Hi @by-blickwinkel, thanks for getting in touch. Our forums
Our forum guidelines do request that an additional “bump” type response to an original ticket can flag an existing topic, so you were absolutely correct to do that. We only cover the forums during office hours Monday to Friday so there is sometimes a chance with the quantity of topics and our availability with other customers, there will be a little wait time.
It can be odd to be targeted by these type of attempts, especially as there’s no usual pattern regarding site popularity, search engine visibility or those kinds of factors. It could be worth reading our take on this: https://www.wordfence.com/blog/2018/03/ask-wordfence-why-is-an-insignificant-site-like-mine-being-attacked/
Wordfence, as an endpoint firewall cannot stop a bot or human from trying to visit your website altogether, but rather deal with the visits appropriately based on your settings when they happen. If you’re noticing many of these are spam registration and/or signin attempts, having reCAPTCHA enabled in Wordfence > Login Security > Settings should dramatically reduce amount of successful form submission attempts. This is far less intrusive with v3 than in past versions so there aren’t any puzzles or checkboxes to comply with.
My general advice is that Wordfence does all of the important blocking for you automatically so you don’t have to implement a manual blocking regime – which can be time consuming. However, if you wish to make your brute force or rate limiting rules a little stricter so that they can’t retry as frequently, you might find the following links useful to learn some more:
https://www.wordfence.com/help/firewall/brute-force/
https://www.wordfence.com/help/firewall/rate-limiting/
Let me know how you get on!
Thanks,
Peter.
