Hi @bluemi, thanks for getting in touch.
Increased attack rates aren’t a prompt to upgrade, the heightened activity mentioned could be occurring with the Premium version of the plugin installed too. Wordfence’s firewall (WAF) will often use its extensive database of vulnerabilities, “bad” IPs and signatures to make a block before they reach other settings like Rate Limiting, Brute Force, etc.
The “increased attack rate” emails are triggered by attacks that break WAF rules in the “Rules” list on the Firewall Options page, and the global IP blocklist.
I’m not sure whether you’re checking access logs for the server, or Wordfence’s Live Traffic page when you say, “IPs don’t even appear”. If you could provide an example screenshot or forward of the email to wftest @ wordfence . com that shows the Singapore IPs, we can take a look at whether they appear on our global blocklist. Make sure to mention your forum username in the subject so we can find it and respond here after you’ve sent it.
Thanks,
Peter.
