Hi @ombotanical, thanks for reaching out to us.
I’m unable to discuss the premium product here on the forums so to find out about specific features or whether your use-case is suitable, by all means contact our team at presales @ wordfence . com. However, I can add that we believe non-paying customers should still be offered great security for the entire WordPress ecosystem so many people will consider the free product all they ever need.
As for the problem in hand, Wordfence considers the intent of a human/bot by the pages they’re trying to visit (and how) the most important factor when blocking. It may be blocking some requests if you view your Live Traffic feed, but if the block times are set to a low number like 5 minutes, you may be seeing minimal benefit if they’re repeatedly trying to get through.
If your site is being hit many times over and over, it might be the best deterrent to increase the time they’re blocked before they can retry to days or months in your Brute Force and Rate Limiting settings. The linked pages will help you make a decision on what options might work best. You can also tighten up the numbers for “If anyone’s requests exceed”, “If a crawler’s page views exceed”, and “If a human’s page views exceed” to see if that helps.
If you don’t notice any improvement after testing the above changes for a day or two, please provide us with some Live Traffic entries that seem problematic along with the values set at that time in your Rate Limiting settings so we can see what might not be effective in your case.
Thanks,
Peter.
