Quote Originally Posted by marcopolo View Post
Yes, it can block those same IPs again — but only if they return after their cache entry expires. By default, the plugin caches each IP’s AbuseIPDB score for 1 day (86400 seconds) under the Cache Time setting. That means once an IP is checked, its score is stored locally and reused until that cache expires — avoiding repeat API calls, but also meaning the system won’t recheck or re-block the same IP until that cache period ends.

If you're seeing a spike in abuse, you can temporarily increase the cache time (to 2–3 days, for example).
172800 = 2 days or 259200 = 3 days

That way:
  • Previously flagged IPs stay blocked longer, even without another API call
  • You conserve your daily quota (5,000 requests) during surges
  • Protection stays active while usage stays within limits



Also, enabling extended caching (High Score Cache Extension) for IPs over a threshold (default score: 100) can stretch cache time even further (defaults to 7 days or longer whatever you set it too via Extended Cache Time).

I’ve seen a huge uptick in bot traffic lately, especially from IPs returning very low or even 0 scores from AbuseIPDB. Something definitely seems to be going on across multiple shops. You’re not the only one running into this pattern.
Thanks for your reply, and I have took action on one of your tips so far. Just looking into the other one. Apparently I had 60000 connections in two hours! Which tallies with the logs around that duration. I'd turned off session rate limiting so turned it back on again. Was investigating a session related bug.
So its not just me then....... I know another business they block Sinagpore and China, as recommended by their server people. But the former can have customers from there. Yes its definitely not something I have had to tackle this viciously before.