Hi @ravanh
I hope you’re well today!
If you try visiting this file in browser (like “yoursite.com/autodiscover.xml”), first you should get 404 if it doesn’t exit and upon next visit, you should see a lockout message.
Is this happening? If yes, then it means that the feature (blocklist) is working as expected.
This is because Defender’s firewall is a part of a plugin meaning it works “within” WordPress – it’s a script so it can only react to requests that it receives.
Blocking such files will not cause requests to stop “out of the box”. What it does is it determines how such requests are handled. So without being blocked, such request would return 404 error (as the file doesn’t exist). Once it’s blocked, it will automatically “ban” requests from a given IP but request will still be hitting the site, it’s just that the response will be different – the lockout screen accompannied with a “forbidden” HTTP status code. Eventually it might stop bots from requesting the file but that’s not something that we/you could control (that could be controlled on a script level).
If you want to stop such requests from hitting your site – or rather server, as this is more important – then you would need some “external” firewall. This applies to any type of “plugin” firewall actually, not only Defender. A simple way could be to use e.g. a CDN such as free version of CloudFlare (as it allows you to set some rules) and that would let you stop such requests before they even reach the server.
Kind regards,
Adam
Hi Adam, thanks for responding 🙂
Ok, I think I misunderstood the description “Choose specific files, folders and file types that you want to automatically ban users/bots from accessing, or allow access to.” then… It’s not that users/bots get banned themselves but only the (one) request?
I was hoping to be able to ban (either temporarily or permanently) any bots that scan for certain file types, like wp-config.php.inc trying to find a backdoor. Many of those 404’s are so obvious from bad bots, that I’m trying to reduce some server load by blocking them early instead of having WP generate 404 pages all the time.
Could I make this a feature request then? Something to be able to send IPs associated with certain file types or patterns straight to the BAN list?
Thanks! 🙂
Hi @ravanh
I hope you are doing well.
I enabling some security features that can help you to reduce the number of bad bots:
– Geo blocking https://wpmudev.com/docs/wpmu-dev-plugins/defender/#locations
Banning specific countries if you don’t provide service or content for those ones can help to reduce bad access.
– 404 protection https://wpmudev.com/docs/wpmu-dev-plugins/defender/#404-detection
Reduce the 404 protection Threshold and include the timeframe or even permanent ban.
– Bot protection https://wpmudev.com/docs/wpmu-dev-plugins/defender/#user-agent-banning
– Cloudflare, it has a Free plan that can help you further with protection and reduce the loads.
https://wpmudev.com/docs/hosting/dns-and-domain-management/#cloudflare
About your feature request, we sent to our developers and designers, we can’t guarantee that it is going to be included in the plugin or give an estimated time but you can follow our roadmap on https://wpmudev.com/roadmap/#defender
Best Regards
Patrick Freitas
Hi Patrick and Adam, thank you both for your responses and suggestions! 🙂
Hello @ravanh ,
I will mark this ticket as resolved since it looks like you don’t have more questions for us. Feel free to reopen it if needed.
kind regards,
Kasia
