Title: Wordfence & Amazon Last modified: September 21, 2020 --- # Wordfence & Amazon * Resolved [talis1](https://wordpress.org/support/users/talis1/) * (@talis1) * [5 years, 7 months ago](https://wordpress.org/support/topic/wordfence-amazon/) * Hi, Would wordfence firewall block amazon affiliate links? I know it blocked CJ affiliate links and I whitelisted the site. However, I have several AWS, which I cannot tell if its malicious or not or Amazon. I know there are several bots that crawl for price scans, so they may be that. The issue is that I definitely have a block for link conversion and I don’t know if its Wordfence. * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fwordfence-amazon%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 11 replies - 1 through 11 (of 11 total) * Plugin Support [WFAdam](https://wordpress.org/support/users/wfadam/) * (@wfadam) * [5 years, 7 months ago](https://wordpress.org/support/topic/wordfence-amazon/#post-13436303) * Hello [@talis1](https://wordpress.org/support/users/talis1/) and thanks for reaching out to us! * Something we can check is **Tools > Live Traffic **for a block. See if Wordfence is listing any blocks when you try to access these links. If you are seeing the blocks, you can whitelist these actions directly from Live Traffic. * If its bot related, you could also check on your Rate Limiting settings with regard to cawlers. * Let me know what you find! * Thanks! * Thread Starter [talis1](https://wordpress.org/support/users/talis1/) * (@talis1) * [5 years, 7 months ago](https://wordpress.org/support/topic/wordfence-amazon/#post-13436857) * hi, thank you for responding… I’m not a techie, so I’m including images of what I see. I’m not sure if its google bots or fake ones – [https://imgur.com/N2MN2zL](https://imgur.com/N2MN2zL) i see in **this image [https://imgur.com/U9HUs4U](https://imgur.com/U9HUs4U)** that its starts as a human, changes to a bot and back to human – same IP. The first time I visited my site and clicked on a link, my viewing session showed up as a bot, not human => [https://imgur.com/E7CkMbi](https://imgur.com/E7CkMbi) nothing shows up as being blocked by the firewall or blocked otherwise. * Plugin Support [WFAdam](https://wordpress.org/support/users/wfadam/) * (@wfadam) * [5 years, 7 months ago](https://wordpress.org/support/topic/wordfence-amazon/#post-13438508) * Thanks for posting these screenshots [@talis1](https://wordpress.org/support/users/talis1/) * It looks like these are google crawlers, which is normal from google. The fact that your IP is also showing as a google crawler though is what is weird. * Can you post a screenshot of your Rate Limiting Options as well. Navigate to ** All Options > Firewall Options > Rate Limiting**. * Also, can you send a diagnostic report to **wftest @ wordfence . com**? You can find the link to do so at the top of the **Wordfence Tools > Diagnostics** page. Then click on **“Send Report by Email”**. Please add your forum username where indicated and _respond here after you have sent it._ * Thanks in advance! * Thread Starter [talis1](https://wordpress.org/support/users/talis1/) * (@talis1) * [5 years, 7 months ago](https://wordpress.org/support/topic/wordfence-amazon/#post-13441314) * hi, this is the screenshot” [https://imgur.com/f8XyL3B](https://imgur.com/f8XyL3B) I also sent the report. thanks again, very appreciated! * Plugin Support [WFAdam](https://wordpress.org/support/users/wfadam/) * (@wfadam) * [5 years, 7 months ago](https://wordpress.org/support/topic/wordfence-amazon/#post-13443773) * Hello again [@talis1](https://wordpress.org/support/users/talis1/) * As a test, open your Live Traffic page in a tab, then open another tab and attempt to go to a test site such as `yourdomain.com/test1234`. Just make sure it’s not an actual existing page, so we can test to see how your Live traffic sees it. * Also, I looked into the google bots that are hitting your site and they are Adsense bots. [https://support.google.com/adsense/answer/99376](https://support.google.com/adsense/answer/99376) will help you better understand what they are doing. * Let me know what you find! * Thanks! * Thread Starter [talis1](https://wordpress.org/support/users/talis1/) * (@talis1) * [5 years, 7 months ago](https://wordpress.org/support/topic/wordfence-amazon/#post-13446304) * > [View post on imgur.com](https://imgur.com/FwkWUb9) * I’m wondering if there are other visitors that also show up as bots but they’re human? thanks, T * Plugin Support [WFAdam](https://wordpress.org/support/users/wfadam/) * (@wfadam) * [5 years, 7 months ago](https://wordpress.org/support/topic/wordfence-amazon/#post-13450956) * Detecting humans is less accurate than it used to be because of page caching now used at a lot of hosts, and possibly browser extensions (some can block the hit that confirms a full browser visit and not just a crawler). Page caching can store the hit ID that we normally use to tell visitors apart, so multiple visits are associated with a single hit, and some of their own hits may not be logged. * I see the header `X-LiteSpeed-Cache`: hit when visiting one of your pages, so that is likely interfering with identifying some hits as humans or bots. * In the first screenshot you sent, those look like real googlebots, since the hostname looked up by Wordfence from the IP is *.googlebot.com. * In the second screenshot, the two ajax calls in the middle happened right after the initial hit. When our script ran to validate that the first hit was human, only the first was re-labeled as a human, but the second two couldn’t be re-labeled.( Partly because they’re ajax and don’t trigger the human check, and partly they happened before the first human check finished.) * In his third screenshot, I don’t think that hit was you, since it has a rate- limited-proxy-*.google.com hostname. It’s likely you either hit a cached page( which won’t show up in Live Traffic at all since PHP & Wordfence don’t run), or had a login cookie that prevented his hit from being logged. * Let me know if this helps! * Thanks! * Thread Starter [talis1](https://wordpress.org/support/users/talis1/) * (@talis1) * [5 years, 7 months ago](https://wordpress.org/support/topic/wordfence-amazon/#post-13451491) * this definitely helps! thank you. I have a better understanding of how those bots work. i’ve uninstalled lightspeed, and should see a change. thanks for all your help. T * Thread Starter [talis1](https://wordpress.org/support/users/talis1/) * (@talis1) * [5 years, 7 months ago](https://wordpress.org/support/topic/wordfence-amazon/#post-13458359) * Hi, can you explain or is there an article that explains in non-techie terms, how to interpret “run who is” and determine which bot is legit? i see tons of bots from all over the world crawling my site, including countries shown as blocked due to trying to access my site. thanks. * Plugin Support [WFAdam](https://wordpress.org/support/users/wfadam/) * (@wfadam) * [5 years, 7 months ago](https://wordpress.org/support/topic/wordfence-amazon/#post-13458366) * If you visit [https://whois.domaintools.com/](https://whois.domaintools.com/) you can look up any IP to see where it is originating from. Bot hits on a site are completely normal in most cases. * You can limit the amount of traffic that attempts to hit your site with our Rate Limiting Rules on the Firewall Options page. This configures how crawlers and humans are treated. * I generally set my Rate Limiting Rules to these values to start with: - If anyone’s requests exceed – 240 per minute - If a crawler’s page views exceed – 120 per minute - If a crawler’s pages not found (404s) exceed – 60 per minute - If a human’s page views exceed – 120 per minute - If a human’s pages not found (404s) exceed – 60 per minute - How long is an IP address blocked when it breaks a rule – 30 minutes * I also always set the rule to **Throttle** instead of _Block_. Throttling is generally better than blocking because any good search engine understands what happened if it is mistakenly blocked and your site isn’t penalized because of it. Make sure and set your Rate Limiting Rules realistically and set the value for how long an IP is blocked to 30 minutes or so. * Remember there is no hard and fast, one size fits all set of rules for every site. This is just a good place to start. During an attack you may want to make those rules stricter. If you see visitors, like search engine crawlers getting blocked too often, you might want to loosen them up a little. * Hope this helps! * Thanks! * Thread Starter [talis1](https://wordpress.org/support/users/talis1/) * (@talis1) * [5 years, 7 months ago](https://wordpress.org/support/topic/wordfence-amazon/#post-13460220) * thank you! Viewing 11 replies - 1 through 11 (of 11 total) The topic ‘Wordfence & Amazon’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) ## Tags * [amazon](https://wordpress.org/support/topic-tag/amazon/) * 11 replies * 2 participants * Last reply from: [talis1](https://wordpress.org/support/users/talis1/) * Last activity: [5 years, 7 months ago](https://wordpress.org/support/topic/wordfence-amazon/#post-13460220) * Status: resolved