I’m using Apache and someone is doing some bruteforce to XMLRPC Wordpress interface. When I checked the Apache Status I mostly see IPs from Cloudflare.
What’s the best way to get the real IP? I’ve read mod_cloudflare is not being maintaned anymores.
Best place to add custom Apache directives is here
WHM Home » Service Configuration » Apache Configuration » Include Editor » Post VirtualHost Include » All Versions