Title: Non Brute Force Attacks Last modified: May 9, 2019 --- # Non Brute Force Attacks * Resolved [tommarino](https://wordpress.org/support/users/tommarino/) * (@tommarino) * [7 years ago](https://wordpress.org/support/topic/non-brute-force-attacks/) * Hello, I have brute force attacks, invalid passwords, etc set to block for a period of time. However when there are other types of attempts, ie. cross scripting or directory traversal, they are being blocked, but the IP is not. THus they are just pounding my site repeatedly. * Is there a setting I’m missing to auto block IPs when this type of activity is detected? * Thank you! Viewing 4 replies - 1 through 4 (of 4 total) * [WFGerroald](https://wordpress.org/support/users/wfgerald/) * (@wfgerald) * [7 years ago](https://wordpress.org/support/topic/non-brute-force-attacks/#post-11515346) * Hey [@tommarino](https://wordpress.org/support/users/tommarino/), * These are two different types of attacks. The brute force attacks are being blocked and locked out of the site by the Wordfence plugin. But XSS, SQL injection attacks and other this are being blocked by the Firewall. The requests are being blocked, not the IPs and this is done by the Firewall. There’s only so much we can do to prevent attacks, it’s more about making sure they aren’t successful, which it sounds like Wordfence is doing. Usually, after X amount of time with being unsuccessful, they’ll move on. * I hope this helps. * Thanks, * Gerroald * [CamZL1](https://wordpress.org/support/users/danishhaidri/) * (@danishhaidri) * [7 years ago](https://wordpress.org/support/topic/non-brute-force-attacks/#post-11515418) * Hi Gerroald, Staying on the same topic, how do we know that the attack is taking place? I am on the Live Traffic section and see BOT activities from Google, FB, Bing …. but how can I tell which is an attack and which is friendly? * [wfdave](https://wordpress.org/support/users/wfdave/) * (@wfdave) * [7 years ago](https://wordpress.org/support/topic/non-brute-force-attacks/#post-11516203) * Hi [@danishhaidri](https://wordpress.org/support/users/danishhaidri/), * What is your setting for `How long is an IP address blocked when it breaks a rule`? * If it’s a low value such as `1 hour`, then when someone breaks the cross scripting or directory traversal rule, they will only be blocked for 1 hour. * When someone breaks brute force rules -> they are blocked from logging in for` Amount of time a user is locked out` * When someone breaks firewall rules -> they are blocked from accessing the site for `How long is an IP address blocked when it breaks a rule` * For example: [https://i.imgur.com/MPtI5Ut.png](https://i.imgur.com/MPtI5Ut.png) * Dave * Thread Starter [tommarino](https://wordpress.org/support/users/tommarino/) * (@tommarino) * [7 years ago](https://wordpress.org/support/topic/non-brute-force-attacks/#post-11523574) * [@wfgerald](https://wordpress.org/support/users/wfgerald/) I think this would be a useful feature. If someone is attempting a XXS or SQL injection and the firewall is blocking it, I can’t imagine there isn’t a programmatic reason why Wordfence couldn’t add that IP to the block list. * Thank you for your response. Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Non Brute Force Attacks’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) ## Tags * [IP blocking](https://wordpress.org/support/topic-tag/ip-blocking/) * 4 replies * 4 participants * Last reply from: [tommarino](https://wordpress.org/support/users/tommarino/) * Last activity: [7 years ago](https://wordpress.org/support/topic/non-brute-force-attacks/#post-11523574) * Status: resolved