This documentation is only valid for older versions of Wordfence. If you are using Wordfence 7 or later, please visit our new documentation.

Blocked IPs

From Wordfence Documentation
Revision as of 19:20, 7 February 2017 by WFMattr (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Blocked IPs are located on the first tab of the Blocking page on the Wordfence menu.

The Blocked IPs page shows you which IP's have been blocked, locked out from being able to login and "throttled" for accessing the site too frequently. We'll cover each tab shown here in detail and explain what they mean and how to use the information you're shown.

At the top of this page you will find options to clear all blocked IP addresses, clear all locked out IP addresses and you can also manually add an IP address to the list of blocked IPs. You will also find a link next to each IP address that lets you unblock or unlock their access to your site.

Each IP address also includes its location at the city level if that information is available or the country level if it's not. This helps you diagnose which geographic area most attacks or malicious behavior are originating from.

IP's that are blocked from accessing the site

These are IP addresses that are blocked. If a visitor, crawler, automated bot or hacker tries to access your website from the IP shown in this list, they will receive a message saying that their access has been limited and it will include red text that displays a reason their access has been limited.

To get added to this list, an IP address has to break one of the rules defined on the Wordfence options page in the Firewall section or another rule that triggers an IP address block. For example, if you have created a rule on the Wordfence options page that blocks an IP address that accesses a specific URL then any visitor that tries to access the URL will be blocked and their IP address will appear on this page.

Note that there are other ways to block visitors from access your website. For example you can block their range of IP addresses or their country and blocking in this way will not cause the visitor IP to appear on this page because you're blocking their entire range or their country rather than their individual IP address. The list of blocked IPs you're shown on the blocked IP's tab on this page show individual IP addresses that have been blocked.

IPs that are locked out from login

On the Wordfence options page you will find a section that defines login security options. In the login security section you can define the rules that will cause an IP address to be locked out. If an visitor breaks one of these rules, their IP address will appear on this page.

For example, if a visitor tries to sign-into your site and exceeds the maximum allowed number of failures, they will be locked out from trying to sign-in again for the amount of time you've specified in the wordfence login security options.

When a visitor's IP address is locked out, they can access the rest of your website, but they can't sign-in until the lock-out has expired. This is a way to keep hackers from signing into your website, but ensure that the security mechanism is focused on protecting your login system and doesn't block access to the rest of the website.

IPs who were recently throttled for accessing the site too frequently

Wordfence provides a third mechanism which lets you limit access to your website. As part of our product we include a rate limiting Firewall. This lets you limit how many pages visitors and automated crawlers can access on your website per minute. If they exceed the limits you've specified, they will temporarily have their access revoked and will receive a message saying their access to your site has been temporarily limited and they should try again in a few minutes.

Wordfence counts the rate at which requests occur to your website over 1 minute windows. So we provide limits that define the number of requests from an IP address per minute. If you have defined a limit of 200 requests per minute and 199 of those requests are generated in the last 10 seconds of a minute and another 199 are generated in the first 10 seconds of the next minute, and no other requests are generated, then the visitor will not be throttled. However, if 201 requests occur within a single minute, the 201th request will be throttled and the visitor will be throttled for the rest of that minute. This level of granularity provides a good compromise between security and performance.

You can define the maximum rate at which different types of visitors and automated crawlers can access your website under the Firewall Rules section of the Wordfence options page.

We encourage you to place high limits on how quickly humans and crawlers access your website unless you are being aggressive about protecting your content from rogue crawlers or visitors.