APO Does not properly pass the user's IP to Wordfence

When using APO with Wordfence’s IP detection, Cloudflare is passing the IPv6 address of Cloudflare, and not the actual user. This makes Wordfence think that all traffic is coming from the same IP and is being attacked and locks users out of the site.

All Wordfence IP detection methods detect the same thing - 2a06:98c0:3600::103, which I believe is a Cloudflare IPv6 address.

When I turn off APO, it resumes normal detection of my actual IPv4 IP

How can this be fixed so that Cloudflare with APO enabled will pass the user’s actual IP so that the firewall will behave normally?

There is an ongoing thread about this here: Automatic Platform Optimization Enabled & I No Longer See Visitor IP?

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.

Thank you for raising this. Happy to update the thread to let you know it is now fixed.

1 Like