errorWordfence•securityfirewallcloudcloudflareblockIP blockpersonadmin•star_halfUncommon•warningModerate

Wordfence blocked legitimate admin IP after Cloudflare IP changes

Wordfence reads the Cloudflare edge address instead of the real client address. The plugin does not receive the CF-Connecting-IP header or the header is not enabled, so it logs the edge IP as the visitor. When Cloudflare rotates its edge pool, the new address may already exist on Wordfence’s block list. A surge of failed logins from bots pushes the edge IP over the login‑failure limit, resulting in a permanent lockout.

The mismatch between the true client IP and the recorded Cloudflare IP causes Wordfence to treat legitimate admin traffic as malicious. The lockout appears as a 403 or 401 response on the login page and triggers email alerts from Wordfence.

Symptoms

[dashicons-warning]

Lockout message on login

You see “Your IP has been locked out” when trying to sign in.

[dashicons-email]

Email alert from Wordfence

Wordfence sends a notification that the admin IP was blocked.

[dashicons-no]

403/401 response for /wp‑admin

Access to the admin dashboard returns a forbidden or unauthorized status.

[dashicons-admin-tools]

Live‑traffic shows blocked Cloudflare IP

Wordfence live traffic lists the Cloudflare edge IP under Blocked with a rate‑limit reason.

Common Causes

Visitor‑IP mis‑identification

Wordfence reads the Cloudflare edge IP because the CF‑Connecting‑IP header is not passed or enabled.

Cloudflare IP range rotation

New edge IPs appear in the firewall and may already be on Wordfence’s block list.

Rate‑limit lockout

A burst of failed logins from bots exceeds the maximum login failures threshold.

Trusted Proxies list outdated

Wordfence does not recognize the current Cloudflare proxy IPs as trusted.

Need this fixed right now?

Don't waste your day debugging. Our experts can Fix your issues in under 2 hours.*

Success Rate

100% Guaranteed

Starting from

$35 /hour

99+

Trusted by Business Owners

“I spent 3 days trying to fix the Elementor loading loop. These guys fixed it in 20 minutes. Lifesavers!”

— Sarah J., Web Designer

Related Issues

Contact Form 7: REST API request failed: 503 Service Unavailable

A 503 Service Unavailable response stops Contact Form 7 from sending data...

apiREST APIerror503descriptioncontact-form-7

Contact Form 7: REST API request failed: 429 Too Many Requests

The form tries to send data through the WordPress REST API. The...

apiREST APIerrorerrorsecurityfirewalldescriptioncontact-form-7settingsserver_configuration

Contact Form 7: REST API request failed: 401 Unauthorized

The form tries to send data via the WordPress REST API. The...

apiREST APIadmin_panel_settingspermissionsdescriptioncontact-form-7lock401

Contact Form 7: File upload error: temporary directory missing

The error appears when Contact Form 7 cannot locate a writable temporary...

codePHPcloud_offupload erroradmin_panel_settingspermissionsdescriptiontemporary filedescriptioncontact-form-7

Contact Form 7: Mail (2) sending failed: PHP mail() function disabled

Contact Form 7 reports a failure for Mail (2) when the PHP...

codePHPerrorerrordescriptioncontact-form-7mailMailsettingsserver_configuration

Contact Form 7: Mail (2) sending failed: SSL certificate verification failed

Contact Form 7 reports a failure when trying to send the secondary...

errorerrorlocksslcodecURLdescriptioncontact-form-7