How does WordFence block IPs?

  • Resolved kualojo

    (@kualojo)


    9 years, 8 months ago

    Hello,

    This is in follow up to this closed topic:

    https://www.ads-software.com/support/topic/how-does-wordfence-block-ips

    In your post from a year ago you have mentioned that blocked requests hit PHP, but that this was about to be changed.

    I would like some clarification on whether this still hits PHP or whether this has now changed. For instance, if an attack hits the server and is attempting to brute force login to the WP login URL and is doing so multiple times a second, when WordFence starts to either rate limit or block the attack, do the failed attempts still hit PHP and generate a PHP execution?

    If so each request is potentially still consuming hosting resources, and if the attack is large this could be substantial. If blocked requests still generate a PHP and/or MySQL query then we would need to continue to advise people to install a plugin that renames the standard WP login URL. We can then block any requests to the standard login URL in .htaccess so as that any attempted brute force attacks don’t consume hosting resources by executing PHP.

    Many thanks for your clarification on how IP blocking works.

    https://www.ads-software.com/plugins/wordfence/

Viewing 1 replies (of 1 total)

  • Yes, it still makes a hit to php though this is negligible and not very resource intensive. In any of our tests, we haven’t seen a problem but you set the options on your site. If you are allowing 500 hits a second before blocking or throttling, then you probably are going to have a problem. Set reasonable firewall rules and likely the brute force attempt won ‘t be an issue.

    Changing the login url is one method of dealing with an automated attack but at the end of the day it is just security by obscurity, which isn’t really security at all. The wp-login redirect plugin works well if you wanted to try it.

    tim

Viewing 1 replies (of 1 total)
  • The topic ‘How does WordFence block IPs?’ is closed to new replies.