A better solution would be to enable mod_cloudflare to pass the real user IP to your entire server, including in the logs. You can find info here: https://support.cloudflare.com/hc/en-us/sections/200038166-How-do-I-restore-original-visitor-IP-to-my-server-logs- . This way means you can keep your site behind CloudFlare and still get the true visitor IP's, including with lockouts. Also if you've not already, you should remove the direct.yoursite.com as it enables a hacker to easily bypass all of CloudFlares inbuilt security mechanisms.