Technical Details

Details about technical aspects of how Wordfence works.

In This ArticlePrivate IP Addresses

Private IP Addresses

A private IP address is one that cannot be used on the public Internet to provide a service to everyone else on the Internet. That means that you will never see packets arriving at your web server from these IP address ranges unless those packets originated on your internal network. Unless you are hosting your own web server, this “internal network” is something that is managed by your web host.

Wordfence gives special treatment to traffic arriving from private IP address ranges. We immediately allow that traffic past certain rules because it is originating from your internal network, and we don’t want to block anything on your internal network that is trying to access your site.

What this means is that if Wordfence sees traffic originating from an internal IP address (or private IP address) it will not enforce the usual security mechanisms like two-factor authentication and brute force protection for example. Remember that it is not possible for a hacker to attack your site from one of these IP addresses within these ranges because routers on the public Internet are configured to drop any traffic from these address ranges immediately. Traffic from these ranges is non-routable on the public Internet.

The main reason we are publishing this document is to highlight the importance that you configure Wordfence correctly. Wordfence must receive the correct IP address for a site visitor because if it is not configured correctly and determines a visitor originates from a private IP address, it will not enforce security for that visitor. The option you need to make sure you have set correctly in Wordfence is How does Wordfence get IPs.

Wordfence considers the following IP address ranges private and automatically allows them past certain rules. If you see any of these addresses appearing on the Wordfence “Tools” > “Live Traffic” page feed, then you are either getting real visits from your internal network (which is unusual) or you do not have Wordfence configured correctly.

CIDR Address Range N of Addresses Scope
10.0.0.0/8 10.0.0.0 – 10.255.255.255 16,777,216 private network
Used for local communications within a private network as specified by RFC 1918.
127.0.0.0/8 127.0.0.0 – 127.255.255.255 16,777,216 host
Used for loopback addresses to the local host, as specified by RFC 990.
172.16.0.0/12 172.16.0.0 – 172.31.255.255 1,048,576 private network
Used for local communications within a private network as specified by RFC 1918
192.0.0.0/29 192.0.0.0 – 192.0.0.7 8 private network
Used for the DS-Lite transition mechanism as specified by RFC 6333
192.168.0.0/16 192.168.0.0 – 192.168.255.255 65,536 private network
Used for local communications within a private network as specified by RFC 1918.