I am revising some systems in my WordPress websites, and one of them is moving from WordFence protective plugin to Defender protective plugin. Yesterday, I suffered a major “attack” with Defender blocking many IP addresses. Today, I wanted to go back and clean up a little with some permanent IP blocks. To my surprise, I discovered that some of the blocked IP’s are Cloudflare IP addresses!
Is it normal for “Lockout occurred: Attempting to login with a banned username.” to be associated with a CF IP address?
Should I maintain the block or whitelist the IP?
I have used CF for many years, but this is a novelty for me.
No laughs! I am probably more ignorant with CF than you are with WP. I have not been restoring the visitors’ IP’s because with WordFence and the security plugin I used before that, it apparently was done automatically by the plugin. I just saw “normal” IP addresses. With the Defender plugin, apparently that is NOT the case, so I will load up mod_Cloudflare and see if that does the trick.