Hi @bobinaust, thanks for getting in touch.
Wordfence deals with IPs in real-time when they break firewall rules, or when they fall foul of your plugin settings and blocks them for the time specified in “Amount of time a user is locked out” in your Brute Force settings or “How long is an IP address blocked when it breaks a rule” in your Rate Limiting settings. Four hours sounds like one or both of those settings – which you can extend if you wish.
We believe a manual or permanent blocking regime is mostly unnecessary as a result of the above. If it’s not really affecting legitimate users and their experience on the site, you can leave Wordfence to continue dealing with them.
The reason why Wordfence itself doesn’t permanently block on your behalf is down to the extra workload created for the administrator should that IP later be reassigned to a legitimate visitor, plugin, or service. If unwanted blocks started happening as a result of that, it may not be immediately apparent to most users why it’s happening.
Thanks,
Peter.
