Wordfence blocking fake IP & causing a 500 Server Error EVERY DAY.

Now it’s adding this line as well, also causing the site to crash:

Deny from 2001:41d0:2:2bb6::1

Sorry to hear this — it sounds like your host might not be configured properly. The IPs you listed above are new “IPv6” addresses — sort of the next version of IP addresses. A lot of sites (and home/office internet providers) don’t support them yet, but it is starting to be more common.

A temporary solution is to change from Falcon caching to Basic caching, on the “Performance Setup” page of Wordfence. This is slower, but it will stop the IPs from being written in .htaccess — then you can switch back after the issue is fixed.

Your host should be able to help find out why those lines are causing “500” errors — it might be something to do with IPv6 support, or it might be that they’re using Apache 2.4, and need to add “mod_access_compat” (which would break blocking IPv4 addresses too). They should find more details in the error_log file for your site.

Thank you! I use Hostgator and will email this to them and see what they say. Thanks again!!

Great, just let us know if there continues to be any trouble after they have worked on the issue.

Down again today, no response from Hostgator.

Have you temporarily changed the “Performance Setup” option to use basic caching instead of Falcon?

If you did that already, but the setting didn’t stick, you might have a second problem — on the Wordfence “Options” page, you can turn on “disable config caching”, and save the options — then try setting the caching option to “basic caching” again.

You can also use an option on the caching page to help show which type of caching is enabled:
https://docs.wordfence.com/en/Falcon_Cache#Add_hidden_debugging_data_to_the_bottom_of_HTML_source_of_cached_pages

(Note that you must log out and close all windows of your browser, and then visit the site again, to see cached pages — or use a second browser where you have not logged in to the site.)

I didn’t because I was hoping Hostgator would be more responsive. I guess I’ll do it today though; I just didn’t want to slow down the website.

Ah, ok, that makes sense. The basic caching should be faster than a WordPress site without caching, but hopefully they can fix the other issue for you soon!

Same Hostgator issue for me. I have to fix about 7 sites a day. Help tickets sit for weeks unanswered. No issues at all on my other servers.

Thank you so much for the work around!

@wfmattr, If you need to do some “testing” I do have some sites you can poke around in to see if there is a wordfence fix for this.

Love WORDFENCE!! Saving me hours on my sites.

After 3 WEEKS, Hostgator got around to responding:

Hello,

I have reviewed the problem, and this seems to result from Wordfence’s launch of IPv6 support. Unfortunately, not all hosts support IPv6 at this time, which is the result of the errors. The result is the conflict you are observing with your site and its plugin.

IPv6 support not yet supported on our hosting, and as a result we would have to recommend that you follow the steps listed in your response to ensure Basic Caching is enabled rather than Falcon (to avoid the .htaccess rewrites). We would also require the IPv6 address that is causing the problem in order to investigate further. One is not visible at this time in your .htaccess file for us to troubleshoot at this time. If enabling basic caching does not resolve the problem, you might also consider paid addons such as SiteLock, which offers the same features Wordfence in addition to other features.

If you have any questions or concerns, please feel free to reply back to this ticket. We are more than happy to assist you at anytime. Our associates are available 24 hours a day 7 days a week.

Best Regards,

Michael B.
Linux Administrator

Are you using CloudFlare, or any other sort of reverse proxy outside of hostgator? They may be proxying IPv6 traffic, but sending it to your site via IPv4. The CloudFlare plugin or server module (or the CF-Connecting-IP header) may provide the original IP, even when it does this, which could be how Wordfence gets it.

I think CloudFlare can disable this for you, or you may be able to disable it yourself, if that is the case.

Hi Matt,
Yes, I use cloudflare. Are you saying to disable “IPv6 Compatibility” and/or enable “Pseudo IPv4”

My current settings are:
Enabled – IPv6 Compatibility: Enable IPv6 support and gateway.
Disabled – Pseudo IPv4: Adds an IPv4 header to requests when a client is using IPv6, but the server only supports IPv4.

It seems to make sense to me that I should enable the Pseudo IPv4 or disable IPv6 altogether.

Thanks for the feedback! I did just change the cache setting on 50+ sites…and I’ve gone over an hour without having to tweak the htaccess line again…so that is a WIN for me ??

holywebmaker: I would disable IPv6 at this point, but I’m not a CloudFlare expert, and I’m not sure if their Pseudo IPv4 is helpful in this case — their support staff may be able to tell you more.

joyryde: Let us know if this helps for you, too.

(If your host doesn’t support IPv6, and you don’t have an “AAAA” record in DNS settings for your domain name, then I don’t think any valid traffic should have a reason to try to reach the site by IPv6 anyway.)

My current settings are the same, maybe enabling #2 will work:

Enabled – IPv6 Compatibility: Enable IPv6 support and gateway.
Disabled – Pseudo IPv4: Adds an IPv4 header to requests when a client is using IPv6, but the server only supports IPv4.

Ok — it might work, but it could cause other problems as well. I took a quick look and found this article:
https://blog.cloudflare.com/eliminating-the-last-reasons-to-not-enable-ipv6/

I think you would need to use the “Overwrite headers” option, in the two Pseudo-IPv4 choices. It still may be safer to just disable IPv6 until your host supports it though. Again, CloudFlare’s support could help explain it more, if necessary.