Stratosphere

Click on Wordfence on your left hand column.

Click on Firewall.

Click on Blocked IP’s.
That’s where you can manually enter a bad IP address Permanently.

Sorry here are some more instructions. Take it one step at a time.

https://docs.wordfence.com/en/Web_Application_Firewall_-_How_to_use_Learning_Mode

Sure, I am a fellow user, to protect your site you can put it in learning mode in the Firewall settings. This will allow it to adjust to any other plugins you have. You can run a Scan, to see if there is any malware, or bad files at any time. While in Learning Mode you are not protected at all. It is just a first step to engaging the plugin’s security features.

Once you’ve run a scan and all is well, then put the Firewall in Protect Mode.
These are basic instructions to get you started.

I’ve been using it for several months, its easy to use and has protected my site.

I’m just a user (free version) but I get hit with msn.bots all day long.
It could be someone using a Microsoft server, or a Microsoft signature.

I look at the page they are trying to access, and the host details.
If they are hitting “none-existent” pages I discourage that by blocking them.
I find they have old data, old URL’s that don’t exist I block them.
But I don’t need USA traffic anyways, depends on your needs.

Okay. What I did was to block user name test. You can do this in Options.
Just add in the words: admin, test, human, etc. Someone tried that with my site
and I blocked it. Just add in the names that the hackers try to use and save at the bottom.
Thanks for the tip – I have yet to try hiding the login but I am testing to see which ones are compatible with Wordfence.

You are very welcomed, just trying to help but seems you have a good handle on this. Best of Luck.

Good for you!
On the red X, if you click restore the original -it won’t change your site in the slightest, it simply restores the WP file(s) that are supposed to be there, from what was modfied.
Like I said, I had about 150 changes and blasted it for Wordfence to fix them and they were all fixed. No reinstalls needed of theme or anything else.
But you can wait for further instructions from the support here.
I have been using the free version for about one month, so far it runs adequately for my needs. I found it is the best security plugin and I’ve tried them all, in the past 8 years with WordPress sites. If I have to I will buy the Premium version.
Be vigilant, check the logs on your server, keep all plugins up to date, don’t use plugins that have NOT been updated in the past 6 months or are not supported.
Wordfence also works with Cloudflare if you need extra protection, but it needs to be configured properly.

I’m just another user here (free version only) when I first installed Wordfence and did my first scan I had about 150 warnings of changes to my WordPress files from the original WordPress files (yes Wordfence checks your files against what WordPress gave you).

I was shocked but I said hey if there are this many files I want them gone.
So I press fixed files which meant they’d be deleted. I was prepared for the worst. But the site was fine, it worked, it was up – it was the same.
It took several times at “Fix It” or Fix the file -with that many problems.

Before you do anything: BackUp Your Site. *** on an external location.

I would suggest CLICKING fix the file to HIDE your wp-config file because it is exposed to the public, therefore so is your id and password.

I would then change your password to a 18 or more character password, mine is about 30 characters. Reboot and clean your computer if any infection occurred clean your machine via a virus software. (many free are available)
I use Malwarebytes -works on both mac and pc and its free, very good to find any viruses on your computer

I would then do another scan to ensure no other problems exist.

Can I ask how you changed the wp-login URL -did you use a plugin and if so which one. I am having the same problem, they attack wp-login all the time, every day. I am using the free version also. Thanks.

Help please? Scans haven’t functioned since Jan 12th. Thanks Mark.

Join the club. I got nothing but bots and chasing them is a full time job I would rather not have to monitor.
I find Wordfence at least gives you the data to work with, wp-login is a national disgrace to protect, WordPress itself, had better think of a better alternative to logging in webmasters.
It seems 2 step verification -sending you a text message is very popular with yahoo, and other sites.

I got tons of bots from the USA and I am in Canada. If I could block the ENTIRE USA I would, but then I would block Google and that’s not good.
Wordfence is the best I’ve seen in 7 years of battling hackers.
Welcome to the world of hacking, it is everywhere, anytime at any place.

I have implemented all of the free version options, firewall, scans are done frequently as I can see. I physically monitor this site several times a day if not more.
This file was some how tampered:

wp-admin/includes/class-pclzip.php

Question was: how would they have introduced it to the servers?
and how they introduced more IP’s to my whitelist of my own IP address.

I also have in use another plugin which hardens WP
which is Shield WordPress Security plugin.
Thanks for any help from administrators of Wordfence.

Don’t you have to buy a SSL certificate with your domain registrar first? I think it’s an additional 11 bucks/a year.

Just Google:
geo locate IP address or map geo locate IP.

This gives you basic location ins is re-routed in some manner to appear to be coming from North America.

You’re very welcomed.