Mark, I would like to point out that I am getting requests from 0.0.0.0 from "Browser: Amaya
curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5"
In my case I am behind a reverse proxy and I am sure there is an attempt to spoof the x-forwarded-for header using curl.
While this has not been critical for me **yet** (I have the real IP in the proxy log file), I am concerned about how Wordfence would handled this scenario under an attack.
Thanks