password a few times, or something similar. If you see the reason listed on the Blocked IPs page or in the alert email, that would let you know which rule to change.

I would also recommend double-checking the Live Traffic page, and make sure that visits do not all have the same IP address — if you use CloudFlare, or if your host has a “reverse proxy” set up, Wordfence might not be seeing visitors’ true IPs. (If that is the case, just reply here.)

-Matt R

Yes, i am using CloudFlare, so how can i get around this?

On some hosts, it may already work correctly if they have “mod_cloudflare” installed or if you already have the CloudFlare plugin, but if you do see all one IP for all visits on the Live Traffic page, just go to your Wordfence Options page and find the option “How does Wordfence get IPs” just before the first “Save changes” button. From the list, choose:
Use the CloudFlare “CF-Connecting-IP” HTTP header to get a visitor IP.

Save the changes after that, and then check the Live Traffic page to make sure new visits show up with different IPs. Old visits’ IPs won’t change — if you don’t have immediate traffic to check, you could open a different browser where you are not logged into the site, and visit a few pages or log in and log out again, to see some new traffic.

-Matt R

Ok i did that. Now, could you just clarify what i am supposed to see (or not see) once it is set in that manner to determine that it will be doing what it is supposed to do, and not annoy the regular legit users?

Sure — if you click on “Live Traffic” on the Wordfence menu, you should see a list of visits. When CloudFlare is used, multiple users may appear with the same IP address, which is actually a CloudFlare server, instead of the actual visitor’s IP. The easiest way to test that the IP addresses are coming through correctly is to open a second browser, and visit a few pages on the site. (For example, if you are logged in to the site in Chrome, open FireFox or Safari.) Then, on the Live Traffic page, you should see your own IP address on the All Hits tab.

If you have Live Traffic disabled in Wordfence, you will only see a “Logins and Logouts” tab. In this case, if you open a different browser and log in and log out again, you should see those events on the Live Traffic page, with your own IP address.

If you don’t know your computer’s current public IP address, you can google “my ip”, and the address shown should match what you see on the Live Traffic page for your own visits, if everything is working correctly.

The Live Traffic page takes a few seconds to show new visits, but could take longer depending on your settings — if you don’t see the visits immediately, you can refresh the page.

Let us know if you need anything else!

-Matt R

OK, that works. I’ll just hope my regular users are now safe to come and go without issues.

Thanks.