Custom blocked page?

The folks at Wordfence seem to have a thing for their wf503.php page (smile).

It just occured to me, but would a basic redirect in .htaccess take care of this? I have not tried that. Instead, like you, I’m constantly redoing my custom wf503. Getting tired of the time wasted. If I have time today I’ll try a redirect.

MTN

I just tried a redirect in root .htaccess, doesn’t work because the /lib folder has .htaccess file with “deny from all” in it.

FYI for others landing on this thread, the file we want to mod or redirect is:

/wp-content/plugins/wordfence/lib/wf503.php

Let’s hope Wordfence gives us the option to use a custom wf503.php, as well as any other blocked messages.

MTN

Hi @atx,

We don’t have a feature to customize block messages/pages at the moment; this may be implemented in a future version but it hasn’t been included in any roadmap yet.

Also, what do you mean by

[…]which doesn’t work (e-mail field is broken).

Hi @mountainguy2 and thank you for your help! Yes the htaccess idea seems problematic to implement…I guess I will have to turn off the automatic update which is kind of weird for a security plugin…

Hi @wfyann, thank you for getting back to us, I know it’s not on your todo list but many WP owners are searching for an alternative because of the reasons mentioned here. It would be very cool to have this feature as soon as possible!
For the e-mail field, nevermind I fixed it.

ATX, as proof of concept I did the following, it worked. Fun. Apologies for any typos, I was in a hurry when I changed all the file names from my own to the examples. The concept is there…

1. I made a modified /wordfence/lib/wf503.php file I like, named it something like wf503-special.php, and placed in /wordfence/lib/ folder

2. Made a PHP script called (for example) wf503-change-script.php that looks something like the following and placed in /wordfence/lib/ folder. Set file permissions to the same as other scripts in that folder, which is 644.

(following is pseudo code to avoid violating forum guidelines)
echo copy(“wf503-special.php”,”wf503.php”)

3. Placed the following statement in my top level .htaccess file, this allows the script to run even though /wordfence/lib/.htaccess has a “deny from all”. Could put this statement in the /wordfence/lib/.htaccess but it would get written over by the Wordfence updates. (following is pseudo, I’m not sure what’s allowed on the forum here.)

FilesMatch “wf503-change-script.php”
Allow From All
/FilesMatch

I tested this manually by running the script from my browser. Works. Now I need to create a Cron job that runs the script every so often, depending on my sense of how often Wordfence does their updates. Or perhaps I’ll just run it manually when I see that ubiquitous “Wordfence Update!” message.

Wordfence Scan will probably see all this stuff and sound an alarm. Easily handled.

The script could probably be run from site root, with the modified wf503.php file residing there as well, to avoid adding files to the /wordfence/lib folder. I kept it simple and didn’t do that.

Apologies if my amateurish attempt at this creates any security issues. Use at your own risk.

MTN

@mountainguy2 : Thanks for your quick fix, it looks like a good idea even if it requires a lot of extra steps…But if the folks at Worfence aren’t willing to make it easier for us, I guess I will have to try something like this…or find an alternative ??
Thanks again.

@atx,

For reference purpose, the internal request related to this feature is #FB521.

Thanks Wyf, glad to see it’s on some kind of list. MTN

Hello there,
Just following up, do we have any news about the #FB521 request? ??

Hi @atx,

This feature is still being discussed internally.

Unfortunately, I’m not able to provide more information regarding the implementation progress at the moment.