Using the setting for webb accelerators in front of wordpress (i.e. the IP adress is in X-ForwardedFor header) someone has figured out the real IP for th server and is trying to hack it. However, the setting to block the users IP after 10 failed attempts never succeeds since the IP header field in that case is empty. I get 2000 emails every morning telling me that an empty IP has been blocked (the guy probabl made 20 000 attempts).
Could wordfence fall back and use the client ip header if the x-forwarded-for header is empty? Or even try the other IP headers that might be set? I Think this is a security issue since it makes it possible to bypass the wordfence features...