WPMU DEV’s 5-star security plugin, Defender, lets you easily set up a firewall, block IP addresses with custom blocklists and allowlists, and more…leaving unwelcome visitors unable to step even near your WordPress site.
Hackers can be persistent at trying to get into your site and drop malicious code, figuring out your credentials, and leaving spam. This tutorial will show you just how easy it is to set up Defender’s IP banning and keep your WordPress site safe and protected.
Here are the areas we’ll be covering (jump to a specific topic by clicking on it):
- Automatically Identify Bad Acting IP Addresses
- Creating a Custom Blocklist & Allowlist
- Active Lockout Displays
- Unlocking IP Addresses
- Location Banning
- Creating Custom Message for Banned Users
- Importing and Exporting Custom Blocklist & Allowlist
- Check Your Lockout Log for Suspicious Activity
- Locked Yourself Out? Here’s How To Get Back In
Most areas of this tutorial are accessible in Defender under the Firewall and IP Banning section unless specified differently.
Let’s get started with the best and most powerful feature of Defender’s firewall…
1. Automatically Identify Bad Acting IP Addresses
Defender automatically identifies bad acting IP addresses and adds them to a firewall, providing your site with ongoing security and protection.
You can lock out users who attempt a number of failed login attempts. Defender gives you control over the threshold and duration of the lockout in the Login Protection screen (Defender > Firewall > Login Protection).
You can view how many IP addresses have been temporarily blocked in the Active Lockouts section of the IP Banning screen (Defender > Firewall > IP Banning > Active Lockouts). You can also unblock IP addresses here.
You can also enable 404 detection (Defender > Firewall > 404 Detection), and Defender will automatically block IP addresses that repeatedly request pages on your website that don’t exist. It will also temporarily block these offending IP addresses from accessing your site.
Tip: You can use the 404 detection feature in combination with Defender’s login masking feature to immediately identify and block IP addresses requesting your site’s login page.
In addition to Defender’s automatic IP blocking features, you can also block IPs manually, as the next section explains.
2. Creating a Custom Blocklist & Allowlist
Creating a custom blocklist & allowlist with Defender will keep unwanted IPs from accessing your site, including IP addresses for admins.
You can do this easily by entering IP addresses in the Defender > IP Banning > IP Addresses section.
IPv4 and IPv6 are both supported for the blocklist and allowlist.
To ban IPs from accessing your site, select the first tab: Blocklist.
Type in (or copy and paste) any IPs you want to block–one IP address per line. These IP addresses will no longer be able to access your site.
Select the next tab to add IP addresses that you want to always have access to your WordPress site to your Allowlist.
Note that Defender recommends adding your own IP to the Allowlist section to prevent being accidentally locked out of your site and even detects and presents your IP address for you.
After adding IP addresses to the blocklist and/or allowlist, click the Save Changes button to update your settings.
3. Active Lockout Displays
The Active Lockouts section (Defender > IP Banning > Active Lockouts) lets you easily view how many IP addresses are blocked from accessing your site based on the rules you have set.
And if you need to unblock any IPs, there’s…
4. Unlocking IP Addresses
If you need to unblock a blocked or banned IP address for any reasons, just click the the Unlock IPS button in the Active Lockouts section.
This will display all blocked IP addresses and allow you to unblock those you select by clicking the Unblock icon.
The IP will be automatically unblocked. There’s no need to click any additional buttons or save anything further after this.
You can also search for specific IP addresses in the search area if you’re having difficulty locating them on the list, and unblock all IPs with the click of a button.
5. Location Banning
In addition to blocking specific IP addresses, Defender also lets you ban entire countries from accessing your site.
This feature is handy when you don’t want or expect traffic from specific locations, and want to stop hackers and bots visiting from certain countries.
All this can be done in the Locations section (Defender > IP Banning > Locations).
Defender uses the GeoLite2 Database from MaxMind for this feature. You will need to set up a free account to use location banning.
Follow the prompts and click on the links provided to set up your free account. You will receive an email with instructions on how to set up a password.
FREE EBOOK
Your step-by-step roadmap to a profitable web dev business. From landing more clients to scaling like crazy.
FREE EBOOK
Plan, build, and launch your next WP site without a hitch. Our checklist makes the process easy and repeatable.
After logging in, click the link for a new license key in Defender’s dashboard, create a new license key in MaxMind and copy and paste this key into the License Key field in Defender’s Locations section.
After pasting in your new license key, hit the Download button to enable the option to Blocklist and Allowlist any country.
Note: Allow a few minutes for the key to register.
Once the key has registered and feature has been activated, you’ll see a drop-down menu displaying a list of countries as you start typing.
Select the countries you want to blocklist from this dropdown menu and repeat this process for any countries you want to allowlist.
Selected countries will appear in the box below the blocklist and allowlist areas. To remove any countries from your list, click on the ‘X’ next to the country’s name.
If you make any changes in this section, remember to update your settings by clicking the Save Changes button.
6. Creating Custom Messages for Banned Users
Defender lets you customize the message that will display to locked out users.
If you want to display a message other than the default that Defender automatically provides, just scroll down to the Message section (Defender > IP Banning > Message) and enter your custom message in thetext area .
Anyone on the blocklist will now be greeted with your message.
7. Importing and Exporting Blocklist & Allowlist
If you want to export your blocklist and allowlist to use on another website or import a blocklist or allowlist from another website into your site, Defender makes this quick and easy using the Import and Export features found at the bottom of the IP Banning screen.
Note that importing IP addresses from exported CSV files will not remove any existing IPs; these will simply be added to your existing lists. Also, export files include both your blocklist and allowlist.
8. Check Your Lockout Log for Suspicious Activity
In Defender’s dashboard, head to Firewall > Logs. Here, you can view all of your lockouts and quickly ban, allowlist, or delete the list, plus easily export activity logs of IP lockouts.
You can find logs using a range of sorting and filtering functions, adjust the date range, and export these as a CSV file.
You can also expedite things using the Bulk Actions feature in Firewall > Logs. Select all items at once or check individual boxes, then use the options in the dropdown menu and click the Apply button to ban, allowlist, or delete IP addresses.
To get more detailed information about the logged event, click on the dropdown arrow next to an item. You’ll also have the option to allowlist or ban the IP in this section.
And just like that, all of your lockouts are now taken care of.
Locked Yourself Out? Here’s How To Get Back In
Defender offers so many options to lock out unwanted visitors…but, what if you accidentally lock yourself out due to multiple failed login attempts?
If you are the administrator of the site and you’ve locked yourself out, there’s an easy and secure way to get back in.
If you have exceeded the number of valid login attempts (set in Defender’s Firewall > Threshold settings), you will see a screen like the one shown below.
Click on the Unlock Me button.
Enter the username or the email address associated with the site’s login and click the Unlock Me button again. An email will be sent to your email address with a link to unlock yourself.
Setting Up a Lockout Firewall Can’t Get Any Easier
Unwanted guests won’t get far with Defender’s custom IP address lockout.
And, as you can see, it’s more than just an IP address lockout feature — you can create custom messages, set location banning, view and edit logs, and so much more.
For more tips on using Defender, check out our articles about finding & deleting suspicious code and how to stop hackers in their tracks.
For more information about using all the security features of the plugin, check out Defender’s documentation page.
[Editor’s note: This post was originally published in July 2023 and updated in March 2024 for accuracy.]
