The Access Key plugin lets you whitelist trusted IP addresses so those visitors reach the administrator area without entering the access key. To keep this secure, the plugin only trusts the real connection IP address by default. Forwarded headers such as X-Forwarded-For are ignored, because any visitor can set them and could otherwise pretend to come from a whitelisted IP and bypass your access key.

If your site sits behind a reverse proxy, CDN, or load balancer, the real visitor IP arrives in a forwarded header instead of the direct connection. In that setup the whitelist will not match until you tell Joomla to trust your proxy. Enable Behind Load Balancer under System → Global Configuration → Server tab. Once enabled, the plugin honours the forwarded IP again and your whitelist works as expected.

Only turn this on if your site is genuinely behind a trusted proxy. Enabling it without one would let visitors spoof their IP address.