Help Documentation

VMP™ Security plugin documentation and support

Free Support

Support for users of the free version of the plugin is available on our support forums. The majority of features shown are available in the free version of VMP™ Security which helps protect millions of sites around the world.

Go to support forums

Access Upgraded Support Now

Our support engineers, equipped in Premium tickets within a few hours on weekdays, will be pleased to help you with advanced topics, provide comprehensive answers to your questions, and respond to all others in 24 hours or less.

Premium Support

Real-Time Live Traffic

Live Traffic is a stream of every request reaching your site, updated as it happens. It is the page you open when you want to see what is going on right now — whether someone is attacking the site, where unusual traffic is coming from, or which request triggered the firewall block your visitor is asking about. The data is captured by the plugin at the WordPress layer, so it includes per-request detail that a normal access log would not have.

In This Article

Viewing Live Traffic

Open VMP Security → Tools → Live Traffic. The page shows a reverse-chronological list of requests, with the newest at the top. Each row contains:

  • Time. Server-local time of the request, with the time zone shown in the header.
  • Visitor. IP address, country flag, and reverse-DNS hostname when available. Click to expand to a detail panel.
  • Type. Whether the visitor was identified as a human browser, a known crawler, an unknown crawler, or a logged-in user (with the username).
  • Path. The URL the visitor requested. Clickable to open the same URL in a new tab.
  • Action. What the firewall did. Most rows say “allowed.” Blocked rows are red and call out the rule that fired.

By default the page polls for new entries every few seconds. The pause button at the top freezes the stream so rows do not move while you read; it is the right thing to click before scrolling far back.

Filtering and searching

The filter bar at the top narrows the stream. Useful filters:

  • Visitor type: humans only, crawlers only, signed-in users only.
  • Action: blocked only (the most useful filter for incident response), allowed only, or specific actions like rate-limited or country-blocked.
  • IP / hostname / country: matches a specific IP, a hostname pattern, or a country.
  • URL: matches a path or path prefix. Useful for investigating attacks against a specific endpoint.
  • User-Agent: matches the User-Agent string. Useful for identifying scanner traffic.
  • Time range: limits to a specific window. Live updates stop while a time-range filter is active.

Filters can be combined freely. The combination of “blocked” + “a specific IP” is the fastest way to see exactly what one attacker has been doing.

Taking action on a visitor

Click any row to expand it. The detail panel shows the full request: headers, query parameters, POST body (where safe to display), and the firewall’s evaluation of each rule. From the same panel you can take action on the visitor without leaving the page:

  • Block this IP. Adds the IP to the manual block list. All future requests from this IP are blocked, regardless of what they are.
  • Allowlist this IP. Exempts the IP from all firewall defenses. Use sparingly — this is the same allowlist used for trusted infrastructure.
  • Allowlist this rule for this URL. If you are looking at a false positive, this is the right action. The allowlist entry is scoped to the specific URL and parameter that triggered, not the whole rule.
  • Block this user. For signed-in users, ends the session and prevents the user from signing in again until you unblock them.
  • WHOIS lookup. Opens the WHOIS Lookup tool prefilled with the visitor’s IP.

Performance impact

Live Traffic captures one row of data per request. On most sites this is invisible. On very high-traffic sites the volume can become significant; rolling Live Traffic data sits in a database table that grows in proportion to traffic, and the WordPress dashboard query that displays it gets slower as the table grows.

If you are running on a constrained host or if Live Traffic is making the dashboard slow, you have three options:

  • Reduce retention. Live Traffic retention is configured on VMP Security → All Options in the traffic-logging section. Shorter retention shrinks the underlying table and speeds up queries.
  • Sample. Capture only a fraction of allowed requests; capture every blocked request unconditionally. Useful when you mostly want Live Traffic for incident response, not for general analytics.
  • Disable Live Traffic. The firewall continues to enforce, blocked-request data still goes into the firewall logs, you just lose the request-by-request stream view. Recommended only on very large sites where the operational cost outweighs the value.

Privacy and data retention

Live Traffic data is stored only on your site. It is not sent to VMP Security infrastructure. You control how long it is kept (default 30 days) and which fields are captured.

If your site is subject to GDPR, CCPA, or another privacy regime, the All Options page lets you reduce what is captured (for example, by lowering the traffic-logging mode) or shorten retention so the data ages out automatically. There is no built-in IP-truncation toggle; if you need that level of redaction, schedule a periodic SQL query that masks rows older than your threshold.

Contents