Hi @andrewm57, thanks for getting in touch!
It’s generally unnecessary to have a manual blocking regime as IPs are often reassigned, so management can be difficult to keep up with. Naturally if you’re receiving many requests from a few, it may occasionally be necessary to stem the flow.
Wordfence will tend to continue blocking visits it deems to be malicious based on their activity when using your site, breach of a firewall rule, or other factors like their UA/IP being on our list of known referers/visitors.
The reason given in Live Traffic will always match the reason why the IP was originally blocked. In this case, having a malicious User Agent will be given even if your manual IP block is catching them in future attempts. If they continually visit with a malicious UA going forward, it’s likely the firewall will catch them before your manual block does too.
Thanks,
Peter.
Thanx. This was a stupidly persistent bot that hit over 10K times in an hour. Not a DDOS, just not throttled. Plus that IP went on to hit other sites in my shared hosting plan. I ended up using IP Blocker in cPanel to stop it.
