Dev4Press No Script

Ban IPs

This feature is always active and loaded, it can’t be disabled.

How it works

This feature monitors all other features, and when the banning thresholds are reached, it will ban the offending IP. The ban can be permanent and temporary. With temporary ban, you can set number of days, and after that period has passed, the IP will be allowed again.

If the IP is on the ban list, any request coming from that IP will be stopped as soon as possible.

Ban repeated events

Various plugin features will log when the offense is triggered. And, Ban IPs feature will count each supported logged event and if the count reaches threshold from the feature settings, the IP will be banned.

Ban based on repeated events

The events supported for this type of banning are:

  • Firewall
  • Antispam
  • Blackhole
  • Username Trap
  • Login Honeypot
  • Login Limit
  • Registration Failed
  • Registration Honeypot

For each one, in feature settings you can set number of repeated offenses in a period of 24 hours, and if the same IP reaches that number, that IP will be banned. For each event type you can specify use of Temporary or Permanent ban.

Ban based on the DNSBL thread level

coreSecurity Pro supports getting information from Blacklist libraries based on the DNS checks. If the threat level for the visiting IP is over specified threshold, IP will be banned.

Ban process

Once the IP is in the ban list, there are two things that can be done:

  • For every request, plugin will check if the IP is on the ban list, and if it is, request will be stopped with 403 error. This method is effective, and each attempt will be logged. But, this method will not work if you use cache plugin that does full HTML page caching, because when cached page is loaded, WordPress is not even loaded, so the request doesn’t reach the plugin, and it can’t check for ban conditions. It all depends on the cache plugin in use, and how the cached content is served.
  • The other method is by using .HTTACCESS file, and write all the banned IPs into that file. This will be 100% effective, and will stop request before it reaches the WordPress, it will be stopped at the webserver level, saving on the webserver resources. This method has two downsides: you need to use Apache or Litespeed servers with .HTACCESS enabled (it usually is), and since the denial is done on server level, it will not reach WordPress, so the attempt can’t be logged.
Rate this article

You are not allowed to rate this post.

Leave a Comment