Wordfence – BOTS

Viewing 7 replies - 1 through 7 (of 7 total)
  • Thread Starter hodamohamed7786

    (@hodamohamed7786)

    Note: our site frontend is react and use wp apis

    Plugin Support wfpeter

    (@wfpeter)

    Hi @hodamohamed7786, thanks for your question.

    Unfortunately, since the topic highlighted above, I’d say that in general humans and bots are becoming more difficult to differentiate.

    Wordfence does still try based on how the IP was interacting with the site before a request was made. Much of this decision is made using Javascript on the WordPress front-end, so your configuration using React may not be running this.

    The good news is that Wordfence now places more importance on the intent of a request rather than whether it thinks a bot or human made that request. Naturally targeting specific paths/plugins, or certain values passed during a POST/GET indicate malicious intent much more accurately.

    Many thanks,
    Peter.

    Thread Starter hodamohamed7786

    (@hodamohamed7786)

    Hi Peter,
    Can you provide which parameter we can sent in post & get request to prevent the wrong detection between human & bots

    Plugin Support wfpeter

    (@wfpeter)

    Hi @hodamohamed7786,

    When I spoke of POST/GET, I was referring to something a malicious actor may do to target a specific vulnerability in a WordPress plugin – which Wordfence will check regardless. I’ve spoken to the development team briefly about your circumstances.

    We conditionally include a script that varies for each visitor, and it is not enqueued for repeat visits within a certain timeframe. This might change the next time we work on human/bot detection, so suggesting a workaround (on top of being unable to support custom code), may not be helpful as it could stop working in a future plugin update.

    Regardless of whether Wordfence detects a visit as a bot or human, it will still be looking into the type and intent of any visit and issue blocks appropriately (or according to your settings in the event of things like Rate Limiting or Brute Force).

    Thanks,
    Peter.

    Thread Starter hodamohamed7786

    (@hodamohamed7786)

    Hi Peter,
    Thanks for clarification, but we need solution for this case asap.
    I want to ask is this case also happened in pro plugin or there is any pro plan can we purchase to avoid this case.
    Note: our site frontend is react and use wp apis

    Thread Starter hodamohamed7786

    (@hodamohamed7786)

    Hello,
    Any update regarding the above question ?

    Plugin Support wfpeter

    (@wfpeter)

    Hi @hodamohamed7786,

    The Free and Premium versions of Wordfence work the same way with human/bot detection. We can only support a full WordPress environment as any custom code required to include our scripts elsewhere may require code review, feedback, or changes when plugin updates happen which we don’t have the resources to provide.

    Make sure Wordfence > Live Traffic is set to “ALL TRAFFIC“, and check the scripts in the WordPress?wp_head?and?login_head?(on login pages) are included on your pages. I wouldn’t use specific functions in Wordfence’s code, as those can change in future versions, making your code incompatible. However, using WordPress hooks should be more robust.

    Thanks,
    Peter.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Wordfence – BOTS’ is closed to new replies.