whitelisted IP remains even after deletion

  • Hi,

    I use Wordfence on most of my websites, along with Worfence Central. To prevent problems, I always whitelist the server IP address. The server IP of this website changed, therefore I wanted to change it in the whitelist section. However, the old IP address still remains.

    Here’s what I did, in that order :
    – restore Wordfence to default : didn’t work
    – uninstalled Wordfence and manually deleted its tables from the database, as well as the logs on the server, and then reinstalled : didn’t work, the IP was still there
    – disconnected from Wordfence Central, uninstalled Wordfence and manually deleted its tables from the database, as well as the logs on the server, and then reinstalled : didn’t work, the IP was still there
    – finally used Wordfence Assistant to delete everything and then reinstall : nope…

    So here I am with this question: hope you can help me sort this out.
    Regards,

    The page I need help with: [log in to see the link]

Viewing 11 replies - 1 through 11 (of 11 total)
  • Plugin Support wfphil

    (@wfphil)

    Hi @stefanp44

    Did you add our function wordfence::whitelistIP() to a file in WordPress such as your theme’s functions.php file?

    https://www.wordfence.com/help/advanced/wordfence-api/#wordfencewhitelistip

    Thread Starter Stephane PISKORZ

    (@stefanp44)

    Hi Phil (@wfphil)

    I never used that function; still I doubled checked the child theme files and didn’t find anything related to that function.
    Is there anything else that I could try?

    Plugin Support wfphil

    (@wfphil)

    Hi @stefanp44

    Thank you for the update.

    If you are referring to the option Allowlisted IP addresses that bypass all rules found in the Advanced Firewall Options section on the All Options page then this would mean that the IP address is stored in the database.

    To rule out the use of our function that I mentioned before then you can use a command-line interface to navigate to the directory on the server where WordPress is installed and run the command below. It will check every file in WordPress for our function.

    grep -r -H "wordfence::whitelistIP" *

    Thread Starter Stephane PISKORZ

    (@stefanp44)

    Hi @wfphil,

    I ran the search, and nothing regarding the function you mentioned.
    Indeed, I was referring to the IPs that bypass all rules, and that’s exactly the problem: even after deleting all tables starting with wf, and installing again from scratch, the IP I entered in the first place comes back.

    It doesn’t hurt, it is just weird, I mean, it just shouldn’t be there ??

    Plugin Support wfphil

    (@wfphil)

    Hi @stefanp44

    Thank you for the update.

    Can you let me know the date when you last installed Wordfence please?

    Also send me your Wordfence diagnostics report. Please go to the top of the “Diagnostics” tab on the Wordfence “Tools” page. There will be a “SEND REPORT BY EMAIL” button to send the diagnostics report. Enter wftest [at] wordfence [dot] com as the email and stefanp44 as the forum username please.

    Once you have emailed me the diagnostics report can you reply here to let me know that it has been sent. This is important in the unlikely event that your installation of WordPress is having an issue with sending mail.

    Thread Starter Stephane PISKORZ

    (@stefanp44)

    Hi @wfphil,

    I just reinstalled it now, from scratch (disconnected form Wordfence Central, deactivated the plugin and then deleted it, and finally deleted all tables from the database). The whitelisted IP was there ??

    I just sent the report from the diagnostics tab.

    Plugin Support wfphil

    (@wfphil)

    Hi @stefanp44

    Thank you for the update.

    What is the IP allowlisted IP address please?

    Thread Starter Stephane PISKORZ

    (@stefanp44)

    Hi @wfphil,

    You will find 2 IP addresses :
    109.234.162.90 and 135.125.83.227

    135.125.83.227 is the that keeps coming back and that I would like to remove.

    Plugin Support wfphil

    (@wfphil)

    Hi @stefanp44

    Thank you for the update. Your hosting server uses only one public IP address and that is 109.234.162.90

    IP address 135.125.83.227 belongs to WP Rocket and they have been using our function in their plugin code to add their IP address to the Wordfence plugin allowlist:

    https://docs.wp-rocket.me/article/1628-which-ip-do-i-need-to-allow-for-wp-rocket

    Thread Starter Stephane PISKORZ

    (@stefanp44)

    Hi @wfphil ,

    Oh my, I feel ashamed, I didn’t even check the IP and therefore didn’t know it belonged to WP Rocket. So sorry for all the fuss. It’s still better to be safe than sorry. Anyway thanks a lot for our time and patience (and for the WP Rocket documentation link, I actually completely missed that one!).
    I’ll mark this post as resolved and go hide somewhere ??

    Plugin Support wfphil

    (@wfphil)

    Hi @stefanp44

    Thank you for the update and no need to say sorry!

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘whitelisted IP remains even after deletion’ is closed to new replies.