Saturday, November 23, 2024
HomeEveryday WordPressHow to Create a Powerful and Secure Customized Firewall with Defender

How to Create a Powerful and Secure Customized Firewall with Defender


WPMU DEV’s 5-star security plugin, Defender, lets you easily set up a firewall, block IP addresses with custom blocklists and allowlists, and more…leaving unwelcome visitors unable to step even near your WordPress site.

Hackers can be persistent at trying to get into your site and drop malicious code, figuring out your credentials, and leaving spam. This tutorial will show you just how easy it is to set up Defender’s IP banning and keep your WordPress site safe and protected.

Ban IP addresses and lock out hackers from your WordPress site with Defender.

Here are the areas we’ll be covering (jump to a specific topic by clicking on it):

    1. Automatically Identify Bad Acting IP Addresses
    2. Creating a Custom Blocklist & Allowlist
    3. Active Lockout Displays
    4. Unlocking IP Addresses
    5. Location Banning
    6. Creating Custom Message for Banned Users
    7. Importing and Exporting Custom Blocklist & Allowlist
    8. Check Your Lockout Log for Suspicious Activity
    9. Locked Yourself Out? Here’s How To Get Back In

Most areas of this tutorial are accessible in Defender under the Firewall and IP Banning section unless specified differently.

Let’s get started with the best and most powerful feature of Defender’s firewall…

1. Automatically Identify Bad Acting IP Addresses

Defender automatically identifies bad acting IP addresses and adds them to a firewall, providing your site with ongoing security and protection.

You can lock out users who attempt a number of failed login attempts. Defender gives you control over the threshold and duration of the lockout in the Login Protection screen (Defender > Firewall > Login Protection).

You can view how many IP addresses have been temporarily blocked in the Active Lockouts section of the IP Banning screen (Defender > Firewall > IP Banning > Active Lockouts). You can also unblock IP addresses here.

You can also enable 404 detection (Defender > Firewall > 404 Detection), and Defender will automatically block IP addresses that repeatedly request pages on your website that don’t exist. It will also temporarily block these offending IP addresses from accessing your site.

Tip: You can use the 404 detection feature in combination with Defender’s login masking feature to immediately identify and block IP addresses requesting your site’s login page.

In addition to Defender’s automatic IP blocking features, you can also block IPs manually, as the next section explains.

2. Creating a Custom Blocklist & Allowlist

Creating a custom blocklist & allowlist with Defender will keep unwanted IPs from accessing your site, including IP addresses for admins.

You can do this easily by entering IP addresses in the Defender > IP Banning > IP Addresses section.

IPv4 and IPv6 are both supported for the blocklist and allowlist.

To ban IPs from accessing your site, select the first tab: Blocklist.

Defender IP Addresses - Blocklist section
Enter IP addresses you’d like to permanently ban from accessing your site in the Blocklisted IPs text area.

Type in (or copy and paste) any IPs you want to block–one IP address per line. These IP addresses will no longer be able to access your site.

Select the next tab to add IP addresses that you want to always have access to your WordPress site to your Allowlist.

Note that Defender recommends adding your own IP to the Allowlist section to prevent being accidentally locked out of your site and even detects and presents your IP address for you.

Defender - IP Addresses - Allowlist.
Defender recommends adding your own IP to the Allowlist section to prevent yourself from being accidentally locked out.

After adding IP addresses to the blocklist and/or allowlist, click the Save Changes button to update your settings.

3. Active Lockout Displays

The Active Lockouts section (Defender > IP Banning > Active Lockouts) lets you easily view how many IP addresses are blocked from accessing your site based on the rules you have set.

Defender Active Lockouts section.
Defender lets you see how many IP addresses have been blocked.

And if you need to unblock any IPs, there’s…

4. Unlocking IP Addresses

If you need to unblock a blocked or banned IP address for any reasons, just click the the Unlock IPS button in the Active Lockouts section.

Defender - Active Lockouts - Unlock IPs button highlighted.
Click the button to unlock blocked or banned IP addresses.

This will display all blocked IP addresses and allow you to unblock those you select by clicking the Unblock icon.

Defender - Temporary IP Block List
Unblock IP addresses by clicking on the padlock icon.

The IP will be automatically unblocked. There’s no need to click any additional buttons or save anything further after this.

You can also search for specific IP addresses in the search area if you’re having difficulty locating them on the list, and unblock all IPs with the click of a button.

Defender - Unblock All IPs
You can also search IP addresses and unblock all IPs with the click of a button.

5. Location Banning

In addition to blocking specific IP addresses, Defender also lets you ban entire countries from accessing your site.

This feature is handy when you don’t want or expect traffic from specific locations, and want to stop hackers and bots visiting from certain countries.

All this can be done in the Locations section (Defender > IP Banning > Locations).

Defender uses the GeoLite2 Database from MaxMind for this feature. You will need to set up a free account to use location banning.

Defender - Locations section.
Follow the steps to set up an account with MaxMind and ban countries you don’t want accessing your site.

Follow the prompts and click on the links provided to set up your free account. You will receive an email with instructions on how to set up a password.