I have emailed Wordfence for a number of weeks on this and they have advised me to now see what can be causing it on the Cloudflare side, as apparently it’s impossible for Wordfence to be doing it if Cloudflare is doing as it says it is.
Basically, Wordfence is blocking everything that Cloudflare should be and says it is blocking.
All manual and default rules for bots, countries, from what I can see its near enough everything. It is hard to correctly audit as Wordfence doesnt allow for data downloads to look up against, and sitting there for periods of time counting in traffic and IPs live isnt really how I like to spend my time!
But I have country level blocks in place for China and Russia, the taffic will be blocked but still appear in Wordfence that blocks it. Same for bots. We have had a number of triggers hit in the last few weeks for DDOS probes or unusual increases, each time Wordfence spotted them and emailed me. But the traffic was marked as blocked or managed challenge in Cloudflare.
Is there something I have missed? If they are served with a managed challenge can they bypass it? The pass rate is tiny (under 3%) so this cannot account for the vast amount of volume seen.
Help would be appreciated, as currently I am concerned we don’t have the protection in place we believe we do,