• Resolved doug wilson

    (@dgswilson)


    I’ve tested a few security plugins to keep from having to constantly battle people and their bots via htaccess. I’ve had Shield up for a week or so. Two questions:

    Wouldn’t it be better to block a habitual offender, from say a company, myself? So, performance wise, the firewall, wordpress, php, database … never has to get involved?

    2) How would the firewall deal with user agents: scrapers, harvesters etc.?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Paul

    (@paultgoodchild)

    We support blocking “habitual” offenders using the IP Manager. It has an adaptive IP blocking system which will block visitors upon repeated transgression. You can choose how long to block them, and how many transgressions they must make before being blocked.

    Maintaining large lists of IP addresses isn’t viable:
    https://www.icontrolwp.com/blog/beware-new-security-theat-wordpress-misinformation-virus/

    Shield never touches your .htaccess. We may introduce this, but not likely. This would be the only way to optimise performance. Too many plugins modify the .htaccess so you have a whole ream of rules in there that must be processed with every requests and with a huge variety of plugins doing it, conflict and overlap are inevitable. That is a messy soup we have until now avoided.

    As to #2 user agents are easily faked, I wouldn’t even bother considering them. They can’t really be used as a reliable data point.

    The question was

    “Wouldn’t it be better to block a habitual offender, from say a company, myself? So, performance wise, the firewall, wordpress, php, database … never has to get involved?”

    … myself meaning htaccess.

    2) “user agents are easily faked, I wouldn’t even bother considering them.”

    faked? is that the right word? can I visit a site using mozilla 5 linux and have it show up as MSIE 8 in logs?

    My question was as to how things were dealt with and wondering about performance. I can’t see any reason to have a plugin analyzing the behavior of every bot using MSIE 5 or 6 when I could stop them before they get that far and serve them a few kb html page.

    Plugin Author Paul

    (@paultgoodchild)

    Bots typically don’t use browsers. They’re scripts/software and they can send any user agent they like.

    As to .htaccess , we don’t use it in Shield.

    really wanted your views on performance. 1 deny via htaccess versus allow all and let plugin analyse things. I know it’s milliseconds. But I have no way of accurately testing what any number of visitors might experience. I can test server response time but that’s miles different than wordpress/theme/images/api/etc times

    But thanks, I’ll just continue playing with things

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘IP’s & User Agents’ is closed to new replies.