Hi @dcmovies, thanks for reaching out.
Wordfence uses various methods to detect if a visit should be classified as a bot or human. One of these methods includes a large list of IP blocklists, and another is detecting for human-like activity on your site with Javascript. However, these can identify a human as a bot if Javascript is off in the visitor’s browser (or script errors/conflicts/local settings are causing this not to load properly), or share part of a blocked IP range.
More precise human/bot detection ends up being fairly perfomance-intensive when run on the website itself and not critical to Wordfence’s use case. We want to know if bots/humans are behaving in a malicious manner, but just being a bot rather than a human isn’t something worth blocking in itself. This is why we don’t offer an option to block bots outright by default.
I hope that helps you out!
Thanks,
Peter.