Wordfence blocked a Cloudflare IP (thrice now) from trying to log into my website with "admin" username

This copy/paste of the email says it all:

“A user with IP address has been locked out from signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 20. The last username they tried to sign in with was: ‘admin’.
The duration of the lockout is 4 hours.
User IP:
User hostname:
User location: Sydney, New South Wales, Australia”

There IS no registered “admin” user, no-one but me has login credentials and the website is not even live yet; yet I’ve had 3 lock-outs from Cloudflare IP addresses in the past week since I first signed up.

Chain of events: (All dates are AEST)

  • August 11th - I connect Cloudflare to my website.
  • August 12th - I get my first email (as above) with the IP address of
  • August 17th - (Today) I get the above email while typing the title of this topic, and another email from an hour ago (IP address which is the one that prompted me to seek support.

For other websites I’ve gotten login attempts from overseas trying the username “admin” but this website is the first one I’ve connected to Cloudflare, it’s been 3 times in 5 days, and the website isn’t even live, yet.

There are other measures I’ll take to add extra security outside of Cloudflare, but that’s not the point; I should’ve have to shore up weaknesses created by Cloudflare in the first place.

Hi @brendon,

It sounds like you haven’t configured Wordfence to get the real visitor IP from the CF-Connecting-IP header.


What weaknesses has Cloudflare created? Any WordPress site is going receive the attention of attackers. Heck, even non WordPress sites have bots poking around for wp-login and exploited holes in plugins and themes.


That might well be what I need to do; so how do I do it?

The link you shared just says that it can be done; not how to do it nor even where to find the setting that needs to be changed. The closest it gets is “be sure to work with their technical support staff and read their documentation to determine which configuration you’re using.”

So can you please link Cloudflare documentation telling me how to do it?

Thank you.

That’s not in Cloudflare. It’s in Wordfence → All Options (near the top)

And I’m still curious about these Weaknesses you say Cloudflare created.