I am planning to switch to Cloudflare for my WP website, I am using Wordfence for security and Loginizer plugin against brute forces. By default as the method against brute force, “REMOTE_ADDR” is chosen but I guess this will not work with CloudFlare, There are 3 other options:
I dont want to rely on x forwarded for since it can be easily spoofed and not sure how HTTP_CLIENT_IP works. So my question is, with Cloudflare shall I choose HTTP_CLIENT_IP or I shall choose custom and type “CF-Connecting-IP” there?
In relation to that, If I integrate my cloudflare to Cpanel, is it same as installing mod_cloudflare? I use a shared hosting, so i cannot actually install it. If it is, then will I be able to see real IPs before they reach to WP instance?
Finally, I am also using W3 total cache and I am planning to use its Cloudflare extension rather than installing Cloudflare WP plugin. Is it going to change anything in regards to IPs of clients?