Increased Attack Rate

Hi @dasher0074, thanks for getting in touch.

You shouldn’t necessarily worry as Wordfence is handling these blocks by the looks of things, but it’s alerting you to the fact that your site has had a large increase in attacks that may require further attention if they persist. The plugin does all of the important blocking for you to avoid implementing a manual blocking regime – which can be time consuming to keep up with current IP ranges etc.

However, I also understand that if your site is being hit quite hard or often by the same IP, you might want to try stopping that. As you already know the IP, you could copy or manually type it into the Wordfence > Blocking page under “Block Type: IP Address” when alerted in this way.

Seeing this alert might also just prompt you to double-check your Rate Limiting Rules on the Firewall Options page. This configures how crawlers and humans are treated.

I generally set my Rate Limiting Rules to these values to start with:
Rate Limiting Screenshot

• If anyone’s requests exceed – 240 per minute
• If a crawler’s page views exceed – 120 per minute
• If a crawler’s pages not found (404s) exceed – 60 per minute
• If a human’s page views exceed – 120 per minute
• If a human’s pages not found (404s) exceed – 60 per minute
• How long is an IP address blocked when it breaks a rule – 30 minutes

I also always set the rule to Throttle instead of Block. Throttling is generally better than blocking because any good search engine understands what happened if it is mistakenly blocked and your site isn’t penalized because of it. Make sure and set your Rate Limiting Rules realistically and set the value for how long an IP is blocked to 30 minutes or so.

With Brute Force settings, I recommend trying 3-5 for attempts and password resets, counted over 4 hours, with a 30 minute (or longer) lockout time period.

Remember there is no hard and fast, one size fits all set of rules for every site. This is just a good place to start. During an attack you may want to make those rules even stricter. If you see visitors, like search engine crawlers getting blocked too often, you might want to loosen them up a little.

Here is a video guide to Rate Limiting as well: Rate Limiting Guide

I hope that helps you out!
Peter.

No worries @dasher0074, always happy to help out.

As Wordfence is an endpoint firewall, it catches, restricts and blocks users before the point your site tries to host content to them (when optimized) but cannot stop them attempting to access your site. Restrictions from the server’s end are possible to block IPs before PHP runs, if your host offers them.

Thanks again,
Peter.