Back to Community
Home / Community / PluginWordfence security

Why Wordfence Shows the Wrong IP Address and How to Fix It

38 threads Sep 16, 2025 PluginWordfence security

Content

One of the most common issues WordPress administrators face with the Wordfence Security plugin is incorrect IP address detection. Instead of seeing the real IP addresses of your visitors, you might see IPs from your Content Delivery Network (CDN), your hosting provider, or even your own server. This can lead to inaccurate blocking, failed login attempts from legitimate users, and skewed traffic data.

This guide will explain why this happens and walk you through the most effective solutions to get Wordfence displaying the correct visitor IPs.

Why Does Wordfence Show the Wrong IP?

Wordfence, like any web application, relies on information provided by your server to identify a visitor's IP address. When your site sits behind a proxy service—such as a CDN (like Cloudflare, QUIC.Cloud, or Azure Front Door), a load balancer (like Google Cloud Load Balancer), or a reverse proxy—the server often receives the IP address of that service instead of the original visitor.

For example, if you use Cloudflare, your server and Wordfence might only see Cloudflare's IP addresses in the REMOTE_ADDR server variable. The actual visitor's IP is typically passed along in a separate HTTP header, such as CF-Connecting-IP or X-Forwarded-For. Wordfence needs to be configured to look for the IP in the correct header.

How to Correctly Configure IP Detection in Wordfence

Fixing IP detection is usually a matter of telling Wordfence where to find the real IP address. Follow these steps.

Step 1: Determine Your Real IP Address

First, you need a baseline. Visit a site like WhatsMyIP.org from the device you use to administer your site. Take note of the IP address it shows you; this is your true public IP.

Step 2: Check Wordfence's IP Detection Settings

  1. Navigate to Wordfence > All Options > General Wordfence Options.
  2. Find the section titled "How does Wordfence get IPs".
  3. Just below the dropdown menu, Wordfence displays a line that says "Detected IP(s) and country" with the IP it currently sees.
  4. Try each option in the dropdown menu one by one, refreshing the page after each change. The options are:
    • Use the X-Forwarded-For HTTP header.
    • Use the X-Real-IP HTTP header.
    • Use the Cloudflare "CF-Connecting-IP" HTTP header. (Only use this if you are using Cloudflare)
  5. After selecting each option, check the "Detected IP(s)" line. Your goal is to find the setting where the IP shown matches the real IP you noted from WhatsMyIP.org.

If one of these settings works, you're done! This is the most straightforward fix.

Step 3: Configure Trusted Proxies (If Necessary)

Sometimes, simply selecting a header isn't enough. If your proxy service sends multiple IP addresses in the X-Forwarded-For header, Wordfence might still pick the wrong one. This is where the "Trusted Proxies" setting comes in.

In the same General Wordfence Options section, scroll down to "Define trusted proxies".

  • Here, you can enter the IP addresses or ranges of your proxy service (e.g., your CDN's IPs or your server's internal network range).
  • By telling Wordfence which IPs belong to trusted proxies, it knows to ignore them and take the next IP in the chain, which should be the visitor's real IP.
  • Many popular services have presets. Look for the "Trusted Proxy Preset" dropdown menu—if your service (like QUIC.Cloud) is listed, selecting it can automatically populate this field for you.

Example: If your server's internal IP is 10.110.19.84 and your CDN uses the range 100.64.0.0/16, you would add both to the trusted proxies list: 10.110.19.84, 100.64.0.0/16.

What If It Still Doesn't Work?

If you have tried all detection methods and configured trusted proxies but Wordfence still cannot detect the correct IP, the issue may be at the server level.

  • The required HTTP header containing the real visitor IP (like X-Forwarded-For) might not be being passed to WordPress by your host or proxy configuration.
  • In this case, you will likely need to contact your hosting provider's support or your CDN's support and ask them to ensure the original visitor's IP address is being passed through to the origin server.

Important Considerations

  • Whitelisting: If your own IP is being blocked after making these changes, ensure it is correctly whitelisted in Wordfence > Firewall > Advanced Firewall Options > Allowlisted IP addresses. First, confirm Wordfence is detecting your IP correctly.
  • Don't Bypass All Rules: Avoid adding your IP to the "Allowlisted IP addresses that bypass all rules" list unless absolutely necessary, as this disables all Wordfence protection for that IP, creating a security risk.
  • Plugin Conflicts: In some cases, installing an official plugin for your service (like the Cloudflare plugin) can help resolve IP detection issues automatically.

Correctly configuring IP detection is crucial for Wordfence to function properly. By following these steps, you can ensure your firewall is blocking the right bad actors and allowing the right visitors.

Related Support Threads Support