Foreign IP address in “Allow listed IP addresses that bypass all rules”

I’m seeing this as well on my site: 135.125.83.227 cannot be removed, and maps to Paris.

It appears your website uses the plugin WP Rocket. The IP you are concerned about belongs to WP Rocket. For details, click here.

WP Rocket is owned by WP Media which is located in Lyon, France. However, their servers appear to operate out of Paris, France.

In addition to any recommendations provided by Wordfence, I would also reach out to WP Rocket Support for assistance with your issue.

Thanks for your reply, I appreciate it. That completely explains what I’m seeing. I’m guessing a fair number of sites use both, I’m surprised I wasn’t able to google any documentation about it. Now I know!

Hi @webperson,

From an inital look, @generosus looks to be correct with the WP Rocket origin assessment. I was just feeling a little cautious as anything inserting itself into the “Allow listed IP addresses that bypass all rules” section of your settings will truly bypass all Wordfence checks so we usually don’t recommend adding anything here unless absolutely unavoidable.

To us, it looks like the use of our function wordfence::whitelistIP() but it appears that you aren’t setting it yourself. It might be worth checking in with WP Rocket’s support channels to see if they have started setting this as a compatibility measure for Wordfence users?

Further information on the function: https://www.wordfence.com/help/advanced/wordfence-api/#wordfencewhitelistip

Let me know what you find out!

Thanks,

Peter.

Research reveals the above issue is related to WP Rocket 3.10.2, which attempted to fix a compatibility issue between Wordfence and WP Rocket.

Apparently, the fix turned out to be a bit buggy so they’re working on another one.

For details, please refer to GitHub Issue No. 3916.

Thanks Peter, I was able to locate documentation on the WP-Rocket site about this IP address. It’s linked to the “Remove Unused CSS” feature of WP-Rocket:

Basic requirements for the feature to work
…
The following IP has to be allow listed by your server, firewall, or security plugin :
135.125.83.227
…
If you are using Wordfence, activate Learning Mode as described here.

I’m unfamiliar with the particular implementation of Learning Mode, but is it possible this IP became whitelisted through learning mode and now Wordfence simply restores it of its own accord? I’ve reached the point where I’m more interested in who is adding it, not why, to ensure it doesn’t create any potential security issues. Thanks again.

Thanks again @webperson and @generosus.

I am satisfied that the update WP Rocket have implemented is the reason for this cropping up, and I see that there may be further developments or updates in this area to also allowlist the site’s own IP in future. This is a solution on some platforms that we recommend when communication issues are involved.

Regardless of the use of Learning Mode, Wordfence won’t be restoring this data for any reason so the change to WP Rocket to use wordfence::whitelistIP() seems to be the cause of it returning even when removed manually. It doesn’t seem to be the result of a security issue.

Thanks again,

Peter.