WordFence Removes Ability To Turn Off Live Traffic

Update: This feature can now be disabled by adding a constant to your wp-config.php file. The code you need to add is as follows  define(‘WORDFENCE_DISABLE_LIVE_TRAFFIC’, true);

WordFence has recently removed the ability to disable Live Traffic feature from its security plugin. They have replaced the Live Traffic feature with Security Only events. I am going to briefly go over what Security Only events are and how they impact you and your website. Hint: It is not the end of the world.

Security Only Is “Low Resource Mode”

Live Traffic mode logged every event from someone visiting your website or going to your login page. Security Only events only log certain types of events. Examples of events it logs are the following:

  • Sign Ins
  • Blocking Of Users

Essentially, the Security Only feature is like a firewall blocking tool, but it is more of a real-time log of your firewall. It will tell you what is being blocked in real time. With Live Traffic View, you had two choices: log everything (live traffic on) or log nothing (live traffic off). This new feature, Security Only, allows the plugin to log, even on hosts with limited resources.

Additionally, WordFence has made it easier to quickly review past security issues that may have arisen.

Logging All Traffic Is Still Terrible

Logging all traffic, when you are on a limited budget host (GoDaddy, Bluehost, Hostgator) is a major drain on server resources. There is also no real benefit either. Unless, you need to sit and analyze website traffic patterns for manual intervention or need to feel like you are in the matrix with the log updating constantly, be my guest. However, there is zero reason to leave the Security Only feature off. I recommend keeping the Security Only feature on and implement this method one every new install.

Can I Still Disable It?

As far as I can tell, there is currently no way to disable the functionality altogether. There may be a filter, but I have not gone ahead and explored it further. Security Only events have not caused me any issues, on my own sites or client sites, no matter what host it is being used on. Whether that be a budget shared host or a $10 VPS, the Security Only feature seems to being working as it should.

What are your thoughts regarding the change from Live Traffic View to Security Only mode? Do you think the WordFence team should bring back the ability to disable the feature altogether?

scott hartley

About the author

Scott is a web performance geek, lover of all things coffee, and avid video game player. His WordPress work delves into web performance, web security, and SEO.

3 thoughts on “WordFence Removes Ability To Turn Off Live Traffic”

  1. Hi Scott!

    Live Traffic is a tool to be used like any other. You enable it for “All Traffic” when you are watching things like visitor patterns or a bot attack in progress. If you aren’t using it, it should be in “Security Only” mode. Like Debugging Mode, it will obviously make more requests because it is gathering and displaying more information. As you said, “Security Only” mode is an easier way to quickly review past security issues, which is usually what people need and want to see right away.

    We do provide a way to completely disable Live Traffic and have documented it on this page:
    https://www.wordfence.com/help/advanced/constants/
    It involves adding one line to your wp-config.php file

    define(‘WORDFENCE_DISABLE_LIVE_TRAFFIC’, true);

    Tim

    Reply
    • Good to hear, I have updated both posts with the constant! Also, indeed it’s a great tool to use when debugging but most smaller to medium sites are still better off leaving the functionality off or on the above option to prevent any load issues on their smaller budget hosts!

      Reply
  2. I forgot to add that “Security Only” mode is really the same thing turning off Live Traffic used to do. When Live Traffic was off, logins/logouts and blocked hits were still logged. We just made the option label more consistent with what it is actually doing. Using the constant I mentioned does the same thing as putting it into “security Only” mode.

    Reply

Leave a Comment