I am revising some systems in my WordPress websites, and one of them is moving from WordFence protective plugin to Defender protective plugin. Yesterday, I suffered a major “attack” with Defender blocking many IP addresses. Today, I wanted to go back and clean up a little with some permanent IP blocks. To my surprise, I discovered that some of the blocked IP’s are CloudFlare IP addresses!
Is it normal for “Lockout occurred: Attempting to login with a banned username.” to be associated with a CF IP address?
Should I maintain the block or whitelist the IP?
I have used CF for many years, but this is a novelty for me.