When using APO with Wordfence’s IP detection, Cloudflare is passing the IPv6 address of Cloudflare, and not the actual user. This makes Wordfence think that all traffic is coming from the same IP and is being attacked and locks users out of the site.
All Wordfence IP detection methods detect the same thing - 2a06:98c0:3600::103, which I believe is a Cloudflare IPv6 address.
When I turn off APO, it resumes normal detection of my actual IPv4 IP
How can this be fixed so that Cloudflare with APO enabled will pass the user’s actual IP so that the firewall will behave normally?