Hi @estland, thanks for your question.
Having a Sucuri front-facing IP does require some configuration, which I can provide below so you can consider the process before taking any further action.
In the Wordfence > All Options > General Wordfence Options section you will see the subsection How does Wordfence get IPs. Select the option Use the X-Forwarded-For HTTP header. Only use if you have a front-end proxy or spoofing may result
Remember to press the SAVE CHANGES button.
Check your IP address by going to the link below and make a note of it:
https://whatismyipaddress.com/
Go back to the How does Wordfence get IPs subsection and if your own IP address from the IP check above does not appear in the line Your IP with this setting then you may need to add these Sucuri trusted proxy IP addresses:
Click on the text link:
+Edit trusted proxies
You will need to add the following IP address ranges in the text box that appears, each on a new line:
192.88.134.0/23
185.93.228.0/22
66.248.200.0/22
208.109.0.0/22
2a02:fe80::/29
The above list of IP address ranges may change so you can check the list here periodically:
https://docs.sucuri.net/website-firewall/troubleshooting/same-ip-for-all-users/
Please do not add any of the code listed on that page to your site. Remember to press the SAVE CHANGES button.
Now, once again check that your IP address appears correctly in the line Your IP with this setting.
Thanks,
Peter.
