This documentation is only valid for older versions of Wordfence. If you are using Wordfence 7 or later, please visit our new documentation.

Live traffic

From Wordfence Documentation
Revision as of 00:25, 20 March 2017 by Kerry (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Live Traffic is located on the Wordfence menu.

Wordfence Live Traffic shows you what is happening on your site in real-time. This includes a lot of data that javascript based analytics packages like Google analytics do not show you. The reason they can't show you this data is because Wordfence logs your traffic at the server level. So for example. we will show you visits from Google's crawlers, Bing's crawlers, hack attempts and other visits that don't execute javascript. Whereas Google analytics and other analytics packages will only show you visits from web browsers that are usually operated by a human.

Wordfence live traffic is real-time so it will update as new visits appear on this page. Note that by default the traffic is updated every two seconds. If you want to change this update frequency you can go to your Wordfence options page and change the update interval. You can find this option documented in detail on our Wordfence options documentation.

What the data shown means and how to use it


In most cases we will show the city that the IP address visiting your site originates from. Where we don't have that data we will show a country or "unknown". This data is 95% accurate and is based on a commercial IP to city database that we use to resolve IP address locations.

IP Address

The IP address is the source address which is visiting your site. You can click on this address to see all recent hits from this IP. You can also click the "Run a WHOIS" link in the lower section of each hit to find out who the owner of an IP address is. You can also click the link to block that IP address.

Note that if all hits appear to be coming from the same IP address, or if you are seeing many hits originating from IP's starting with 10.x.x.x or 192.168.x.x then Wordfence may not be correctly configured. Please read our documentation on the option that appears on the Wordfence options page on how to set how Wordfence gets visitor IP addresses.


We show the time of each hit as relative time, in other words, how many seconds, minutes and hours ago the hit occurred. This is independent of timezone.


You'll see a bold label titled "Browser" which shows the web browser and version that each visitor is using. Below that in lighter grey you will see the raw "user-agent" text that the visitor sent us which is what we use to extract the data we show you about the browser next to the "Browser" label.

The options available for each hit

We provide shortcuts to block the IP address, block the network the IP address originated from, run a "WHOIS" to find out who an IP address belongs to and to see recent traffic from an IP address.

Note that the option to block the network an IP address belongs to is a two step process. The link will take you to the "Whois" page in Wordfence and show you who an IP address belongs to and what the network is for that IP. On that page you will find options to block the network which when clicked will take you to our advanced blocking page and give you the opportunity to block the network the IP belongs to.

The different tabs and what they are

We have separated the kinds of traffic you can see into tabs based on the type of traffic. Each tab is documented below.

All Hits

Absolutely all visits will appear under this tab. This includes human visits, hack attempts, crawlers like Google's Googlebot. If you want to see simply all traffic on our site, this is the place to get that data.


You can use this tab to view all human visitors to your site. This will exclude all automated crawlers and robots but it will also exclude many hack attempts that are automated.

Wordfence uses a technique to separate humans from crawlers. To do this we place a tiny bit of javascript on each of your web pages. This javascript is specially designed to not be executed by crawlers and only by human visitors who are using a web browser. When we log a hit from a crawler, if that javascript is executed we flag the hit as a human visit. The hit will then appear under the humans tab.

Registered Users

This will show page views generated by anyone who is signed into your website.


As explained in the "Humans" item above, we separate out page views generated by robots and those generated by humans using a special technique. This tab will exclude all human hits and only show crawlers.

Google Crawlers

This tab is very useful if you are interested in SEO (Search Engine Optimization) and care about how often and when Google's crawlers visit your site. You can view this tab to see what Google is currently doing on your site.

Pages Not Found

This tab is very useful to see if your site has any errors that is causing visitors or crawlers to generate page-not-found errors on your site. Certain kinds of hack attempts will also generate many page not found errors and so checking this tab occasionally is a good idea.

Logins and Logouts

Here you can see recent logins and logouts on your site. It's a good idea to check this periodically to ensure that you are seeing the users you expect to have access to your site and no unusual activity.

Top Consumers

This tab is valuable to determine which IP address is viewing the most pages on your site. You will usually see friendly crawlers like Google's Googlebot. But you may also see content thieves or hack attempts and if you see an IP address that is behaving in a way that consumes a large amount of resources on your site we recommend you block them.

Top 404s

This shows you the IP addresses that are generating the most page not found errors. Often this will be a hacker scanning your site for vulnerabilities. You may also see web crawlers generating a large number of page not found errors on this tab if your site is not configured properly or has a lot of dead links.

Resource Usage

Live traffic can have an impact on some systems resources. This can be helped by extending the update interval to ease the problem. It's a great troubleshooting tool to see attacks in real time and respond with manual blocks if needed. If you aren't using it, it's best to leave it off for maximum performance.

When you have the Live Traffic page open, but the window is not in the foreground, you may see a "Live Updates Paused" message overlaying the page. While that message is displayed, your browser is not requesting updates from your site, to decrease resource usage. The Wordfence scan results page also pauses in the same way. Switching to that window will resume updates. In the event it does not, check for javascript conflicts with other plugins. (See details here: Open the JavaScript console for troubleshooting plugins.)