Cloudflare Blocking all IP's in Wordfence

I installed Wordfence a few days ago to be able to log IPs of visitors and track intrusions and today all of the sudden, every IP, including my own, is Cloudflare. I don’t want Cloudflare blocking or hiding IP addresses.

How do I turn this off and make sure this never happens again?

What I did today was block millions of Cloudflare IPs that tried to log into my site using the Admin username and a few other assumptions.

It’s not a good feature for me. I don’t like it. I don’t want it. How do I get rid of it?

Use the Cloudflare “CF-Connecting-IP” HTTP header to get a visitor IP. Only use if you’re using Cloudflare.
Wordfence is fully compatible with Cloudflare, and in some configurations Cloudflare will send the real visitor IP address to your web server using the CF-Connecting-IP HTTP header. If the Cloudflare support personnel have advised you that this is the case, then enable this option on Wordfence to ensure that Wordfence is able to get your visitor IP address.

Did you enable this?


You have two choices:

  1. Bypass Cloudflare for your site by either setting your DNS entries to :grey: DNS Only or use the Pause Cloudflare on Site option from your Overview page.
  2. Configure your server to restore Visitor IP addresses:

And Eric just posted the proper way to configure Wordfence to recognize actual Visitor IP addresses.


OH that’s interesting. But when I use DNS only is Cloudflare still hiding my server IP?

That was it, thank you so much for your fast response.

1 Like

No. It will be a direct connection between your visitors and your server.

1 Like

I’ve been hacked so many times I can’t forgo the protection. Thank you so much for the suggestion. Ticking the Cloudflare option that Eric explained worked perfectly.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.