Clarification

Hi @joeyjosay , thank you for reaching out.?

To see the targeted file, please check Live Traffic at the same timestamp for additional information via Wordfence > Tools > Live Traffic > Show Advanced Filters > Filter > IP = (enter 209.38.200.253 in the IP field and click enter). The Live Traffic entries have more details about the block.

Another option is to check the raw access logs on the server for the IPs and hits around that time.

In most cases, a vulnerability in a specific plugin or version of WordPress isn’t tested in advance, and an attack will just hit a site, hoping something will work. Therefore, it’s best to stay up-to-date with WordPress & plugins and let Wordfence protect the site.

Increases in attacks and blocks can be alarming to see, however, in this case, there is no further action needed with Wordfence blocking the hits. 

Thanks,

Mark

Thanks Mark, Great info!

I have a question about country blocking. Google ads requires all pages to be accessible from all countries google may want to crawl your site from regardless if you offer ads or services to that country. Do you have data on your premium version country blocking and how it works with google ads?

Additionally, In the traffic logs, I see xss and sqli attacks from the same IP address a hundred times. Are the ip address added completely from the site after one attempt or are the xss and sqli IP’s not blocked permanently?

You’re welcome @joeyjosay .

Country Blocking is a premium feature, and we aren’t allowed to discuss those here as per forum rules. Please contact [email protected] for more information on this feature.

For your second question, we do not typically recommend blocking IPs permanently, as attackers rarely reuse IP addresses. For more information, please check out the blog post below: https://www.wordfence.com/blog/2017/11/should-permantly-block-ips/

Thanks, 

Mark