Thanks so much for the quick reply Peter. With your help I’ve managed to get Wordfence working again.
The only IP address detection method that worked appears to be open to spoofing though: (X-Forwarded-For HTTP header. Only use if you have a front-end proxy or spoofing may result.) Any idea why the other methods suddenly don’t work?
Also, maybe unrelated, but the main WP login page /wp-login.php returns page not found after attempting login with valid credentials. I replaced htaccess with default version, but still no luck. Do you think it’s related?
thanks