Title: Collateral damage
Last modified: August 30, 2016

---

# Collateral damage

 *  Resolved [IvanRF](https://wordpress.org/support/users/ivanrf/)
 * (@ivanrf)
 * [10 years, 8 months ago](https://wordpress.org/support/topic/collateral-damage/)
 * Since yesterday, I’m getting several block alerts from login attempts. The thing
   is that every attempt come from a different IP (IP Address Spoofing Attacks).
 * When I installed Wordfence, I set in my options “Immediately lock out invalid
   usernames” and “Amount of time a user is locked out” -> **1 day**.
 * My question now is: if the attacker uses an IP and then a real user with the 
   same IP try to enter my site, what happens?? I guess the real user will be blocked
   too, right?
 * If I’m right, you should add this to [your documentation](http://docs.wordfence.com/en/Wordfence_options?utm_source=plugin&utm_medium=pluginUI&utm_campaign=docsIcon#Immediately_lock_out_invalid_usernames).
 * What’s the best approach here?
 * [https://wordpress.org/plugins/wordfence/](https://wordpress.org/plugins/wordfence/)

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Thread Starter [IvanRF](https://wordpress.org/support/users/ivanrf/)
 * (@ivanrf)
 * [10 years, 8 months ago](https://wordpress.org/support/topic/collateral-damage/#post-6514563)
 * OH, my mistake. I forgot that this only blocks IPs from login. So, it is not 
   as bad as I thought. 🙂
 * The question remains if a real user wants to **LOG** into a site from the same
   IP. However, this will be very unlikely.
 *  Plugin Author [WFMattR](https://wordpress.org/support/users/wfmattr/)
 * (@wfmattr)
 * [10 years, 8 months ago](https://wordpress.org/support/topic/collateral-damage/#post-6514627)
 * Most of the time, when you see a ton of different IPs getting locked out of your
   site, it is not actually spoofing anymore — they usually really are hacked sites(
   or individual PCs), or even unused IPs hijacked from their real owner, so there
   is very little chance of a real user’s IP actually showing up.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Collateral damage’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

## Tags

 * [spoofing](https://wordpress.org/support/topic-tag/spoofing/)

 * 2 replies
 * 2 participants
 * Last reply from: [WFMattR](https://wordpress.org/support/users/wfmattr/)
 * Last activity: [10 years, 8 months ago](https://wordpress.org/support/topic/collateral-damage/#post-6514627)
 * Status: resolved