Is there any way to block an internal IP user?

Hello nataliemin
192.168.0.101 is indeed an internal address in your network. There are two options here. Either someone in your network is trying to log in to your site, or the IP is being incorrectly reported for the person who is doing it.

If you have two separate browsers open (for example IE and Chrome) and are logged in to WP-admin in one of them while browsing to your site like a normal visitor in the other one, is your IP-address logged correctly in Wordfence Live Traffic view?

You can find your own IP by typing “check my ip” in to google search.

Thanks wfasa – however I don’t think this can be the case, as the reported time of the log-in was 2am in my country, and I definitely was not using any computer at that time of night! It’s possible that the reported time was incorrect, but the time is usually correct within an hour or two.

I may have confused the terminology – the IP lookup website actually said that the illegal login attempt was from a private IP address.

Hello again,
it is possible that someone managed to spoof with this IP-address. In other words, they managed to fake the address so it looks like 192.168.0.101 but is actually something else.

To make sure though I would suggest you contact your webhost and ask them how it’s possible that you had an attempted login from the IP 192.168.0.101.

You can’t block it with Wordfence because your site might end up blocking itself.

OK – thanks again for the advice.