Advanced Blocking

From Wordfence Documentation
Jump to: navigation, search

Advanced Blocking is located on a tab of the Blocking page on the Wordfence menu.

Before reading Advanced Blocking, we recommend you read our Whois Lookup article to understand what Whois lookup is, how you can use it to find out which network an IP address belongs to and how you can use Whois combined with Advanced Blocking to quickly block networks or blocks of IP addresses. The real power of Advanced blocking is the ability to view Wordfence Live Traffic, do a quick Whois on an IP address to find out which network it belongs to and then click that network to block it using Advanced Blocking. So Live Traffic, Whois and Advanced Blocking work closely together in Wordfence to let you block attacks from entire networks with just three clicks.

Advanced Blocking in Wordfence gives you a way to block:

  • Ranges of IP addresses (which are also called networks).
  • Certain web browsers or web browser patterns (also called user-agents)
  • Certain referers. These are the websites your traffic arrives from, or claims to have arrived from.
  • Any combination of the above. For example, if you specify an IP address range combined with a web browser pattern, then only if BOTH match will the visitor be blocked. (The logic is a boolean 'AND')

How to block a range of IP addresses

To block a range of IP addresses, simply enter the starting IP address followed by a space, a dash, a space and then the ending IP address. For example: -

That will block IP address range to which is 22 addresses and includes the addresses ending in 1 and 22.

Enter a reason you're blocking this IP address range and then hit the Block button. That IP address range will be instantly blocked.

How to block a web browser pattern

Web browsers from Android devices generally contain the keyword 'Android' without quotes. If you want to block all Android browsers, in other words all user-agents that contain the word 'Android' you can use the following pattern:


The asterisk character acts like a wildcard so the pattern above means: Block all user-agents that contain the word android and that have any text at the start or end.

You can also do this:


Which means: Block all user-agents that start with 'Android' without quotes.



Which means: Block all user-agents that end with 'Android' without quotes.

Hopefully you get the idea of how you can use an asterisk to mean "any text". All patterns are case insensitive.

How to block a referer (or referring website)

This is a really cool feature we added in Wordfence 5.3.2 which lets you block traffic arriving from a certain website. Why would you want to do this? Because many spammers visit your site claiming they arrived from their own website when in fact they didn't. They're sending you a fake "referer" header which they're hoping will appear in your logs and that you might click on. Also if you show referers anywhere on your site this will give them more visibility and more clicks. So this feature gives you a way to block those bad referers. Here's how:

Lets say you have a website called and if you ever get a visitor arriving at your website who claims to have arrived from you want to block them. Simply enter:


as your blocking pattern. Just like in the web browser examples above, referer blocking uses the asterisk (*) as a wildcard to let you specify patterns that either start with, end with or contain your text.

Blocking a combination of IP address range, browser pattern and referring website

If you're being attacked by several hosts on a network and they are all using the same user-agent string to identify themselves, this can be useful. Simply follow the instructions above but enter any combination of IP address range, user-agent and referer pattern that you want to block. Then enter a reason and hit the button to block the combination.

Removing a block

To remove a block, just click the link below where all the current blocking patterns are listed that is titled "Delete this blocking pattern" and the block will be instantly removed.