The admintools log command group lets you view and manage the Blocked Requests log, which records all requests blocked by the Web Application Firewall.
Lists entries from the Blocked Requests log. Results are ordered by date, most recent first.
wp admintools log list [--format=<format>] [--ip=<ip>] [--reason=<reason>] [--request-url=<url>] [--limit=<limit>]
--format=<format>The output format. Accepted values: table (default), json, csv, yaml, count.
--ip=<ip>Filter results by IP address (partial match).
--reason=<reason>Filter results by block reason (exact match). Common reason codes include: loginfailure, ipbl, sqlishield, xssshield, nonewadmins, geoblocking, and others.
--request-url=<url>Filter results by requested URL (partial match).
--limit=<limit>Maximum number of results to return. Shows all entries by default.
List recent blocked requests:
wp admintools log list --limit=20
Show only login failures:
wp admintools log list --reason=loginfailure
Count blocked requests from a specific IP:
wp admintools log list --ip=192.168.1.100 --format=count
+----+---------------------+----------------+--------------+---------------------+| id | logdate | ip | reason | url |+----+---------------------+----------------+--------------+---------------------+| 5 | 2026-02-10 14:23:01 | 192.168.1.100 | loginfailure | /wp-login.php || 4 | 2026-02-10 14:22:58 | 10.0.0.50 | sqlishield | /index.php?id=1'OR |+----+---------------------+----------------+--------------+---------------------+