Support » Plugin: Wordfence Security » WF IP block vs. .htaccess

  • Resolved Northumbrian


    Even though I block ‘healthy’ ranges of IP#’s in .htaccess [with a simple ‘deny from’] I observe that WF logs some of these IP#’s as ‘Blocked from accessing this site’ – and counts the access attempts.

    Does this mean that WF’s blocking techniques take precedence over .htaccess?


Viewing 12 replies - 1 through 12 (of 12 total)
  • Not possible. If your .htaccess is written correctly they cannot access the site at all.

    I have over 50 ranges blocked using .htaccess and never see them.

    Are you using something like:

    deny from


    try substituting the range for your isp and see if you are blocked

    By the way, I prefer to redirect over the deny access, it’t a little cleaner and doesn’t fill your server error log.

    RewriteCond %{REMOTE_ADDR} ^183\. [OR] # large china block
    RewriteCond %{HTTP_USER_AGENT} baidu [NC] #
    RewriteRule .* http://%{REMOTE_ADDR} [L,R=301]


    Re: ‘not possible’ – good to know. Thanks.

    And yes, I am using something like:
    # Amazon, HiNet and Bezequint Blocks
    deny from etc…

    Thanks too for the 3 ‘redirect’ examples above. *Sigh*. Always more to learn!

    Where would i go to see ‘quick-n-easy’ examples and explanations of those RewriteCond and RewriteRule decs.?

    Plugin Author Wordfence



    Please check the config option in Wordfence on how Wordfence get’s IP addresses and let me know what it’s set to.

    Robin each to his/her own but I’m not sure I’d redirect blocked IP’s back to their own IP address with a 301. The web standard recommends you return a 403 Forbidden which from memory I think would be something like:

    RewriteCond %{REMOTE_ADDR} ^183\. [OR] # large china block
    RewriteCond %{HTTP_USER_AGENT} baidu [NC] #
    RewriteRule .* - [F]



    Re: Wordfence Get IP’s

    I’ve chosen ‘Use PHP’s built in REMOTE_ADDR….’


    where do I find out what these [OR], [NC] & [F]’s all mean? Tx.

    Plugin Author Wordfence


    Do you know if you have a proxy or nginx in front of your web server? Of so you can try switching to X-Forwarded-For which may give you better results. But first, do me a favor and check your live traffic. Are you seeing a lot of different IP’s or are they all the same IP?

    htaccess is actually just an apache configuration file that applies to a particular directory and subdirs. So to cover all directives in that file would require me to give you an exhaustive guide to apache configuration. However the specific directives you’re interested in are related to mod_rewrite which you can find here:


    PS: If you found this helpful, please rate Wordfence 5 stars.

    Plugin Author Wordfence


    PS: Nice gravatar. From The Jackal?

    I use shared hosting, and with over 60 & growing ranges blocked, I got frustrated diagnosing server errors when the last 300 lines were mostly filled with “ip 123.456.132.465 denied due to server configuration.”

    Redirecting rogue bots and scrapers puts minimal load on the server, and sending them to a live site is likely to upset the site that gets the traffic. So I teach the bots to contemplate their navels so to speak.

    But after what you pointed out, I’m going to test

    RewriteRule .* http://%{REMOTE_ADDR} [L,R=403]

    as most of mine are Ruskian I redirect them to – it’s in Russian if that’s where you’re botting from!

    @mark yes, indeed from The Jackal!

    I would not want to risk annoying an attacker, it’s one thing to block them, they expect that. But they might take it personally if you pick on their site and send all your unwanted traffic to them. In my case, I’m sending lots of unwanted scrapers and bots away.

    After what Mark pointed out, I tested

    RewriteRule .* http://%{REMOTE_ADDR} [L,R=403]

    And the 403 works as I hoped. The traffic is gone with no hit to the Apache error log.

Viewing 12 replies - 1 through 12 (of 12 total)
  • The topic ‘WF IP block vs. .htaccess’ is closed to new replies.