In today’s world, there is no such thing as privacy. With so many major websites having their data breached and published online without authorization, it has become increasingly difficult to maintain a shred of your personal information left un-exposed. Wordfence is the SEO tool that ensures you’re safe on any website or blog you visit while protecting your site from malicious hackers looking to steal sensitive user info for profit.
Wordfence is a plugin for WordPress that blocks hackers and scrapers. It also has an option to block Googlebot, which makes it easier to prevent other bots from crawling your website.
Wordfence is a well-known security plugin for WordPress. A scanner for compromised files and a firewall with frequently updated rules that proactively stops harmful bots are among the features.
A nice feature stashed away in the program is the option to create user-configurable firewall rules, which may greatly improve your capacity to stop hackers, scrapers, and spammers.
This utility is not immediately apparent for whatever reason, and you must go through multiple options to discover it.
However, once you’ve found it, you’ll have a simple and efficient technique to keep scrapers, hackers, and spammers off your site.
Scrapers are particularly aggravating since they plagiarize your stuff and distribute it elsewhere.
Now, using Wordfence’s technology, you may take action against such scrapers.
Scrapers’ ability to plagiarize text may be reduced by using a technology like Wordfence.
Sucuri Security and Cloudflare are just two of the numerous WordPress security plugins and SaaS solutions that come highly recommended. Wordfence is only one of several security solutions available; it’s up to you to find out which one works best for you.
Wordfence and other similar technologies work well as a set-and-forget solution.
However, in my experience, the user-configurable firewall in Wordfence allows you to crank up the bot pounding power and really smack down on the hackers and scrapers.
But, before you turn on the firewall, it’s crucial to understand how far these firewall rules may be stretched, and we’ll go over that as well.
WordPress Security with Wordfence
Over 4 million WordPress users rely on Wordfence to keep their sites safe.
Bots that capture too many pages too quickly, or bots and people that demonstrate behaviours that imply an intent to hack the site, are blocked by default by the Firewall.
For a predetermined amount of time, the firewall will block the rogue bot’s IP address, after which Wordfence will remove the block.
The firewall’s default settings are excellent.
However, bots may occasionally sneak through and scrape a site or explore it for weaknesses by scraping it slowly.
Hackers frequently use a bot to hit a website quickly, and when it is blocked, it will rotate to different IP addresses and user agents, causing a firewall to restart the detection process.
However, since these bots aren’t often well-programmed, it’s simple to prevent them more effectively than using Wordfence’s default settings.
Wordfence Firewall Rules Background Information
With server-level tools, several plugins, and even the usage of an.htaccess file, effective bot blocking may be achieved.
However, altering an.htaccess file may be difficult due to the stringent requirements that must be followed, and a mistake in the.htaccess file might result in the whole site failing.
Using firewall rules to prohibit bots is just a more convenient approach to do so.
With Wordfence, you may block a variety of things.
Wordfence enables you to define blocking rules for each of the reasons listed below:
- Range of IP Addresses
- Hostname
- User Agent in the Browser
- Referrer
Range of IP Addresses
The IP address of the server or ISP from which the bot or person is coming is referred to as the IP address.
Hostname
The name of the host is referred to as the hostname. The host isn’t always revealed; the bot/human visitor may just show an IP address at times.
User Agent in the Browser
Every site visitor generally tells the server what browser it is using. User Agent in the Browser means the browser that the visitor says it’s using. A bot can say it’s virtually any browser, which they sometimes do in order to evade detection.
Referrer
This is a page where a bot or a person is said to have clicked a link.
Custom Pattern Blocking by Wordfence
Using the Custom Pattern Blocking tool, create a custom rule to prevent dangerous bots using any of the following four variables.
Here’s how you can get there.
Step 1
In WordPress, go to the left side admin menu and click the Firewall option.
Step 2
Select the Blocking tab from the drop-down menu.
Step 3
Create a firewall rule in the relevant area on the “Custom Pattern” tab. “Block Reason” is the name of one of the fields. Add a descriptive term to that field, such as Hostname, User Agent, or anything. It will make it easier for you to evaluate all of your rules by allowing you to categorize them by block type.
Step 4
Step 5
Simply click the “Block Visitors Matching This Pattern” button to create your rule.
The asterisk (*) may be used as a wild card in Wordfence rules.
Should You Use Wordfence to Block IP Addresses?
Wordfence makes it simple for a publisher to put up bot-blocking firewall rules.
That may be both a gift and a burden. Blocking hundreds of IP addresses using the Wordfence firewall, for example, is inefficient and probably not an appropriate usage of Wordfence.
It’s OK to temporarily restrict IP addresses. Blocking IP addresses indefinitely is probably not a good idea since, as I recall, this might bloat or slow down your WordPress installation.
In general, an.htaccess file is the best way to permanently block hundreds or even millions of IP addresses.
Wordfence’s Hostname Blocking
Blocking a hostname with Wordfence can be a way to block hackers, spammers and scrapers. By clicking Wordfence > Tools you can view the Wordfence Live Traffic log.
This displays bot and human visits, as well as bots that Wordfence has automatically blacklisted.
The hostname of not all site visitors is shown. However, they do show their hostname in certain circumstances, making it simple to block a complete web server.
For example, one site generates DDOS-level bot traffic from a single server for whatever reason. This host does not pay attention to any of my other sites, just to this one.
Between March 2020 and December 2021, one site got over 250,000 assaults, with Wordfence blocking each and every one of them.
Blocking bots by hostname is obviously handy if you want to ban a cloud server that only sends hackers and scrapers.
Some servers, such as Amazon Web Services (AWS), however, transmit both harmful and helpful bots. Inadvertently blocking AWS servers might also block useful bots.
As a result, it’s critical to keep an eye on your traffic and ensure that blocking a hostname won’t backfire.
If, on the other hand, you have no need for traffic from Russia or China, setting a firewall rule utilizing the hostname field is a simple way to prevent hackers, scrapers, and spammers from those two countries.
Simply write a rule that prohibits all hostnames ending in.ru and.cn. All Russian and Chinese hostnames ending in.ru and.cn will be blocked as a result.
The following is what you should type into the Hostname field:
*.ru *.cn
This is not intended to encourage anybody to use Wordfence to prevent Russian and Chinese bots based on their hostname. It’s merely a demonstration of how it’s done.
Hackers and scrapers must be stopped. Using a User Agent
Many rogue bots use old and out of date User Agent in the Browsers.
I saw an uptick in hacking bots utilizing the Chrome 90 user agent (UA) from the same set of web hosts after Russia invaded Ukraine. Bot traffic is often distributed differently across various websites. As a result, when they all looked the same across all of my sites, this stood out.
When Wordfence automatically blacklisted these bots for reaching my site too quickly, the bots would change IP addresses and continue to attack the sites.
So I decided to block these bots by their User Agent in the Browser (often referred to as simply, UA).
I started by looking at the StatCounter website to see how many people are using Chrome 90 throughout the globe. According to StatCounter figures, Chrome 90’s market share in the United States was 0.09 percent in January 2022.
At the time of this writing the Chrome browser is at version 100. Considering that Chrome automatically updates browser versions for the vast majority of users it’s not surprising that the usage of Chrome 90 is virtually nothing, so it’s very unlikely that blocking all visitors using a Chrome 90 User Agent in the Browser will not block an actual and legit person visiting your site.
As a result, I decided that blocking everything that comes to my site with the Chrome 90 user agent is secure.
However, there are online programs that employ the Chrome 90 user agent, such as GTMetrix and a security server header tester.
So, if I used the rule *Chrome/90.* to restrict all versions of Chrome 90, I would also block those two online utilities.
Examining the precise Chrome 90 variations used by hackers and internet tools is another option.
This Chrome UA is used by GTMetrix and other tools:
Chrome/90.0.4430.212
These Chrome UAs are used by hackers and scrapers:
Chrome/90.0.4400.8 Chrome/90.0.4427.0 Chrome/90.0.4430.72 Chrome/90.0.4430.85 Chrome/90.0.4430.86 Chrome/90.0.4430.93
So, if you want to enable internet tools to check your site while simultaneously blocking dangerous bots, here’s how you may accomplish it:
*Chrome/90.0.4400.8* *Chrome/90.0.4427.0* *Chrome/90.0.4430.72* *Chrome/90.0.4430.85* *Chrome/90.0.4430.86* *Chrome/90.0.4430.93* *Chrome/90.0.4430.85* *Chrome/90.0.4430.86* *Chrome/90.0.4430.93*
This is how you can stop Chrome/90.0.4430.93 from running:
A Word of Caution About Blocking User Agents
Before blocking Chrome 90 I kept checking the Log of Wordfence Traffic (accessible at Wordfence > Tools) in order to be sure that no legit bots, like GTMetrix, are using Chrome 90 was using that user agent.
For example, you may not want to disable Chrome 96 since it is used as a user agent by certain Google products.
Always check to see whether a user agent or hostname is being used by genuine bots.
Using the Log of Wordfence Traffic is a simple method to find out.
Log of Wordfence Traffic
The Log of Wordfence Traffic shows you at a glance all user agents accessing your site in near real-time. The traffic log shows information such as user agent, indicates whether the visitor is a bot or a human, provides the IP address, hostname, the page being accessed and other information that helps determine if a visitor is legit or not.
The way to access the traffic log is by clicking Wordfence > Tools.
Blocking older browser versions is a simple technique to stop a large number of malicious bots. On certain sites, Chrome versions 80, 70, 60, 50, 30, and 40 are very prevalent.
Here’s an example of how to avoid malicious bots from using ancient Chrome UAs:
*Chrome/8*.* *Chrome/7*.* *Chrome/6*.* *Chrome/5.0* *Chrome/95.* *Chrome/5*.* *Chrome/3*.* *Chrome/4*.* *Chrome/5.0* *Chrome/95.* *Chrome/5*.* *Chrome/3*.* *Chrome/4*.*
Again, the foregoing is not a recommendation to ban the bots listed above.
I’d use *Chrome/6*.* since it allows me to ban the whole Chrome 60 series of user agents, including Chrome 60, 61, 63, and so on, with just one rule instead of having to write all 10 user agents.
With a single rule, I can block the whole 60 series.
Blocking the ten and up series, such as this *Chrome/1*.*, will also prevent Chrome 100, the most recent version of Chrome.
The following is an example of how to utilize the mentioned Chrome user agents to prohibit malicious bots.
Bad bots also use old and retired Firefox User Agent in the Browsers and some even display python-requests/ as a user agent.
When creating firewall rules, be cautious.
Always do your research first to determine what bad bots are using on your own sites and make sure that no legitimate bots or site visitors are using those old and retired User Agent in the Browsers.
The way to do your research is by inspecting your traffic log files or the Log of Wordfence Traffics to determine which user agents (or hostnames) are from malicious traffic that you don’t want.
Wordfence is a free plugin for WordPress that helps to protect websites from hackers and scrapers. It can also help to identify these threats and block them before they can do any harm. The Wordfence rate limiting feature allows users to set time limits on how long a single IP address can access their website. Reference: wordfence rate limiting.
Related Tags
- wordfence is crashing my site
- exceeded the maximum number of page not found errors per minute for humans
- crawlers or humans
- you can harden your wordpress site security by adding __ to your wp-config php file
- how to check if your wordpress site has been hacked
