Technical Details

Details about technical aspects of how Wordfence works.

In This ArticlePrivate IP Addresses

Private IP Addresses

A private IP address is one that can’t be used on the public Internet to provide a service to everyone else on the Internet. That means that you will never see packets arriving at your web server from these IP address ranges unless those packets originated on your internal network. Unless you are hosting your own web server, this “internal network” is something that is managed by your web host.

Wordfence gives special treatment to traffic arriving from private IP address ranges. We immediately whitelist that traffic because it is originating from your internal network and we don’t want to block anything on your internal network that is trying to access your site.

What this means is that if Wordfence sees traffic originating from an internal IP address (or private IP address) it will not enforce the usual security mechanism like cellphone sign-in, brute force protection and lockout and so on. Remember that it is not possible for a hacker to attack your site from one of these IP addresses or any IP within these ranges because routers on the public Internet are configured to drop any traffic from these address ranges immediately. Traffic from these ranges is non-routable on the public Internet.

The main reason we are publishing this document is to highlight the importance that you configure Wordfence correctly. Wordfence must receive the correct IP address for a visitor because if it is not configured correctly and thinks a visitor originates from a private IP address, it will not enforce security for that visitor. The option you need to make sure you have set correctly in Wordfence is: How does Wordfence get IPs

Wordfence considers the following IP address ranges private and automatically whitelists them. If you see any of these addresses appearing in Wordfence Live Traffic, then you are either getting real visits from your internal network (which is unusual) or you don’t have Wordfence configured correctly.

CIDR Address Range               N of Addresses       Scope
10.0.0.0/8 10.0.0.0 – 10.255.255.255 16,777,216 private network
Used for local communications within a private network as specified by RFC 1918.
127.0.0.0/8 127.0.0.0 – 127.255.255.255 16,777,216 host
Used for loopback addresses to the local host, as specified by RFC 990.
172.16.0.0/12 172.16.0.0 – 172.31.255.255 1,048,576 private network
Used for local communications within a private network as specified by RFC 1918
192.0.0.0/29 192.0.0.0 – 192.0.0.7 8 private network
Used for the DS-Lite transition mechanism as specified by RFC 6333
192.168.0.0/16 192.168.0.0 – 192.168.255.255 65,536 private network
Used for local communications within a private network as specified by RFC 1918.