Problem with unwanted traffic

Hi @joelmellin, thanks for providing the detail above.

Seeing a large rise in access attempts such as this, especially if there seems to be no logical reason can be frustrating, but is actually quite normal to see from time-to-time. We have written about that in a bit more detail in the past: https://www.wordfence.com/blog/2018/03/ask-wordfence-why-is-an-insignificant-site-like-mine-being-attacked/

Wordfence, as an endpoint firewall cannot stop a bot or human from trying to visit your website altogether, but rather deal with the visits appropriately based on your settings, and their behavior. Usually attacks such as this are done with no prior knowledge of the platform or plugins you’re running. If the bot is causing high CPU/bandwidth use even when the rate limiting is active, your host may be able to help by adjusting the server firewall.

Our Rate Limiting settings can be adjusted to be more or less strict depending on how the site is configured. You can find details and our recommended settings here: https://www.wordfence.com/help/firewall/rate-limiting/

For “If a crawler’s page views exceed…“, we recommend setting the limit to 120 per minute to start, but you may need to use a stricter setting. Use the “throttle” option in most cases, which will rate limit crawlers rather than block them altogether.

Unchecking Facebook from Allowlisted Services will ensure Wordfence fully throttles Facebook. But removing Facebook from the allowlisted services can lead to issues with how content from your website displays on Facebook when it is shared etc.

If you’d prefer not to uncheck Facebook altogether, you could try adding a crawl delay to your robots.txt file: https://developers.facebook.com/docs/sharing/bot/

Real Facebook crawlers should respect the crawl delay to automatically throttle themselves on your site, which may reduce the amount of data they’re using up on your site.

Thanks,
Peter.