How to ban people on wordpress + cloudflare when we don't know their IP?

I have commentators which i want to ban from my site. How to do that when im using Cloudflare?

you need some way to identify them

How when they have Cloudflare IP?

see if this help you https://support.cloudflare.com/hc/en-us/articles/227634427-Using-Cloudflare-with-WordPress

This won’t help. Even when i disable Cloudflare then i don’t see my commenters IPs.

But if i would have IP then i can block it by rule in Cloudflare firewall?

Use Wordfence, It can pull Visitor IP addresses from the headers and you can manually block them in Wordfence’s firewall.

Then i uderstand Cloudflare can’t block these people?

you can block ip in Cloudflare via firewall rules or ip access rules

Only if you know their IP address.

Ok and only way to find their IP is to disable Cloudflare? We can’t disable only IP masking? Because actually all of commenters have one IP from Cloudflare 162xxxxxx

Here’s what you need to configure on your server to restore visitor IP addresses:
https://support.cloudflare.com/hc/en-us/sections/200805497-Restoring-Visitor-IPs

1 Like

I don’t see fix for Wordpress.

That’s a server level configuration.

It sounds like you want to block commenters by IP address, but your server does not display original visitor IP address because they are coming through Cloudflare. Your host needs to fix this on the server.

My host is using apache but here it says that Cloudflare don’t support this?

https://support.cloudflare.com/hc/en-us/articles/203656534-How-do-I-restore-original-visitor-IP-with-Apache-2-4-

I’ve not tried this, but add the following lines to your theme’s functions.php file:

if ( isset( $_SERVER["HTTP_CF_CONNECTING_IP"] ) ) {
 $_SERVER['REMOTE_ADDR'] = $_SERVER["HTTP_CF_CONNECTING_IP"];
}

If that’s successful, then your WordPress dashboard’s Comments section should show the correct IP address of the commenters.

Let me know if that works.

Hi. Your code is working. Thank you! Why not implement it on Cloudflare automaticcly?

This has to be done at the source (your server/site).

Instead of editing wordpress code, proper way for apache to retrieve real visitor ip passed on from Cloudflare headers is to use apache 2.4’s mod_remoteip which is native to apache so no need for mod_Cloudflare. Your web host should know how to configure and setup mod_remoteip for you https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html

I believe remoteip also requires a list of Cloudflare IP addresses, but the same way the NGINX configuration works. Not only that, but hosts generally aren’t fond of changing their server configuration files per user requests.

Thankfully, the WordPress mod is quick and easy…and one I hadn’t heard of before now.

This topic was automatically closed after 30 days. New replies are no longer allowed.