Activity Detail blocked further explanation

  • Resolved Aaron

    (@aaron13100)


    1 year, 5 months ago

    Hello,

    I’m hoping to get more information on why certain users/IPs were blocked.

    I’ve noticed various requests to the wp-login.php page have been blocked on my site. Sometimes the reason is “blocked by login security setting” and sometimes it’s “blocked by the Wordfence Security Network.”

    As far as I can tell I don’t have any login security settings that would block someone from logging in, because I don’t see any such options on the Login Security Settings page.

    For the users “blocked by the Wordfence Security Network,” I just don’t know what this means.

    For example,

    Activity Detail
    North Bergen, New Jersey, United States was blocked by login security setting at /wp-login.php
    10/6/2023 2:11:07 PM (1 hour 5 mins ago)
    IP: xxxx Hostname: xxxx
    Human/Bot: Human
    Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:46.0) Gecko/20100101 Firefox/46.0

    So it says the person was human.

    Is there documentation somewhere on what “blocked by the Wordfence Security Network” means?
    Does “blocked by login security setting” mean it’s a setting on my site that caused the user to be blocked? If so, it would be great if I could know which setting exactly or which rule caused the user to be blocked.

    thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfmark

    (@wfmark)

    Hi @aaron13100 , thanks for reaching out.

    The “Blocked by Wordfence Security Network”  block reason means you have enabled the option Participate in the Real-Time Wordfence Security Network found in the Brute Force Protection section on the All Options page.

    Enabling this feature causes your site to share data with Wordfence about hack attempts anonymously. In return, your WordPress site receives the IP address information of hackers that are currently engaged in brute force hacking activity so that your site can immediately block those hackers before they are able to engage in a brute force attack on your site.

    https://www.wordfence.com/help/firewall/brute-force/#wordfence-security-network

    The “Blocked by login security” block reason is normally triggered by the setting Immediately block the IP of users who try to sign in as these usernames under Wordfence> All Options> Firewall options >  Brute Force Protection.

    Please review the settings above and let me know what you find.

    Thanks,

    Mark

    Thread Starter Aaron

    (@aaron13100)

    Thank you so much for your feedback. It’s very reassuring. Yes, I have those settings.

    • This reply was modified 1 year, 5 months ago by Aaron.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Activity Detail blocked further explanation’ is closed to new replies.