Brute Force Attackers to wordpress site is coming from Cloudflare

attacks

#1

I am getting an insane amount of POST requests to my wordpress sites (via wp-login.php) and when I check the originating IP, it’s coming from Cloudflare.

I assume normal human beings use Cloudflare has a proxy for web browser. Is it safe to block all POST attempts to wp-login.php if IP is from Cloudflare? And by safe, I mean I’m not blocking normal legit human beings trying to login to their wordpress site.


#2

Cloudflare acts as a proxy for websites. Visitors route through Cloudflare to access a website behind it. If you are seeing a Cloudflare originating IP address, then I assume the domain is behind Cloudflare. You may want to restore the visitor IP to your logs if you’re going to try to block their access:

https://support.cloudflare.com/hc/en-us/sections/200805497-Restoring-Visitor-IPs


#3

Oh crap…yeah I thought we had been using the Cloudflare originating IP address for our Nginx logs, but apparently we weren’t.

Thanks! My mistake.


#4

@chris3
You should definitely implement this trick to prevent Brute Force Attack