Was this login from a CloudFlare ip?

I just setup Wordfence on a blog and later that day got a security warning that one of our admins had logged in from Seattle at ip 108.162.246.9, this editor lives in Asia and was not using a VPN. I checked the CF its page and didnt see that exact ip listed but there is one that is close to it. Is it a CF ip and if so how did this happen?

That IP address is part of the block 108.162.192.0/18 which is owned by Cloudflare. This IP shows up because Cloudflare acts as a reverse proxy, so all requests to your server will show up with Cloudflare IPs instead of the visitor’s actual IP address.

You can restore the visitor’s IP address on your server so that your security plugin receives the correct IP address by using either the Cf-Connecting-Ip header or X-Forwarded-For. Detailed instructions for fixing this:

https://support.cloudflare.com/hc/en-us/sections/200805497-Restoring-Visitor-IPs

1 Like

OK I see, thank you

Since you mention Wordfence, in the setup, is it correctly identifying your IP address? Its Wordfence Options has a General Wordfence Options section with a setting and a test.

But as @judge says, your server should be configured to log visitor IP address using those two headers. Wordfence does this on its own for more effective blocking…if it’s configured as I mentioned above.

1 Like

Make sure Wordfence settings is set for Cloudflare.

Or, use below code in the wp-config.php

/** Correct IP in case of Cloudflare **/
if(array_key_exists('HTTP_CF_CONNECTING_IP', $_SERVER)){ 
	$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP']; 
}
1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.