Hi @newoabp
In (Wordfence > Firewall > Rate Limiting > Brute Force Protection) you must have “Participate in the Real-Time WordPress Security Network” option enabled, so that some IPs that are currently engaged in brute force hacking activity will be blocked immediately before they are able to engage in a brute force attack on your site, I’m not sure about why it takes time to block these requests on your site, is this “two visits” is permanent? or this just happened once? any screenshots?
– Yes, you can use any 2FA plugin you want, but since these plugins are using their custom login functions, sometimes the exact login attempts counts/data aren’t recorded or seen correctly in Wordfence Live Traffic feed.
Thanks.
I checked this for you and the reason for that is Wordfence security network blocks the login attempt itself, not a regular visit to the login page which seems to be the case in these two entries appearing in the screenshot, only that one which was blocked by Wordfence security network is the login attempt.
Thanks.
