Misconfigured How does Wordfence get IPs notice

From Wordfence Documentation
Jump to: navigation, search

About the message "Your 'How does Wordfence get IPs' setting is misconfigured"

When Wordfence detects that your site is behind a "reverse proxy", you may need to adjust the option How does Wordfence get IPs on the options page, or by clicking the link in the admin notice that warns you about the issue.

This includes the following message, followed by a recommendation:

Your 'How does Wordfence get IPs' setting is misconfigured


Solution: You can click the link in the message to apply the recommended setting, or you can adjust the setting manually.

Note: This proxy detection feature was introduced in December 2016 with version 6.2.7. This message would not have been displayed in previous versions of Wordfence.


Additional Options

If you do not want this scan to run, this can be disabled on the options page at Scan for misconfigured How does Wordfence get IPs. Wordfence also runs this check upon activation, to ensure that your settings are correct.

For advanced users, there are two constants that can be set to control this feature. (See Wordfence constants for advanced configuration: WORDFENCE_DISABLE_MISCONFIGURED_HOWGETIPS and WORDFENCE_CHECKHOWGETIPS_TIMEOUT.)

If you have dismissed the admin notice about this option being misconfigured, it can reappear when a new version of Wordfence is installed, to be sure you are aware of the issue. If you do not want the admin notice to reappear, you can use the constant above to disable the notice permanently.


Sites that are not publicly reachable and sites that block the test request

If your site cannot be reached from our servers, you may see the message:

Unable to accurately detect IPs

Wordfence was unable to validate a test request to your website. This can happen if your website is behind a proxy that does not use one of the standard ways to convey the IP of the request or it is unreachable publicly. IP blocking and live traffic information may not be accurate.


On sites where the detection cannot be completed, you can configure this manually using the option How does Wordfence get IPs on the Wordfence options page. You can check which headers contain your IP on the Diagnostics page on the Wordfence Tools menu.

This can also occur on sites installed locally that are not accessible from the internet. On local installations, the message can be safely ignored, since there will be no outside visitors to the site.

If your site is publicly accessible over the internet and you still received this message, there are a few things you can check:

  • Run a scan manually. If there was a temporary problem connecting to your site, this may clear the message.
  • Make sure you are not blocking any IPs in Wordfence's IP range. See Servers and IP Range.
  • If possible, try disabling other plugins and switching to a standard theme like "twentyfifteen", and run the scan again. This isn't a permanent fix, but can narrow down the cause.
  • Check your site's error logs. It's possible that a conflict with another plugin prevented the test from working.
  • If you are familiar with searching access logs, check if you see a URL containing detectProxy in the log around the time the scan began. If so, check to be sure it received a '200' response from the server.

If you still have issues you can try deactivating the plugin and reactivating it which has worked for a few customers.