This documentation is only valid for older versions of Wordfence. If you are using Wordfence 7 or later, please visit our.
How Wordfence handles Private Addresses
A private IP address is one that can't be used on the public Internet to provide a service to everyone else on the Internet. That means that you will never see packets arriving at your web server from these IP address ranges unless those packets originated on your internal network.
Wordfence gives special treatment to traffic arriving from private IP address ranges. We immediately whitelist that traffic because it is originating from your internal network and we don't want to block anything on your internal network that is trying to access your site.
What this means is that if Wordfence sees traffic originating from an internal IP address (or private IP address) it will not enforce the usual security mechanism like cellphone sign-in, brute force protection and lockout and so on. Remember that it is not possible for a hacker to attack your site from one of these IP addresses or any IP within these ranges because routers on the public Internet are configured to drop any traffic from these address ranges immediately. Traffic from these ranges is non-routable on the public Internet.
The main reason we are publishing this document is to highlight the importance that you configure Wordfence correctly. Wordfence must receive the correct IP address for a visitor because if it is not configured correctly and thinks a visitor originates from a private IP address, it will not enforce security for that visitor. The option you need to make sure you have set correctly in Wordfence is: How does Wordfence get IPs
Wordfence considers the following IP address ranges private and automatically whitelists them. If you see any of these addresses appearing in Wordfence Live Traffic, then you are either getting real visits from your internal network (which is unusual) or you don't have Wordfence configured correctly.
Private IPv4 addresses
|CIDR||Address Range||Number of Addresses||Scope||Purpose|
|16,777,216||private network||Used for local communications within a private network as specified by RFC 1918.|
|16,777,216||host||Used for loopback addresses to the local host, as specified by RFC 990.|
|1,048,576||private network||Used for local communications within a private network as specified by RFC 1918|
|8||private network||Used for the DS-Lite transition mechanism as specified by RFC 6333|
|65,536||private network||Used for local communications within a private network as specified by RFC 1918.|