Customizing Block & Locked Messages from Wordfence

@mountainguy2 and @yet-another-wp-user, for reasons we have explained earlier in this thread we will not be implementing a replacement for block pages. What we have implemented now solves these problems

* Block pages have less text
* Admins can add messages in their own language
* Admins can add contact information

Those are the most common problems customers have reported to us in the past.

Hope you continue to enjoy the free version of Wordfence!

I’m using the paid version of Wordfence. You guys can at least provide an option to replace block pages to premium version users.

@wfasa – Adding a tag line does not solve our problems. I do not believe it even answers the original request.

Hi @summit!
This thread is only a small part of all requests we’ve gotten over the past years asking for an ability to customize the block page. As I explained, we’ve covered the most common scenarios based on all those reports. Unfortunately, we will not be introducing a full replacement for the block page.

Thanks @wfasa , that is a very clear stance.

Ok, everyone, what is the best alternative in your experience?
… as WF seems to have just become a non-useable option.

First, let me state that I do like Wordfence, appreciate it, and sincerely wish they had not messed it up and inspired me to cancel my Premium subscription.

But I’m aware a well managed website could be operated just fine without it. Before my WF days, I did pretty good just using plugins IQ Block Country and WPS Hide Login, along with spending quality time with my .htaccess file, as well as taking care with a checklist of security mods I gleaned from much research, for example deleting unnecessary WordPress “features” and files. A server level firewall such as CSF iced the cake — along with having a top tier webhost.

The only part of WF that keeps me using it is the programatic blocking such as the frequency blocking. I like the URL blocking, but some time ago WF “upgraded” their UI and eliminated a feature that made the URL blocking easy to optimize, so I don’t regard the URL blocking as highly as I did before. And of course URL blocking can be done in .htaccess, but it’s not easily done in the good way Wordfence does it (wherein the block persists for a given IP number).

I don’t use WF so much for security as for simply reducing bandwidth sucked up by bots. I use the scan feature infrequently, if at all.

I’d imagine if I nixed Wordfence, I’d probably go homebrew as above for a while and see what my bandwidth looked like.

I’d like to say I’d upgrade to Premium WF if they had a custom blocking page option for those of us who would break out the credit card, but alas since they changed the UI and got rid of the easy way to evaluate URL blocking, I’d probably not upgrade even if they did add a Premium “custom block page” feature.

MTN

I can’t understand why Wordfence can’t provide custom blocking page feature? Cloudflare provides it to premium customers.

Similarly Wordfence can allow premium customers to use their own custom blocking page. Doesn’t seem complicated or impossible.

The block page is amazing PR, seen by gazillons of bots and no small number of humans. I don’t think it’s wrong to value that PR, and suspect Wordfence does. Moreover, I suspect Wordfence doesn’t want us prolls creating programmatic blocking pages with PHP and Javascript, that become attack surfaces. The result could be users creating their own vulnerabilities, but blaming it on Wordfence.

The other thing is it’s obvious Wordfence corporate culture is often about fixing what works, for example re-doing perfectly adequate user interfaces. Thus, when it comes to actually adding non existent features, perhaps the will simply isn’t there to aggressively tackle user requests. We don’t have to like that, but understanding the dynamic is good. Microsoft is a good example. All most people ever wanted was for their printers to work, instead we got Internet Exploder.

What could happen is someone with a modicum of skill could probably lash up a simple plugin that swapped a custom file for the Wordfence default blocking pages. I’d pay money for the plugin. The task could also be done with a cron job that ran a simple file copying script. I started working on just that, but simply didn’t have the time to complete it, as well as realizing that every time Wordfence made the slightest change in file locations, my cron would fail. A plugin would have to stay on top of things as well, but perhaps have an easier time of it due to economy of scale.

MTN

At least they can allow premium customers to wipe everything from the blocking page and show their own custom message.