The plugin is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force protection, and more).
Set HTTP_X_REAL_IP or HTTP_X_FORWARDED_FOR used in get_user_ip_address() to bypass IP-based blocks.