WordFence locks out my server IP (?)

You may need to change “How does Wordfence get IPs” in your Wordfence options. This happens most often if the server is running a “reverse proxy,” so Wordfence needs to read the visitors’ IP addresses differently.

Details of the various options are explained here:
https://docs.wordfence.com/en/Wordfence_options#How_does_Wordfence_get_IPs

thanks WFMattR, I will look into that since it’s a bit of a disaster. I run a small hosting and ALL SITES (with WordFence) have added this to .htaccess :

#WFIPBLOCKS – Do not remove this line.
Order Deny,Allow
Deny from 72.9.148.171
#Do not remove this line.

Where 72.9.148.171 is obviously my server IP. This started to happen after we did several mods to the server including switching to Nginx and DSO with mod_ruid2, enabled KeepAlive and several other tweaks. I guess it’s gonna be easier to whitelist 72.9.148.171 in WordFence.

You should definitely change the “How does Wordfence get IPs” option to keep the sites protected — with Nginx set up this way, all of your visits will appear to come from the same IP, so if that IP is whitelisted, bad visits won’t be blocked.

You will need to choose the X-Forwarded-For or X-Real-IP option. If you are not sure which, you can find out by following these steps — you only need to do this once for the whole host, but will need need to change the “How does Wordfence get IPs” option on each site:

1. Go to your Wordfence Options, and near the bottom of the page, click on the link “Click to view your system’s configuration in a new window”

2. Scroll all the way to the bottom, to find the “PHP Variables” table

3. Look for the variables “_SERVER[‘X-FORWARDED-FOR’] and “_SERVER[‘X-REAL-IP’] — whichever one appears with your real IP address in it is the one you should choose in the Wordfence options

Got it, I am on it – thank you Matt!

Matt, I am looking at my system’s configuration in WordFence as per your instructions. I can see :
_SERVER[“HTTP_X_FORWARDED_FOR”] > 86.45.211.84
_SERVER[“HTTP_X_REAL_IP”] > 86.45.211.84

(it is a slightly different syntax than _SERVER[‘X…, which does not show in the list) but anyway, BOTH contain my real IP 86.45.211.84, so which option in How does Wordfence get IPs box should I choose???

I keep getting these messages:
A user with IP address 72.9.148.175 has been locked out from the signing in or using the password recovery form for the following reason: Used an invalid username ‘ahead-hosting.com’ to try to sign in.

where as said 72.9.148.175 is my website IP address. Sorry I am quite confused!!

Matt,
in WordFence system’s configuration window I have _SERVER[“HTTP_X_FORWARDED_FOR”] and _SERVER[“HTTP_X_REAL_IP”] (so not exactly the syntax as you suggest), anyway, BOTH contain my real IP 86.45.211.84, so what am I supposed to try in the ‘How does Wordfence get IPs’ box??

At the moment I’ve tried ‘Let Wordfence…’ and ‘Use PHP’s built in…’ and still get all these messages ‘A user with IP address 72.9.148.175 has been locked out.. blah blah’, where 72.9.148.175, as said, is my server Ip address.

Thanks much for your help!

Since both of them are set on your server, I would pick “X-Real-IP” option in Wordfence. (Sorry about the single quotes vs. double quotes above!)

Once it is done, you can confirm that it is working by viewing Wordfence’s “Live Traffic” page, and verifying that different IPs are appearing in the list. Even if you don’t have the live traffic view enabled, you should still see the “logins and logouts” tab.

X-Real-IP works! I went to Live Traffic and in fact all IPs were the same (I didn’t think of checking from there!), then I switched to X-Real-IP and in a few minutes the IPs were all different, as it should.
Thanks again!