Option: ” Immediately block IPs that access these URLs”

  • Resolved LV

    (@lordvader)


    4 years, 5 months ago

    Hi,

    At the option: ” Immediately block IPs that access these URLs” I have e.g.

    /?author=1
    /wp-login.php

    But when these url’s are accessed they are not blocked automaticly.

    What I’m doing wrong?

    Regards,

    LV

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @lordvader, thanks for your question.

    I believe the first one will not work due to it being a query string parameter rather than an actual file/directory path. For the second, can I confirm whether you actually wish to block all access, even to yourself from wp-login.php?

    For more information about the Immediately block IPs that access these URLs feature and the firewall settings in general, you can visit: https://www.wordfence.com/help/firewall/options/#immediately-block-urls

    Thanks,

    Peter.

    Thread Starter LV

    (@lordvader)

    Hi @wfpeter,

    First one:
    I even checked the box option in Wordfence called:
    ” Prevent discovery of usernames through ‘/?author=N’ scans, the oEmbed API, the WordPress REST API, and WordPress XML Sitemaps”

    So I thought that would work, guess not.

    Second one:
    No I don’t want to block myself, but only users/ bots that want to access that page.
    I have setup an Hide Backend option with another plugin, so I don’t actually acces the /wp-login.php directly.

    Yes I did read the help option.

    Regards,

    LV

    Plugin Support wfpeter

    (@wfpeter)

    Hi @lordvader,

    We have had a test and we were able to block both of those URLs including the query string using the Immediately block IPs that access these URLs option as you have done.

    This could mean you don’t have the Enable Rate Limiting and Advanced Blocking switch enabled, or you have are able to avoid the blocking when testing by whitelisting your IP in Whitelisted IP addresses that bypass all rules?

    Thanks,

    Peter.

    Thread Starter LV

    (@lordvader)

    Hi @wfpeter,

    Somehow the option “Enable Rate Limiting and Advanced Blocking” was disabled.
    I totally overlooked that one. Sorry to make such a mistake.

    Strange things is that the option: “Immediately block IPs that access these URLs”
    did not trigger the /?author=1 or /wp-login.php.

    So, again sorry for my mistake.
    Thanks for the support and wake-up call!

    Plugin Support wfpeter

    (@wfpeter)

    Hi @lordvader,

    Not a problem at all, sometimes just having another pair of eyes looking at a problem can find something that’s been missed despite best efforts to be thorough.

    If you ever need any Wordfence help in the future, please start a new topic and we’ll be glad to help out!

    Thanks,

    Peter.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Option: ” Immediately block IPs that access these URLs”’ is closed to new replies.