Manual Block or not?

  • Resolved Mighty Good

    (@mighty-good)


    7 years, 2 months ago

    Question… I am running the “free” version of Wordfence (thank you!) and I currently manually block ip addresses that are trying to login to my WordPress site, xmlrpc.php, etc. Also, I block any ip addresses that your weekly recap shows as a “Recently Blocked Attack.”

    Is blocking these ip addresses helping the overall security of my site? or is a waste of time?

    Thank you!!!

Viewing 4 replies - 1 through 4 (of 4 total)

  • IMO, it’s pretty much like playing whack-a-mole… IP addresses used by malicious traffic are fluid – meaning they will change frequently since hackers are only poking holes to see if there’s an in they can exploit to access the site.

    The better strategy is put tools in place to limit broad access, or block specific vectors in a general sense – this is where the WF firewall comes in, as well as outright disabling of services such XMLRPC and others that you may not actually be using.

    Country blocking is also quite an effective tool – outright blocking of known countries that are the source of many hack attacks really helps reduce unwanted traffic. WF offers country blocking in their premium version and is well worth it.

    @bluebearmedia I may very well borrow this line ??

    IMO, it’s pretty much like playing whack-a-mole… IP addresses used by malicious traffic are fluid – meaning they will change frequently since hackers are only poking holes to see if there’s an in they can exploit to access the site.

    To be honest that is a very good description of what blocking IPs as they try is like. As BBM mentioned, attackers tend to change IP addresses very fast. If they start getting blocked on one target site, they’ll change to another target site. If the same IP gets blocked in enough places they change to a new IP address. Blocking permanently by IP is not really a great option since eventually that IP will be out in the public again and you might be blocking a potential visitor.

    There is far much better value in using good login security rules and rate limiting rules (both on the options page), using country blocking for the login page (premium only) which also blocks xmlrpc logins, The Wordfence Security Network (blocks logins from IPs that are being blocked on other participants sites) available in the free and premium version, and the premium only IP blacklist can all help tremendously.

    • This reply was modified 7 years, 2 months ago by WFSupport.

    @wfsupport – by all means, use it at will! ??

    @mighty-good – WF just wrote a post on their blog also relevant to your question…

    https://www.wordfence.com/blog/2017/09/real-time-ip-blacklist-stats/?utm_source=list&utm_medium=email&utm_campaign=091917

    Thread Starter Mighty Good

    (@mighty-good)

    Thanks!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Manual Block or not?’ is closed to new replies.