Real Time Live-Traffic

Wordfence Live Traffic shows you what is happening on your site in real-time.

Wordfence Live Traffic shows you what is happening on your site in real-time. Wordfence logs your traffic at the server level which means it includes data that JavaScript based packages like Google Analytics do not show you. As an example, Live Traffic shows you visits from Google’s crawlers, Bing’s crawlers, hack attempts and other visits that don’t execute JavaScript. Typically Google and other analytics packages will only show you visits from web browsers that are operated by a human.

Wordfence Live Traffic is real-time so it will update as new visits appear on this page. Note that by default the traffic is updated every two seconds. If you want to change this update frequency you can go to your Wordfence options and change the update interval.

Understanding a Live Traffic record

Location
In most cases we will show the city that the IP address visiting your site originates from. Where we don’t have that data we will show a country or “unknown”. This data is 95% accurate and is based on a commercial IP to city database that we use to resolve IP address locations.

IP Address
The IP address is the source address which is visiting your site. You can click on this address to see all recent hits from this IP. You can also click the “Run a WHOIS” link in the lower section of each hit to find out who the owner of an IP address is. You can also click the link to block that IP address.

Time
We show the time of each hit as relative time, in other words, how many seconds, minutes and hours ago the hit occurred. This is independent of timezone.

Browser
You’ll see a bold label titled “Browser” which shows the web browser and version that each visitor is using. Below that in lighter grey you will see the raw “user-agent” text that the visitor sent us which is what we use to extract the data we show you about the browser next to the “Browser” label.

The options available for each hit
We provide shortcuts to block the IP address, block the network the IP address originated from, run a “WHOIS” to find out who an IP address belongs to and to see recent traffic from an IP address.

Note that the option to block the network an IP address belongs to is a two step process. The link will take you to the “Whois” page in Wordfence and show you who an IP address belongs to and what the network is for that IP. On that page you will find options to block the network which when clicked will take you to our advanced blocking page and give you the opportunity to block the network the IP belongs to.

Options

Enable Live Traffic View

This option enables or disables the Live Traffic View. On most servers that have sufficient resources, Live Traffic in Wordfence works flawlessly. In fact we enable Live Traffic on our own production servers which receive a significant amount of web traffic. However if you are using a low cost hosting plan that severely limits the resources you have available, you may consider disabling live traffic to reduce the load on your web server.

Don’t log signed-in users with publishing access.

If you don’t want administrators and editors to show up in Live Traffic, keep this option enabled.

List of comma separated usernames to ignore.

This option allows you to exclude certain logged in users from Live Traffic.

List of comma separated IP addresses to ignore.

This option allows you to exclude certain IP addresses (such as your own for example) from Live Traffic.

Browser user-agent to ignore.

This option allows you to exclude certain user agents (browsers) from Live Traffic. You may use this if you are running external scanners or other remote services on your site that you don’t want to see in Live Traffic.

Amount of Live Traffic data to store (number of rows).

This option limits the amout of database space that is allocated to Wordfence Live Traffic. If you are on hosting with limited resources or if you are having issues with slow database connection you can lower this value. If you are on a high performing site with lots of visitors, you could increase it.

Different types of Traffic

Referer spam

Referer spam (also known as Referrer spam) can be of two primary types

Bot hits
A bot visits your page and pretends it is coming from somewhere it is not actually coming from. It is spoofing (faking) the HTTP_REFERER header. Your page loads the tracker code and is then fooled in to submitting incorrect information to your analytics. Bot hits will be visible in the Wordfence “Live Traffic” feed. This type of referrer spam can be stopped by blocking requests to your site that have a particular HTTP_REFERER. In Wordfence you can block this type of referrer spam by entering the referrers you would like to block on the Wordfence “Blocking” page.

Ghost hits
A bot uses your Analytics code on a completely different site and submits fake traffic directly to Google Analytics (or another tracking service). Ghost referrer spam never touches your website. Thus this traffic will not be visible in your Wordfence “Live Traffic” feed and it is not possible to stop this traffic by adding any code to your website. Instead, you have to set filters in your analytics tool to filter out such traffic from your results.

Frequently Asked Questions

  • Live Traffic only shows one IP address

    If all hits appear to be coming from the same IP address, or if you are seeing many hits originating from IP’s starting with 10.x.x.x or 192.168.x.x then Wordfence may not be correctly configured. Please read our documentation on the option that appears on the Wordfence options page on how to set how Wordfence gets visitor IP addresses.