Hi
Just installed Wordfence on a WordPress 3.6.1 site, and I have found that none of the IP address settings correctly identify the public ip of visitors.
Our configuration is:
WP <--> Load Balancer <--> Internet <--> Proxy <--> Visitor
WordFence does pick up the X-FORWARDED-FOR HTTP header, which includes the public ip of the visitor, but uses the first IP in the list, which is the visitor's internal LAN IP address, not the public IP of their proxy.
Wordfence can't get the IP of clients and therefore can't operate. We received IP: . X-Forwarded-For was: 192.168.6.101, 37.59.2.42 REMOTE_ADDR was: 192.168.0.1 Report the following on the Wordfence forums and they may be able to help. Headers that may contain the client IP: REMOTE_HOST => 192.168.0.1 REMOTE_ADDR => 192.168.0.1 LOCAL_ADDR => 192.168.1.1 IIS_UrlRewriteModule => 7.1.0871.0 HTTP_X_FORWARDED_FOR => 192.168.0.1, 37.59.2.42
WordFence should look at the X-FORWARDED-FOR HTTP header and ignore private IP addresses, in the case about is should use: 37.59.2.42, but instead is getting: 192.168.0.1