Website occasionally showing "You are Banned" to users and to me as well




I am new to both website development and Cloudflare and this is my first post, so please bare with me if I miss out something here. I am using Cloudflare with my Woocommerce website.
This has been brought to my notice by my customers that they are not able to access the website as it shows “You are Banned”, and when I tried at the same time to access the site, it showed me the same response.

I checked with my Hosting provider and they said it has to do with Cloudflare since they don’t have such custom messages from the server end.
Wondering if anyone has ever faced anything like this or could be help me out with this. Will really appreciate.
Thanks in advance!


Hey there. Welcome to the community! :smiley: Thanks for providing that screenshot and some details about your site.

Are you willing to provide the URL so some can take a closer look at what might be causing this?


Thanks for your prompt reply Andy.


No problem and thanks. There’s not much to look at obviously, but I checked out the source and this message appears to be being generated by a Wordpress plugin (perhaps wp-ban), do you have that plugin installed, or another IP banning plugin?


Yes, I do since I have been facing DNOS or other Phishing attacks on the website.
But I checked the IP list and my IP is not on that list and more than 90% of the IP’s on it are from Germay, Ukraine and other such countries, not from India.


Ok, thanks for confirming that. I haven’t used WP-Ban before so I’m not too familiar with it. Is there a whitelist option? It’s possible it may be inadvertently banning part/all of the Cloudflare IP range. Have you tried disabling this plugin and checking your site for verification, or are you completely locked out of the Wordpress admin at this point?


Hi Andy,

No I’m not getting blocked out of Admin but when I open it as a user (Incognito Mode) then it shows me as blocked. Also, this is happening occasionally not every time but pretty much every day for some time. Like while writing this I checked and it is showing me as Banned whereas few hours back I was able to access the website and then few hours back when I wrote it was showing me banned. I’ll disable this plugin and will use a different plugin for now to see if that helps.


I’m going to take a guess that your site/server is not getting the Original Visitor IP address. Since Cloudflare is a reverse proxy, your server is going to see Cloudflare IP addresses as the visitors to your site, so it’ll ban these IP addresses, thinking it’s the actual visitor address. I could be wrong, as I’m not sure of WP-Ban’s mechanism.

Since you’re running WordPress, I’m a big fan of Wordfence. It’s quite good at blocking attacks against WordPress.


I changed the plugin and so far it has been working fine. I’m hoping this fixes the issue.
Thank you everyone!