False positives when using Cloudflare with Wordfence firewall

Is this a common problem and what steps can be taken to prevent it. Thanks

I cannot understand the issue from the topic title and description, but from my point of a few and experience with domains being behind Cloudflare and installed WordPress having the Wordfence plugin installed too, in the Wordfence options you have to select and choose “CF-Connecting-IP” option (Use the Cloudflare “CF-Connecting-IP”), do not forget to save to apply the changes.

Use the Cloudflare “CF-Connecting-IP” HTTP header to get a visitor IP. Only use if you’re using Cloudflare.

Wordfence is fully compatible with Cloudflare, and in some configurations, Cloudflare will send the real visitor IP address to your web server using the CF-Connecting-IP HTTP header. If Cloudflare support personnel have advised you that this is the case, then enable this option in Wordfence.

Note that Cloudflare has several configurations including their own web server module that takes care of detecting the visitor IP address, so be sure to work with their technical support staff and read their documentation to determine which configuration you are using.

Articles of additional help:

2 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.