I’ve had 2 fake Google crawler alerts on a new website that is served via CloudFlare.

I find it hard to believe that CloudFlare are generating this kind of fake access, but that is not the real issue. There are 3 related problems:

1) Fake Google crawler alerts are not included in the admin alert email, so the only way I know about them is if I check the blocked IP screen in Wordfence (or now, the new Dashboard Widget).

2) I want to whitelist the CloudFlare servers, but the process is very tedious. For example, I have an alert for 173.245.50.148, and the whois lookup tells me this is part of a range: 173.245.48.0 – 173.245.63.255. That range should be referred to as 173.245.48.0/20, but Wordfence will not accept it as a valid range, so the only alternative is to add separate ranges for 173.245.48.[0-255],173.245.49.[0-255] etc, which is very time-consuming.

3) A minor point, but blocked IPs remain on the new dashboard after being unblocked.

Sorry to sound as if I’m moaning, but if you could address these issues in an upcoming release, or suggest a workround, I’d be very grateful.

https://wordpress.org/plugins/wordfence/