wordfence blocking using cloudflare IPs

You’re seeing CloudFlare’s IPs because we’re a reverse proxy for sites. You need to install something to restore the original visitor IP, so mod_cloudflare or the CloudFlare WordPress plugin should fix the issue.

Thanks Damon,

I think it was working ‘correctly’ earlier (the site has been using both cloudflare and WordFence for a considerable time) and I don’t recall making any changes to the site’s cloudflare settings that might have changed anything. In fact over a period of about fifteen minutes about half of the failed attempted logins were given as cloudflare named ips, and half were recorded as purely numeric Ip addresses
Additionaly, the CloudFlare WordPress plugin isn’t marked as compatible with WordPress 4.0 or up.

Awaiting comment from Wordfence support.

further checking – I already have the ‘use CF-CONNECTING-IP header’ selected in the Wordfence configuration, so surely shouldn’t need the Cloudflare plugin.

We always recommend using the cloudflare plugin. usually the option you selected on “how wordpress gets its IP’s” with it fixes the ip address issue. I’d try using the cloudflare plugin and see if the behavior changes. If it doesn’t, then we’ve at least eliminated that.

tim

Its gone back to working correctly without me changing anything, so I’ll leave it as it is for now, especially as I’m planning to change the hosting shortly.
Thanks for your help

Weird.

Not a problem for the help, and as always, thanks to damoncloudflare, the worlds best support guy ??

tim

“Not a problem for the help, and as always, thanks to damoncloudflare, the worlds best support guy :)”

I probably fail more than I win…haha.

lol