I am using All-in-one WP security plugin on my WordPress website that shows a list of logged-in users along with their IP addresses. So, I copied my IP address from that list to look it up on “who.is”, and found that this IP address belongs to Cloudflare, not my ISP provider.
So, I guess Cloudflare is masking my original IP address.
Now, there’s a hacker who is trying to log into my website. Every time he enters an incorrect password, I receive a notification from All-in-one security - that “someone has tried to log into my website and failed”.
But I can’t block that hacker by his IP address, because Cloudflare is masking his original IP address too.
So, how to turn off this feature of Cloudflare, so that I can see the hacker’s original IP address and block it?