Real Time Live-Traffic
Wordfence Live Traffic shows you what is happening on your site in real-time.
Wordfence Live Traffic is real-time so it will update as new visits appear on this page. Note that by default the traffic is updated every two seconds. If you want to change this update frequency you can go to your Wordfence options and change the update interval.
Understanding a Live Traffic record
In most cases we will show the city that the IP address visiting your site originates from. Where we don’t have that data we will show a country or “unknown”. This data is 95% accurate and is based on a commercial IP to city database that we use to resolve IP address locations.
The IP address is the source address which is visiting your site. You can click on the “See recent traffic” button to see all recent hits from this IP. You can also click the “Run a WHOIS” button to find out who the owner of an IP address is. You can also click the “Block IP” button to block that IP address.
We show the absolute time of the request. We also show the relative time of each hit as relative time, in other words, how many seconds, minutes and hours ago the hit occurred. The time is displayed in your own browsers (computers) timezone and not the one defined in WordPress settings.
You’ll see a bold label titled “Browser” which shows the web browser and version that each visitor is using. Below that you will see the raw “user-agent” text that the visitor sent us which is what we use to extract the data we show you about the browser next to the “Browser” label. As an example a User Agent may look like this:
Mozilla/5.0 (Windows 98; en-US; rv:188.8.131.52) Gecko/20161228 Firefox/36.0.
The options available for each hit
We provide shortcuts to block the IP address, block the network the IP address originated from, run a “WHOIS” to find out who an IP address belongs to and to see recent traffic from an IP address.
Note that the option to block the network an IP address belongs to is a two step process. The button will open a drawer that does a “Whois” lookup in Wordfence and show you who an IP address belongs to and what the network is for that IP. In that drawer you will find options to block the network which when clicked will take you to our blocking page and give you the opportunity to block the network the IP belongs to.
Enable Live Traffic View
This option enables or disables the Live Traffic View. On most servers that have sufficient resources, Live Traffic in Wordfence works flawlessly. In fact we enable Live Traffic on our own production servers which receive a significant amount of web traffic. However if you are using a low cost hosting plan that severely limits the resources you have available, you may consider disabling live traffic to reduce the load on your web server.
Don’t log signed-in users with publishing access
If you don’t want administrators and editors to show up in Live Traffic, keep this option enabled.
List of comma separated usernames to ignore
This option allows you to exclude certain logged in users from Live Traffic.
List of comma separated IP addresses to ignore
This option allows you to exclude certain IP addresses (such as your own for example) from Live Traffic.
Browser user-agent to ignore
This option allows you to exclude certain user agents (browsers) from Live Traffic. You may use this if you are running external scanners or other remote services on your site that you don’t want to see in Live Traffic.
Amount of Live Traffic data to store (number of rows)
This option limits the amount of database space that is allocated to Wordfence Live Traffic. If you are on hosting with limited resources or if you are having issues with slow database connection you can lower this value. If you are on a high performing site with lots of visitors, you could increase it.
Maximum days to keep Live Traffic data
Along with the number of rows, you can also limit Live Traffic data by the number of days since a hit was logged. The default is 30 days, and the minimum is 1 day. Limits are checked daily, and records over the limit are removed at that time.
Different types of Traffic
Referer spam (also known as Referrer spam) can be of two primary types
A bot visits your page and pretends it is coming from somewhere it is not actually coming from. It is spoofing (faking) the HTTP_REFERER header. Your page loads the tracker code and is then fooled in to submitting incorrect information to your analytics. Bot hits will be visible in the Wordfence “Live Traffic” feed. This type of referrer spam can be stopped by blocking requests to your site that have a particular HTTP_REFERER. In Wordfence you can block this type of referrer spam by entering the referrers you would like to block on the Wordfence “Blocking” page.
A bot uses your Analytics code on a completely different site and submits fake traffic directly to Google Analytics (or another tracking service). Ghost referrer spam never touches your website. Thus this traffic will not be visible in your Wordfence “Live Traffic” feed and it is not possible to stop this traffic by adding any code to your website. Instead, you have to set filters in your analytics tool to filter out such traffic from your results.
Frequently Asked Questions
- Live Traffic only shows one IP address
If all hits appear to be coming from the same IP address, or if you are seeing many hits originating from IP’s starting with 10.x.x.x or 192.168.x.x then Wordfence may not be correctly configured. Please read our documentation on the option that appears on the Wordfence options page on how to set how Wordfence gets visitor IP addresses.