Support » Plugin: Wordfence Security - Firewall & Malware Scan » When and How to Permanently Block IPs

  • I’m not sure what to do with the data I receive in the weekly Wordfence report. For instance:

    1. Recently Blocked Attacks

    Do I permanently block the IPs of those who attack my site?

    If so, do I do that within the Wordfence plugin on my blog or via the IP Blocker in my website CPanel?

    2. Top 10 Failed Logins

    Same questions as above. Do I permanently block those who attempt to login to my site? If so, via the WF plugin or the IP Blocker in my CPanel?

    3. Throttled IPs

    If an IP is continually getting throttled, is it best to permanently block them?

    4. On one of my sites I permanently blocked over 1000 IPs who attacked my site, tried to log-in or were always getting throttled. My web host said I should unblock all the IPs as the large volume of them was why my WordPress dashboard kept hanging when I opened WF. Is it safe to unblock all the blocked IPs?

    Any insight into how to use the basic data would be appreciated!

    Thanks!!

    Sue

Viewing 3 replies - 1 through 3 (of 3 total)
  • Long-time WF user here…

    IP Blocking really is best used for temporary blocks in the event that the same IP keeps hitting the server in a short amount of time.

    It doesn’t work long-term because IPs are fluid, so an IP you block today, may not be the same source next week or next month as they typically change either dynamically, or vary because of different bots being implemented.

    So blocking IPs is really an endless game of whack-a-mole.

    What you really need are multiple strategies of dealing with the endless barrage of pokes that websites continually get.

    1) Block recurring IPs that occur over a short period of time.

    2) Use site tools like Wordfence to provide multiple layers of protection to your website.
    Also – consider using country blocking if your site traffic is typically smaller than “worldwide.” Blocking traffic from hacking-intensive countries like Russia, Ukraine, France, China goes a very long way in reducing unwanted hack probes.

    3) Review traffic logs periodically to note anomalies and patterned hits. Block IPs of those types for longer periods (I use 30 days in Wordfence – that’s usually more than enough time for bots to move on to more accessible pastures).

    4) Periodically run external site scanners to check your site (Sucuri, etc…)

    • This reply was modified 1 year, 9 months ago by  bluebearmedia.

    Good tips from Bluebear.

    I’d add that once you tune your IP blocking, set things so _all_ your blocks are in place for 48 hours or more, that way any recurring criminal attacks from those IPs are blocked going forward.

    Also, when you take it to the next level, get familiar with using the “Block URLs” dialog under Wordfence Options. Place recurring attack URLs in there, it’s a great way to be proactive.

    And, third level, use a VPN so you can test your own Wordfence blocking settings by operating your computer under a temporary IP number. Very enlightening to see what the criminals see as they attack you.

    Like Bluebear says, Country Blocking can be key. Works incredibly well to reduce attack traffic. Hackers with money and brains do bypass country blocking, but the vast majority are going for low budget low-hanging fruit and just use criminal ISPs in the hacker countries such as Ukraine. Block that country and you’ll get to take a breath. Block China and you can take several breaths. And so on.

    MTN

    • This reply was modified 1 year, 9 months ago by  mountainguy2.
    • This reply was modified 1 year, 9 months ago by  mountainguy2.

    @bluebearmedia & @mountainguy2 – Thanks for your tips! I really appreciate you taking the time to share them.

    Sue

    • This reply was modified 1 year, 9 months ago by  SueB.
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘When and How to Permanently Block IPs’ is closed to new replies.