Hi @danishhaidri, thanks for reaching out.
If Live Traffic isn’t showing the IP of these visitors, it’s likely that they aren’t triggering any security events like rate limiting, brute force attempts or other suspicious behavior. Live Traffic is set to “SECURITY ONLY” rather than “ALL TRAFFIC” by default, it’s likely they’d show up if your site was logging all traffic. Many site administrators don’t want to filter through legitimate and successful page requests, and there are obviously database considerations through logging more traffic more often.
When you hit the page URL they are trying, what happens? If you hit a 404 or redirect then that’s likely all that’s happening for those IPs too. Specifically wrong filepaths/URLs being attempted don’t necessarily point to inside knowledge about your site. Often these are automated attempts that are just hit-and-hope in the search for vulnerable plugins, paths, or publicly visible files that shouldn’t be.
If Wordfence isn’t taking any action and you’re not experiencing other side-effects like randomly created files, users, etc. then I don’t have any reason to believe you need to take action either. You can manually block the IPs you see from GA in Wordfence > Blocking as they’ll show up in Live Traffic if they try to visit again but normally a manual blocking regime like this isn’t necessary.
Thanks,
Peter.
