LIVE VIEW questions
-
Hi
I recently installed your plugin and using the Live View to view potential hacks and failed logins and bots etc.
As there are quite a few things that show in here, I’m just needing to understand some of them, when a particular IP from another country shows that it tried to access a particular file …
Some say bot, some say other. Here is an example below.
domainname.com.au/wp-includes/simplepie/content/radio.php
14/12/2023 10:49:02 am (17 minutes ago)
IP:5.45.80.13Hostname: free.ispiria.net
Human/Bot:Bot
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36
This is in Russia
So does this mean that its a dodgy Bot trying to access particular file radio.php that may be there, OR they randomly target websites with this to see if it has been compromised?
Our client site had some files changed approx 1 month ago, we cleaned it completely up, and installed your plugin.
Your plugin has been very helpful in stopping these people and I’m just viewing it regularly now and BLOCKING IPs and IP ranges accordingly and putting them on PERMANENT block.
So just I have a few things to understand when watching the LIVE VIEW.
ALSO with some Bots that need to access the website to rank certain pages or products of an ecommerce store, HOW can I ensure I DON’T accidentally BLOCK an actual bot for rankings in google, compared to the OTHER type of BOT it says in the description which I assume are dodgy bots trying to access certain files in the backend?
Also the LIVE VIEW doesn’t show all the times and days throughout the day. Obviously I can’t have the website tab in the backend OPEN all the time in the backend. So if I’ve checked in the morning 10am and then left the tab open, but then go back later in the day at 8pm to that same tab, it will NOT show all transactions in between of potential threats etc.
I obviously want to see ALL potential threats etc and block certain IP’s that could be a problem, so we DON’t have the issue again for my client site.
Is there an issue with my LIVE VIEW, as I thought I should be able to go back and view from say 8pm and keep scrolling down to earlier in the day and view ALL in the LIve view at different times of the day.
Thanks
-
Hi @kristinubute, thanks for your message.
As I explained before, IPs frequently will randomly target websites to see if something can be exploited without any prior knowledge of the platform or plugins installed beforehand.
You don’t need to constantly keep an eye on the data as Wordfence is blocking the important traffic so you don’t have to. We generally consider a manual blocking regime time-consuming and unnecessary, but it’s good to check in with Live Traffic to stay generally informed.
Your question about legitimate bots is explained in my post here: https://www.ads-software.com/support/topic/viewing-live-view-and-understanding-the-breakdown/#post-17276745
Live Traffic shows “SECURITY ONLY” as default rather than “ALL TRAFFIC” as the amount of data held is significantly increased, but isn’t necessarily useful. For busy sites, there would be many successful page loads and other normal actions you don’t need to monitor to filter through. There’s no issue with yours by the sounds of things, but if you change it to “ALL TRAFFIC”, past data won’t be reflected, only traffic from that moment onwards. I don’t recommend you change this.
Your scans should keep you on top of any critical or high severity warnings. Avoiding potential reinfection of the site may also be down to admin ccount security and keeping plugins and WordPress itself up-to-date.
I urge you to thoroughly read our documentation and free learning center to become well-versed with the plugin and interpreting the data and settings you are curious about:
https://www.wordfence.com/help/
https://www.wordfence.com/learn/Thanks,
Peter.
- The topic ‘LIVE VIEW questions’ is closed to new replies.
