Questions / Features?

  • Under Wordfence > Blocked IPs, I’m wondering if there is a feature in the works to mass block a number of IPs, via uploading a file, or even just the ability to copy and paste a list of IPs?

    Also, I know you can block someone if they try and sign in with a certain username…is there a way to PERMA block them from your site if they try a certain username?

    Thanks! Awesome plugin!

    https://www.ads-software.com/plugins/wordfence/

Viewing 7 replies - 1 through 7 (of 7 total)

  • Hi

    Great questions! Thanks for asking.

    I’m not sure this is on the road map but I’m adding it to the feature request that I ask the dev team for on our Friday call. We do have the ability to block the network of an offending IP address. This shows up under the ip on the ‘Blocked IP’s” page in your admin. Let me know if this works better or worse.

    As for your second question, I always check the box on the options page that says “Immediately lock out invalid usernames” (which I suspect may be your problem?) But, you can specify usernames in the section under that that says “Immediately block the IP of users who try to sign in as these usernames”. These are separated by commas and it shouldn’t block valid usernames on the site. Is that what you wanted?

    tim

    Thread Starter Keryn

    (@b-summers)

    Yes, I also check that box, and also always type in “admin” and “administrator” in the textbox.

    However, it will only block the IP that tries to access that username for the amount of time specified. So after 30 minutes, that IP can try and break in using a different username. I would like to PERMANENTLY block any IP that tries to access those usernames.

    I get the permanent part, but I’m wondering if that might be excessive since at some point that IP address will be changed by the hacker or spammer. We talked about this at my previous job, like by adding htaccess rules. Our thoughts were that we might be blocking a legitimate user from seeing the site just because they wound up with a bad IP. It looks like you can set that number up to 60 days. Would you like it longer than that?

    tim

    Thread Starter Keryn

    (@b-summers)

    The problem with that is if my client locks himself out for some reason (forgetting password, etc), he would be locked out for 60 days.

    It would just be nice when I get 80+ hack attempts over the weekend on a number of different sites, that I could perma block that IP, rather than them getting to try a different username every 30 minutes.

    I’ll just keep manually blocking IP’s for now I guess.

    Ahh. So you’d like a different set of rules for blocked usernames and usernames that are specified. That makes sense. I’ll ask for that and see what I find out. Of course, they get a link to click to unlock their account but I see your point for asking for this.

    Thanks!

    tim

    Thread Starter Keryn

    (@b-summers)

    That would be good ??
    Thanks for taking my suggestions!

    Thanks for being a part of the community here. Honestly, we get some great ideas from you guys!

    tim

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Questions / Features?’ is closed to new replies.