Cloudflare IP's Attacking our Website WP Logins

Using Wordfence Firewall on our Wordpress website, and yesterday there were 250 attempts to sign in using old now non-existent usernames.

Investigations on the IP addresses show they belong to Cloudflare

What is going on ???

See Below:

IP Country Region City ISP ASN Lat Long
108.162.241.16 Canada Ontario Toronto CLOUDFLARENET 13335 43.6426 -79.4002
108.162.246.81 Canada Alberta Calgary CLOUDFLARENET 13335 51.0483 -113.9633
141.101.107.58 United Kingdom England London CLOUDFLARENET 13335 51.5164 -0.093
141.101.69.53 France Paris Paris CLOUDFLARENET 13335 48.8323 2.4075
141.101.69.67 France Paris Paris CLOUDFLARENET 13335 48.8323 2.4075
141.101.76.206 Netherlands North Holland Amsterdam CLOUDFLARENET 13335 52.3759 4.8975
141.101.77.5 Netherlands North Holland Amsterdam CLOUDFLARENET 13335 52.3759 4.8975
141.101.84.32 South Korea Seoul Seoul CLOUDFLARENET 13335 37.5794 126.9754
141.101.96.118 Czechia Hlavni mesto Praha Prague CLOUDFLARENET 13335 50.0804 14.5045
141.101.99.25 United Kingdom England London CLOUDFLARENET 13335 51.5164 -0.093
162.158.106.238 United States Washington CLOUDFLARENET 13335 47.6034 -122.3414
162.158.107.21 United States Washington CLOUDFLARENET 13335 47.6034 -122.3414
162.158.107.35 United States Washington CLOUDFLARENET 13335 47.6034 -122.3414
162.158.126.154 Canada Quebec Montreal CLOUDFLARENET 13335 45.5075 -73.5887
162.158.126.176 Canada Quebec Montreal CLOUDFLARENET 13335 45.5075 -73.5887
162.158.126.198 Canada Quebec Montreal CLOUDFLARENET 13335 45.5075 -73.5887
162.158.129.20 Italy Milan Milan CLOUDFLARENET 13335 45.4722 9.1922
162.158.134.150 Denmark Capital Region Copenhagen CLOUDFLARENET 13335 55.6689 12.5872
162.158.159.88 United Kingdom England London CLOUDFLARENET 13335 51.5164 -0.093
162.158.162.100 Singapore Singapore CLOUDFLARENET 13335 1.3036 103.8554
162.158.162.106 Singapore Singapore CLOUDFLARENET 13335 1.3036 103.8554
162.158.162.134 Singapore Singapore CLOUDFLARENET 13335 1.3036 103.8554
162.158.162.224 Singapore Singapore CLOUDFLARENET 13335 1.3036 103.8554
162.158.162.24 Singapore Singapore CLOUDFLARENET 13335 1.3036 103.8554
162.158.162.40 Singapore Singapore CLOUDFLARENET 13335 1.3036 103.8554
162.158.162.68 Singapore Singapore CLOUDFLARENET 13335 1.3036 103.8554
162.158.162.86 Singapore Singapore CLOUDFLARENET 13335 1.3036 103.8554
162.158.163.29 Singapore Singapore CLOUDFLARENET 13335 1.3036 103.8554
162.158.170.150 Singapore Singapore CLOUDFLARENET 13335 1.3036 103.8554
162.158.170.80 Singapore Singapore CLOUDFLARENET 13335 1.3036 103.8554
162.158.178.207 Hong Kong Central and Western District Central CLOUDFLARENET 13335 22.2908 114.1501
162.158.179.43 Hong Kong Central and Western District Central CLOUDFLARENET 13335 22.2908 114.1501
162.158.179.75 Hong Kong Central and Western District Central CLOUDFLARENET 13335 22.2908 114.1501
162.158.203.159 Germany Free and Hanseatic City of Hamburg Hamburg CLOUDFLARENET 13335 53.5544 9.9946
162.158.203.47 Germany Free and Hanseatic City of Hamburg Hamburg CLOUDFLARENET 13335 53.5544 9.9946
162.158.233.92 Belgium Brussels Capital Brussels CLOUDFLARENET 13335 50.8534 4.347
162.158.38.4 Ireland Leinster Dublin CLOUDFLARENET 13335 53.3379 -6.2591
162.158.38.72 Ireland Leinster Dublin CLOUDFLARENET 13335 53.3379 -6.2591
162.158.62.12 United States CLOUDFLARENET 13335 37.751 -97.822
162.158.62.16 United States CLOUDFLARENET 13335 37.751 -97.822
162.158.62.178 United States CLOUDFLARENET 13335 37.751 -97.822
162.158.63.149 United States CLOUDFLARENET 13335 37.751 -97.822
162.158.90.110 Germany Hesse Frankfurt am Main CLOUDFLARENET 13335 50.1188 8.6843
162.158.91.105 Germany Hesse Frankfurt am Main CLOUDFLARENET 13335 50.1188 8.6843
162.158.91.99 Germany Hesse Frankfurt am Main CLOUDFLARENET 13335 50.1188 8.6843
172.68.110.130 Germany Bavaria Munich CLOUDFLARENET 13335 48.1336 11.5658
172.68.110.186 Germany Bavaria Munich CLOUDFLARENET 13335 48.1336 11.5658
172.68.238.72 Ukraine Kyiv City Kyiv CLOUDFLARENET 13335 50.458 30.5303
172.68.66.50 Australia New South Wales Sydney CLOUDFLARENET 13335 -33.8715 151.2006
172.69.109.12 Switzerland Geneva Geneva CLOUDFLARENET 13335 46.1953 6.1385
172.69.109.30 Switzerland Geneva Geneva CLOUDFLARENET 13335 46.1953 6.1385
172.69.33.102 United States California Los Angeles CLOUDFLARENET 13335 34.0526 -118.2122
172.69.33.126 United States California Los Angeles CLOUDFLARENET 13335 34.0526 -118.2122
172.69.33.200 United States California Los Angeles CLOUDFLARENET 13335 34.0526 -118.2122
172.69.33.216 United States California Los Angeles CLOUDFLARENET 13335 34.0526 -118.2122
172.69.34.15 United States California Los Angeles CLOUDFLARENET 13335 34.0526 -118.2122
172.69.68.149 United States Texas CLOUDFLARENET 13335 32.7797 -96.8022
172.69.70.186 United States Texas CLOUDFLARENET 13335 32.7797 -96.8022
172.70.110.174 United States New York Brooklyn CLOUDFLARENET 13335 40.6643 -73.9763
172.70.110.238 United States New York Brooklyn CLOUDFLARENET 13335 40.6643 -73.9763
172.70.114.14 United States New York New York CLOUDFLARENET 13335 40.7428 -73.9712
172.70.114.72 United States New York New York CLOUDFLARENET 13335 40.7428 -73.9712
172.70.116.156 Thailand Bangkok Bangkok CLOUDFLARENET 13335 13.7512 100.5172
172.70.122.212 Japan Tokyo Tokyo CLOUDFLARENET 13335 35.6893 139.6899
172.70.122.242 Japan Tokyo Tokyo CLOUDFLARENET 13335 35.6893 139.6899
172.70.123.61 Japan Tokyo Tokyo CLOUDFLARENET 13335 35.6893 139.6899
172.70.130.254 United States CLOUDFLARENET 13335 37.751 -97.822
172.70.131.207 United States CLOUDFLARENET 13335 37.751 -97.822
172.70.134.74 United States Virginia Ashburn CLOUDFLARENET 13335 39.0469 -77.4903
172.70.135.53 United States Virginia Ashburn CLOUDFLARENET 13335 39.0469 -77.4903
172.70.135.81 United States Virginia Ashburn CLOUDFLARENET 13335 39.0469 -77.4903
172.70.142.142 Singapore Singapore CLOUDFLARENET 13335 1.3036 103.8554
172.70.143.143 Singapore Singapore CLOUDFLARENET 13335 1.3036 103.8554
172.70.147.144 Singapore Singapore CLOUDFLARENET 13335 1.3036 103.8554
172.70.147.94 Singapore Singapore CLOUDFLARENET 13335 1.3036 103.8554
172.70.162.102 United Kingdom England London CLOUDFLARENET 13335 51.5164 -0.093
172.70.162.14 United Kingdom England London CLOUDFLARENET 13335 51.5164 -0.093
172.70.162.160 United Kingdom England London CLOUDFLARENET 13335 51.5164 -0.093
172.70.162.92 United Kingdom England London CLOUDFLARENET 13335 51.5164 -0.093
172.70.174.192 United States Virginia Ashburn CLOUDFLARENET 13335 39.0469 -77.4903
172.70.175.225 United States Virginia Ashburn CLOUDFLARENET 13335 39.0469 -77.4903
172.70.178.116 United States Illinois Chicago CLOUDFLARENET 13335 41.8874 -87.6318
172.70.188.80 Singapore Singapore CLOUDFLARENET 13335 1.3036 103.8554
172.70.189.175 Singapore Singapore CLOUDFLARENET 13335 1.3036 103.8554
172.70.206.134 United States California Los Angeles CLOUDFLARENET 13335 34.0544 -118.2441
172.70.206.226 United States California Los Angeles CLOUDFLARENET 13335 34.0544 -118.2441
172.70.210.228 United States California Los Angeles CLOUDFLARENET 13335 34.0544 -118.2441
172.70.211.151 United States California Los Angeles CLOUDFLARENET 13335 34.0544 -118.2441
172.70.214.144 United States California Los Angeles CLOUDFLARENET 13335 34.0544 -118.2441
172.70.214.52 United States California Los Angeles CLOUDFLARENET 13335 34.0544 -118.2441
172.70.214.84 United States California Los Angeles CLOUDFLARENET 13335 34.0544 -118.2441
172.70.222.132 Japan Tokyo Tokyo CLOUDFLARENET 13335 35.6893 139.6899
172.70.222.96 Japan Tokyo Tokyo CLOUDFLARENET 13335 35.6893 139.6899
172.70.230.130 United States New Jersey Newark CLOUDFLARENET 13335 40.738 -74.1634
172.70.230.38 United States New Jersey Newark CLOUDFLARENET 13335 40.738 -74.1634
172.70.230.68 United States New Jersey Newark CLOUDFLARENET 13335 40.738 -74.1634
172.70.235.142 Israel Haifa Haifa CLOUDFLARENET 13335 32.816 34.9821
172.70.242.208 Germany Hesse Frankfurt am Main CLOUDFLARENET 13335 50.1188 8.6843
172.70.242.220 Germany Hesse Frankfurt am Main CLOUDFLARENET 13335 50.1188 8.6843
172.70.242.222 Germany Hesse Frankfurt am Main CLOUDFLARENET 13335 50.1188 8.6843
172.70.246.2 Germany Hesse Frankfurt am Main CLOUDFLARENET 13335 50.1188 8.6843
172.70.246.218 Germany Hesse Frankfurt am Main CLOUDFLARENET 13335 50.1188 8.6843
172.70.250.108 Germany Hesse Frankfurt am Main CLOUDFLARENET 13335 50.1188 8.6843
172.70.250.80 Germany Hesse Frankfurt am Main CLOUDFLARENET 13335 50.1188 8.6843
172.70.34.170 United States Virginia Ashburn CLOUDFLARENET 13335 39.0469 -77.4903
172.70.34.222 United States Virginia Ashburn CLOUDFLARENET 13335 39.0469 -77.4903
172.70.54.124 United States Florida CLOUDFLARENET 13335 28.6344 -81.6221
172.70.82.176 United States Florida CLOUDFLARENET 13335 28.6344 -81.6221
172.70.82.8 United States Florida CLOUDFLARENET 13335 28.6344 -81.6221
172.70.85.144 United Kingdom England London CLOUDFLARENET 13335 51.5164 -0.093
172.70.85.52 United Kingdom England London CLOUDFLARENET 13335 51.5164 -0.093
172.70.85.6 United Kingdom England London CLOUDFLARENET 13335 51.5164 -0.093
172.70.90.64 United Kingdom England London CLOUDFLARENET 13335 51.5164 -0.093
172.70.91.61 United Kingdom England London CLOUDFLARENET 13335 51.5164 -0.093
172.70.91.81 United Kingdom England London CLOUDFLARENET 13335 51.5164 -0.093
172.71.10.74 Brazil Sao Paulo São Paulo CLOUDFLARENET 13335 -23.5335 -46.6359
172.71.10.86 Brazil Sao Paulo São Paulo CLOUDFLARENET 13335 -23.5335 -46.6359
172.71.102.102 Netherlands North Holland Amsterdam CLOUDFLARENET 13335 52.3759 4.8975
172.71.102.94 Netherlands North Holland Amsterdam CLOUDFLARENET 13335 52.3759 4.8975
172.71.114.32 Italy Milan Milan CLOUDFLARENET 13335 45.4722 9.1922
172.71.114.46 Italy Milan Milan CLOUDFLARENET 13335 45.4722 9.1922
172.71.118.116 France Paris Paris CLOUDFLARENET 13335 48.8323 2.4075
172.71.118.50 France Paris Paris CLOUDFLARENET 13335 48.8323 2.4075
172.71.118.86 France Paris Paris CLOUDFLARENET 13335 48.8323 2.4075
172.71.122.74 France Paris Paris CLOUDFLARENET 13335 48.8323 2.4075
172.71.122.92 France Paris Paris CLOUDFLARENET 13335 48.8323 2.4075
172.71.126.128 France Paris Paris CLOUDFLARENET 13335 48.8323 2.4075
172.71.126.40 France Paris Paris CLOUDFLARENET 13335 48.8323 2.4075
172.71.126.72 France Paris Paris CLOUDFLARENET 13335 48.8323 2.4075
172.71.130.136 France Paris Paris CLOUDFLARENET 13335 48.8323 2.4075
172.71.130.18 France Paris Paris CLOUDFLARENET 13335 48.8323 2.4075
172.71.130.92 France Paris Paris CLOUDFLARENET 13335 48.8323 2.4075
172.71.142.136 United States Washington Seattle CLOUDFLARENET 13335 47.6034 -122.3414
172.71.142.138 United States Washington Seattle CLOUDFLARENET 13335 47.6034 -122.3414
172.71.146.132 United States Washington Seattle CLOUDFLARENET 13335 47.6034 -122.3414
172.71.150.18 United States Washington Seattle CLOUDFLARENET 13335 47.6034 -122.3414
172.71.22.54 United States Georgia Atlanta CLOUDFLARENET 13335 33.844 -84.4784
172.71.22.66 United States Georgia Atlanta CLOUDFLARENET 13335 33.844 -84.4784
172.71.26.154 United States Georgia Atlanta CLOUDFLARENET 13335 33.844 -84.4784
172.71.82.2 United States Georgia Atlanta CLOUDFLARENET 13335 33.844 -84.4784
172.71.94.176 Netherlands North Holland Amsterdam CLOUDFLARENET 13335 52.3759 4.8975
172.71.98.174 Netherlands North Holland Amsterdam CLOUDFLARENET 13335 52.3759 4.8975
188.114.102.4 Italy Milan Milan CLOUDFLARENET 13335 45.4722 9.1922
188.114.102.62 Italy Milan Milan CLOUDFLARENET 13335 45.4722 9.1922

Greetings,

Thank you for asking.

I am afraid you are missing a thing or two regarding proper configuration of Wordfence + Cloudflare. Furthermore, I am afraid it’s not an attack from Cloudflare. Kindly, see below suggestion.

You might have to configure the Firewall to use and return the real visitor IP in your log files, so it would not block Cloudflare that way or have the same IP always:

Make sure to correctly configure Wordfence to work with Cloudflare proxy to return the correct visitor IP address under the Global Options - > CF-Connecting-IP from the link below:

Once you do that, you could inspect the real IP behind and where from are those failed logins trying to probe your WP login page.

Make sure to add some Google reCaptcha form to your wp-login.php page using a WordPress plugin.

You might want to try out Cloudflare Access for your WordPress login page too, check here:

You could also limit access to the wp-login.php only to your IP, or your country + using another Firewall Rule to challenge each request trying on wp-login.php.

Kindly, I’d like to share two of my posts containing multiple things related to WordPress security using Cloudflare WAF and Firewall Rules and other security options available to us.

Combining them into few Firewall Rules, you can get what you need for the best possible security & protection of your WordPress instance :wink:

2 Likes

HI Frutex,

Thank you for that.

I did realise later that it was showing the Cloudflare IP’s because they are the gate keeper.

I shall look into those things you have mentioned.

Thanks again,

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.