Support » Plugin: Wordfence Security » Feature request: hostname blocking

  • Resolved mengsel


    I see a lot of failed login attempts by, what I assume are botnets, trying to break in with a non-existent ‘admin’ username. Through the noise of all the failed (and locked out) attempts, I often can discern certain groups of hostnames that seem to be hijacked en masse. For example, we’ve seen a load of malicious traffic pumped through’s network, which made it easy for us to slice away a large chunk of interference by blocking their entire network from accessing the site.

    Unfortunately, WordFence does not allow blocking based on hostname. I’d like to request that feature in a future version. That way I don’t have to work with multiple blocking plugins. Right now, I’m using ‘WP-Ban’ on the side for hostname-based blocking, but I’d like to decrease plugin clutter and this seems like a realistic reason.

    If I am so lucky to discover this new feature in a next WF update, many thanks in advance =)

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Wordfence


    Please visit the following file in the source code of WP-Ban:

    Scroll down to line 181.

    See where it calls gethostbyaddr()

    That does a DNS lookup on EVERY visit to your site if the IP has not already been banned. It will slow your site down to a crawl and you won’t see an increase in CPU disk or memory usage and you’ll wonder why.

    That is why we don’t block by hostname.

    Instead we offer blocking by IP range and give you a way to look up the IP range of a particular hosting provider using the WHOIS function built into Wordfence and the integration lets you do this with a few clicks.

    To find out more about how gethostbyaddr() slows down your site see the PHP documentation here: (do a search for the word ‘slow’ without quotes)

    And here’s a google search:

    Now do me a favor and go out and spread the word that gethostbyaddr() is VERY BADâ„¢ and anyone using it on a production website should be tarred, feathered and woken up at 4am to the sound of The Scorpions “Rock you like a hurricane” blaring through cheap headphones.



    Hi Mark,

    Thanks for the advice. Good to know, I wasn’t aware of the toll it took on the server. I’ve figured out the feature to block IP ranges based on WHOIS searches on single IP’s. Great feature, I’ve moved all the blocked hostnames out of WP Ban into WordFence blocking by IP range. Works fine!

    I have also purchased tar, feathers and cheap headphones, ready for the shitstorm to come. That being said, perhaps it might be a good idea to more prominently feature this functionality — or maybe even streamline the process in WordFence to make it more accessible for less knowledgable users.

    But again, thanks a lot for the advice!

    On a related note, please advise… How do I deal with large or very diverse IP ranges that fall under the same hostname?

    For example, I’ve found a network through your IP WHOIS search that falls under GoDaddy’s webhosting services, of which a small part appears to present itself under a hostname called ‘’. Another network with a completely different IP identifies with the same hostname. IP addresses in both ranges have been blocked for malicious activity.

    How do I make sure no other attacks can originate from


    On an unrelated note — is there a way to customize the ‘blocked’-message in WordFence?

    On an unrelated note — is there a way to customize the ‘blocked’-message in WordFence?

    I’ve also requested this as a feature-

    In the meantime, you can customize the blocked message by editing the wordfence/lib/wf503.php file, but keep a copy of your edited message somewhere because it will get overwritten every time wordfence gets an update.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Feature request: hostname blocking’ is closed to new replies.