Ok, my bad, since it actually lets you enter several ranges but not comma-separated but as several entries in the list.
But it will only let you block not whitelist.
Additionally is this intended for blocking everyone to the whole site or just wp-admin?
The “Advanced Blocking” page does block traffic from the whole site, and not just wp-admin and wp-login.php
If you have specific IPs or ranges for your staff that won’t include potential attackers, you can use the option “Whitelisted IP addresses that bypass all rules” on the Wordfence Options page, to make sure they can have access. (Let me know if you need help formatting the ranges.)
The options under the “Login Security Options” heading can be set very strict, if all good IPs are whitelisted — just be careful not to whitelist dynamic IP addresses, because if your users’ IP addresses change, they may no longer be covered by the whitelist.
There may be some other options you would like in the premium version, including cellphone sign-in. More details are available at wordfence.com, and questions on any premium features can be emailed to presales (at) wordfence.com
-Matt R
Hi,
So there is no way to block people form the admin section. The approach makes sense, whitelist all internal IPs while at the same time enforce the most strict restrictions for logins from outside the range.
This will mean the whitelisted IPs will not have ANY restrictions right?
Yes, the whitelisted IPs should bypass all of the rules.
I recommend checking the Live Traffic page, to be sure IP addresses are being received properly — in some cases, when using a reverse proxy on the server or through a service like CloudFlare, the IP addresses may show the server IP (or CloudFlare’s) instead of the visitor’s, and you may need to update the “How does Wordfence get IPs” option on the Wordfence Options page.
Remember also, if you ever add a reverse proxy later, you may need to change that setting. Or if anyone’s IP is dynamic, you will have to update the whitelist when they get a new IP.
-Matt R
