Hi @guywp
Make sure that Wordfence is correctly detecting visiting client IP addresses:
https://www.wordfence.com/help/dashboard/options/#get-ips
Make sure that public facing page functionality doesn’t generate legitimate requests that the firewall sees as being potentially malicious and blocking those requests. You can check this with these instructions:
https://www.wordfence.com/help/firewall/learning-mode/
You can block users and friendly bots if you set options too strictly. Recommended settings are here:
https://www.wordfence.com/help/firewall/brute-force/
https://www.wordfence.com/help/firewall/rate-limiting/
Also be very careful of creating IP address range blocks and Custom Pattern rules on the Firewall >> Blocking page, and that you understand what you are doing.
Wordfence is not designed to be a set and forget it plugin. Your site security is something that you should be reviewing on a daily basis. You may find these guides useful:
https://www.wordfence.com/blog/2017/04/20-minutes-to-secure-wordpress/
https://www.wordfence.com/blog/2018/10/php5-dangerous/ (important note – this is an old blog post from October 2018 but still very relevant)
https://www.wordfence.com/blog/2018/10/three-wordpress-security-mistakes-you-didnt-realize-you-made/
https://www.wordfence.com/blog/2017/06/wordpress-backups/
https://www.wordfence.com/learn/
