On the free version of wordfence, I have found that it works well to have certain configurations to save time.
Options that are set on all of my sites:
All OPTIONS>VIEW CUSTOMISATIONS (tick all three of the boxes so that you can access options quickly from the dashboard).
FIREWALL OPTIONS>BRUTE FORCE PROTECTION (I set it to lockout after 5 login failures, 3 forgotten password attempts, count failures in the time period of 1 hour, amount of time a user is locked out is 5 days or longer if it is a site that is not accessed regularly for commerce – maybe a month for a personal blog site). Immediately block common login usernames as these will be used by bots to attempt to access your site:
- root
- test
- oracle
- admin
- user
- postgres
- guest
- nagios
- mysql
- tomcat
- student
- Cyrus
- mythtv
- administrator
- temp
- apache
On a regular basis, you need to update the BLOCKING URLs. This can be done via the email (although I find that some occasions, no emails are sent by the site).
If you find that no emails are being sent by the site, then under LIVE TRAFFIC (from the site dashboard). Select the Blocked by firewall list, then scroll down and click block on any that have not been blocked. After doing this, then scroll down to the Blocked list and do the same, lastly check the locked out (make sure not to block yourself or any other user that is in the same location as you are). Finally, go to the BLOCKING section on the dashboard and select all of the URLs and click “make permanent”.