User locked, cloudflare IPs

  • Resolved dccorp

    (@dccorp)


    4 years, 4 months ago

    Hi,

    I’m recveing a lot of probably fraudulent attempts to login to my sites (most of them as “admin” or “[login]”). https://rizescu.com is a test site (not a production site) on digitalocean.

    The problem is all these attempts are blocked by wordfence, by blocking the “originating” IP. My sites are behind cloudflare (free), so unfortunately, all the IP’s blocked are in fact cloudflare’s IPs, not the original IPs.

    I know I could whitelist all cloudflare’s IPs in wordfence, but I do not think this is a good security solution (the attackers will remain free to try forever via cloudflare).

    Do you have any advice for this situation?

    Thank you,

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter dccorp

    (@dccorp)

    Ok, found the option

    “Use the Cloudflare “CF-Connecting-IP” HTTP header to get a visitor IP. Only use if you’re using Cloudflare”

    I will try it, thank you for your great plugin

    No problem. That’s exactly what I was going to suggest. ??

    Make sure you unblock the IPs that you blocked to be sure you aren’t blocking Cloudflare anymore.

    Tim

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘User locked, cloudflare IPs’ is closed to new replies.