How do I know Wordfence is working?

  • Resolved mountainguy2

    (@mountainguy2)


    9 years, 3 months ago

    I have a high traffic website that receives lots of bad bot traffic and attacks by hackers and spammers. I installed Wordfence a few days ago, and checked option “Participate in the Real-Time WordPress Security Network” as well as many other options.

    When I look at “Blocked IPs” it has remained blank for several days, it’s never shown anything.

    Is this normal? Can anyone tell me how to check actual performance of Wordfence? I turned on “Live Traffic” but what does that tell me other than the same information I can get by looking at my server stats?

    Thanks for any help. MTN

    https://www.ads-software.com/plugins/wordfence/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author WFMattR

    (@wfmattr)

    Blocks and lockouts expire after a short period of time by default, but you can increase the amount of time that an IP is blocked by adjusting “How long is an IP address blocked when it breaks a rule” and “Amount of time a user is locked out” (for the login security options) on the Wordfence options page.

    You can also enable alerts near the top of the options page, and should receive emails when an IP is blocked or locked out, if you have entered an email address in the Wordfence options. If you have the dashboard widget enabled, you can also see some statistics on the blocked IPs (by country, etc.) on the WordPress dashboard.

    The live traffic page breaks down traffic into tabs, based on how Wordfence sees the visits (including whether a visit is from a bot or appears to be a human visitor), and it separates events like logins and logouts as well.

    If it appears that nothing is being blocked still, your server may be running a reverse proxy with an private IP address — if you can verify on the Live Traffic page that your own IP address appears when you visit in a second browser (without logging in), that would show if there is a problem there.

    -Matt R

    Thread Starter mountainguy2

    (@mountainguy2)

    Thanks Matt, I increased the lock out and throttle times and indeed things are more obvious. Would be nice to have more information on recommended settings, however.

    Now I’m wondering, how can a person determine if the “Participate in the Real-Time WordPress Security Network” is actually doing anything?

    Thanks, MTN

    Plugin Author WFMattR

    (@wfmattr)

    We have a few sets of recommended settings you can choose by changing the “Security Level” on the Wordfence options page, which will set some of the options below. If you have custom settings, they will be replaced when you choose this option.

    The default of level 2 (medium) is generally recommended, but you can make your site’s options more strict, especially if you don’t have a lot of other users who need to log in. When you change any of the related settings, that box will just say “Custom settings”.

    I don’t think there is an easy way to see the blocks from the WordPress Security Network, but this may be added in a future version. If you’re familiar with your access logs, you can see by looking for HTTP 503 responses on wp-login.php, after a small number of 200’s. Normal lockouts will show a 200.

    -Matt R

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘How do I know Wordfence is working?’ is closed to new replies.