Hackers use IP 127.0.0.1 and I get locked out

I think I know what the problem is.
In the Loginizer Dashboard it says the following:
Server’s IP Address 127.0.0.1
Your IP Address 127.0.0.1

On a site I have where I use Jetpack and their brute force protection, that dashboard says:
Your current IP: <actual IP address redacted>

So the problem is a bug in Loginizer in which it seems to think that my IP address is local host and not my actual IP address.

I like Loginizer and if you can fix this I will continue to use it but if not then I am going to have to find another solution. Thanks. Let us know.

I did some more looking into this and found that on shared host servers this was not a problem. The problem occurs on Cloudways (or other cloud hosts?) because they use a reverse proxy.
After asking around I found out there are two ways a user can fix this for the user IP address.
One is to edit the wp-config.php file and add the following line:
$_SERVER[‘REMOTE_ADDR’] = $_SERVER[‘HTTP_X_REAL_IP’];

The other is to use the drop down on the right side of the Loginizer section where the client IP address is and select the “Custom” option and then enter this value: HTTP_X_REAL_IP and save it.

However it would have been nice to find out from someone at your company how to fix this. In addition maybe you can do what iThemes Security does and build in proxy detection so it does this automatically.