Top Nav

WordFence / CloudFront – Automatically Update Trusted Proxies

If you are using WordPress with CloudFront and WordFence then some extra configuration is required. WordFence does blocking based on IP address but it will fail to determine the correct IP address when you have CloudFront and an Elastic Load Balancer in front of the site. The work around is to setup a cronjob that updates the list of trusted proxies in WordFence.

  1. Login to WordPress admin and to to WordFence -> All Options. Under “How does Wordfence get IPs” select “Use the X-Forwarded-For HTTP header”.  Click “Save Changes”
  2. Add a cronjob using the script shown below to update the list of trusted proxies.

Here’s a simple script for the cronjob: