Support » Plugin: Wordfence Security - Firewall & Malware Scan » Customizing Block & Locked Messages from Wordfence

  • Resolved azrobbo

    (@azrobbo)


    This thread from a year ago asked if there was any way to customize the blocked/locked pages that get displayed.

    In that thread there was mention that this might be implemented soon. Unfortunately, I still don’t see a way to change this other than modifying lib/wfLockedOut.php and lib/wf503.php.

    For anyone who wishes to make their Blocked or Locked notifications more secure, i’ve share my modified wfLockedOut.php and wf503.php files on this public GitHub Gist.

    I’m a licensed user, please try to add an option for this into the program so I don’t have to re-copy these files after every update.

    • This topic was modified 2 years ago by  azrobbo. Reason: fixed typo in title
Viewing 15 replies - 31 through 45 (of 54 total)
  • Would love to have this as well, one of our clients is rolling out in the EU country by country and we have the counties blocked that the site is not opened up to yet and would like to provide a message that says something to give potential clients a heads up that there country will have access to the site soon.

    +1 support for this feature

    Why is the “redirect to URL” for blocked pages option only for country blocking? I would like to redirect ALL blocked users to another site. This would also be the easiest way of solving the other problem; webmasters could just create a simple html or php page with the custom block message.

    Actually, I have to support Azrobbo et al as I just saw with my own eyes that security by obscurity may actually be a good thing (as far as it is possible that is).

    I, by chance, was watching the LiveFeed.
    I see a server from the US (we’re not in the US not is any of our staff) get blocked for being naughty and …. the very next things there were hundreds of automated Wordfence Unblock requests from that same IP.
    (I thought I would end his suffering and blocked him/her via csf for now)

    But it can’t get much clearer then that that it may be a good idea to Not mention certain things.

    +1 for being able to customise those 2 pages asap

    WordFence!!! Holy cow how much more evidence do you need before FIXING this PROBLEM?

    Hein(@heinku)
    …. the very next things there were hundreds of automated Wordfence Unblock requests from that same IP.

    @wfasa provided one reason for not modifying the block page as:

    “Mentioning Wordfence on the block pages makes it easier to debug false positive blocks.”

    It’s looking more and more like the Wordfence details are on this page for PR / marketing purposes rather than because they add to security!

    She also said:
    “People manage to lock themselves out sometimes. That’s a far bigger concern to us than that an attacker would see the word “Wordfence” on a block page”

    Surely that easily solved by providing a field asking them for their admin email address to send instructions for unblocking!

    Sorry, but your stand is looking less and less defensible by the day.

    • This reply was modified 1 year, 1 month ago by  StanLight.

    Good news, everybody, for one type of blocking you don’t need Wordfence any more. Country blocking facility is now available for cPanel and WHM via cPHulk (free). Go research it.

    There’s one major advantage to using cPHulk for this – it’s different to Wordfence in one respect. When someone hits your site and is blocked cPHulk doesn’t use it as an opportunity to advertise itself and – yikes! – tell the attacker what software it is that’s blocking him … and why.

    From their documentation: “When cPHulk blocks an IP address or account, it does not identify itself as the source of the block. Instead, the login page displays the following warning message: The login is invalid. “

    Hi StanLight!

    We appreciate all feedback on Wordfence. I believe you have made your opinions quite clear here and rest assure they have been noted. However, if you want to discuss other types of software I suggest you do that in a forum appropriate for the task. This forum is for support for the Wordfence plugin. Thanks in advance.

    Have a great week!

    chook

    (@chook)

    Hi StanLight

    Thanks for that info about cPanel Country blocking – I’ll most defentely look into it.
    But.. it doesn’t solve the Manually Edit the Wordfence files that Mention Wordfence on the other block pages 🙁

    Sonja

    (@summit)

    @wfasa – Please give us a filter or hook or option to change this message. In our case, we want to make it clearer for members and remove the unblock function.

    Sonja

    (@summit)

    Also – are these messages translatable? Looking at the code, it does not seem so.

    +1 vote here too! This should be implemented, more for web developers who pay well for the Premium Versions of Wordfence. I pay for hundreds of Wordfence Premium Licenses every year. Wordfence, please take this into high consideration…

    mountainguy2

    (@mountainguy2)

    Security through obscurity works. It’s ridiculous to base security software design philosophy on avoiding features that provide obscurity. It’s another tool in the box. Whether it be country blocking (which WF Premium does provide), or hiding the WordPress login — or not spoon feeding information in a block message. MTN

    wfasa

    (@wfasa)

    Hi all. This feature was implemented with the latest version of Wordfence. You can now add custom messages to your block page. The option is located in the “Brute Force” section of the “All Options” page.

    mountainguy2

    (@mountainguy2)

    With respect to you Wfasa, we’re asking for an entire swap of the entire block page, not the ability to add text. Please note if possible for future improvements. It seems you guys might have been tone deaf on this. MTN

    Yet Another WP User

    (@yet-another-wp-user)

    @wfasa
    Please don’t provide template replies. The new feature just adds an extra line to existing block page.

    We want our own customized page. We can make a blocking page with the same theme of our website.

    Cloudflare allows users to use their own HTML blocking page instead of their default blocking page.

Viewing 15 replies - 31 through 45 (of 54 total)
  • The topic ‘Customizing Block & Locked Messages from Wordfence’ is closed to new replies.