Thanks Wordfence for info re blocked URLs, but?

  • Just a thanks to the Wordfence developers, for giving us more information about exactly what URL triggered a block.

    Oh, and a bit of feedback to Wordfence.

    When examining a Block in the “Blocked IPs” option under Settings, one can click on the IP number and get a Whois with more details, including the URL/file that the nefarious bot browsed to and got blocked. That is so good!

    But.

    PROBLEM?, you have live links for the blocked URLs, and if the link is for a URL in the “Immediately block IP’s that access these URLs” list, then the administrator who clicks on that URL will block themselves?

    Is this true?

    Sure, I can remember some of the URLs I have in my block list, but I can see myself accidentally clicking, or more likely, one of our administrators who’s curious accidentally clicking on the banned URL and getting locked out.

    So, can I click on that URL and not get banned? Or, if a ban would result, can you not do those live links, or?

    MTN

    https://www.ads-software.com/plugins/wordfence/

Viewing 6 replies - 1 through 6 (of 6 total)

  • Hi mountainguy2,

    If your ip address is whitelisted you should not ever get blocked. However, if it isn’t whitelisted then I am not sure. I have not tested it. I always have my ip whitelisted, but it is a fixed ip address. I guess if your ip is dynamic and constantly changing that could be a problem. If you ever get blocked with your ip whitelisted let us know.

    Thanks for the feedback. I will pass it on to the team.

    Thread Starter mountainguy2

    (@mountainguy2)

    I thought it was bad practice to whitelist your own admin IP ?

    No. I don’t think so. I talked to one of the developers and he said the same thing. I guess it is possible that an attacker could spoof their ip to look like yours. But that is rare, difficult to do now because of how servers are configured, and a very specific attack. I think the pros outweigh the cons.

    Thread Starter mountainguy2

    (@mountainguy2)

    The ever elusive standards of internet security…

    Just to be clear, are we talking about whitelisting our own admin IP in Wordfence/Options/Whitelisted IP addresses that bypass all rules:

    ??

    Thanks, MTN

    I am not sure I understand your question.

    I always whitelist my personal IP address so that I do not accidentally block myself.

    Thread Starter mountainguy2

    (@mountainguy2)

    Ok, I’ve gotten conflicting recommends about whitelisting my own admin IP. I would indeed agree that the pros seem to outweigh the cons. It’s a hassle to block yourself, though I can unblock pretty quick by simply logging in using a VPN and another IP… MTN

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Thanks Wordfence for info re blocked URLs, but?’ is closed to new replies.