“Prevent brute force login attacks” and Cloudflare

  • Resolved Tim

    (@tjalexander70)


    4 years, 3 months ago

    This issue only recently started.

    In Cloudflare, I created a security check between visitors and my login page. (see https://www.mychesco.com/wp-login.php).

    US visitors are shown a security page with a captcha challenge and Non-US visitors are completely blocked.

    I have had this set up like this for about 8 months without an issue.

    Recently, after passing the captcha challenge, users have been getting a “Your IP address xxx.xxx.xxx.xxx has been flagged for potential security violations. You can unlock your login by sending yourself a special link via email” message.

    The flagged IPs seem to all be Cloudflare addresses.

    Turning off JetPack’s brute force protection has been the best way to resolve this issue.

    Technically, the way I have things set up I don’t need JetPack’s brute force protection but I would like the added layer.

    Is there a way to fix this without whitelisting all of Cloudflare’s IP ranges?

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘“Prevent brute force login attacks” and Cloudflare’ is closed to new replies.