Wordfence blocking Cloudflare Traffic

  • Resolved slumbum

    (@slumbum)


    1 year, 6 months ago

    OK, I have a pretty big network that receives very little traffic. I use Cloudflare and Wordfence together. I’ve noticed the bulk of attacks to my WordPress network come from ip’s in the 172.70.* range and Wordfence is blocking them. But my question is this. I checked those IPs and they seem to be Cloudflares, so doesn’t that mean the non-malicious traffic and others are getting blocked if they access through those IPs? Is there something I’m failing to understand? Most of my malicious actors are attempting to login through login pages, wouldn’t it make sense to set up Wordfence so only my IP traffic accesses those pages? And is there a way to have my support team have access to logins without having to get their IPS. So, there are a couple of questions here.

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @slumbum, thanks for your detailed message.

    Ultimately, there are a few things sites running Cloudflare may need to consider when running Wordfence. The good news is that blocks seem to be triggering properly, but we want to make sure they’re blocking the right people/bots. Sometimes if your host or site IPs are detected as the source of a problem, legitimate visitors may also be blocked as well.

    You will most likely select “Use the Cloudflare “CF-Connecting-IP” HTTP header to get a visitor IP. Only use if you’re using Cloudflare.” in Wordfence > All Options > General Wordfence Options > How does Wordfence get IPs.

    You may also need to update your Cloudflare settings to allow your site to connect back to itself. You should be able to do this by going to your Cloudflare control panel. It’s worth checking all IPs associated with your server first (Find them at Wordfence > Tools > Diagnostics > IP(s) used by this server)

    • Login to Cloudflare
    • Go to “Firewall”
    • Click the “Firewall Rules” tab
    • Click “Create a Firewall rule”
    • Name the rule under “Rule Name”
    • Set the “Field” under “When incoming requests match…” to “IP Source Address”
    • Enter your site’s IP address(es) under “Value”
    • At the bottom, under “Then…Choose an action” change “Block” to “Allow”
    • Click “Deploy

    Sometimes also adding our IPs here too can help. For your convenience, all of our IPs can be found here: https://www.wordfence.com/help/advanced/#servers-and-ip-range

    Wordfence cares most about the intent of a malicious request and monitoring login pages only would require a blanket block of anybody without a fixed, unchanging IP. This often can’t be guaranteed. We find that hiding the login URL(s) are limited in its effectiveness, so you it would be best to secure accounts (like yourself and the support team) with 2FA to prevent the likelihood of any malicious actor succeeding.

    Thanks,
    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘Wordfence blocking Cloudflare Traffic’ is closed to new replies.