Auto-refresh After a Set Time Interval

  • Resolved codevo

    (@codevo)


    3 years, 6 months ago

    Hi, lately I noticed someone from Singapore visits a particular article on my website and uses a bot or browser extension to refresh the page in this rhythm:

    three times refresh in 3 minutes, wait for one minute, and refresh five times in five minutes.

    So the person continues this rhythm for as long as he is fed up. Please how do I handle this issue to mitigate such acts?

    My goal is to block anyone who refreshes an article more than 5 times within a 30 minutes period. The user can visit other articles but he is not allowed to refresh a single article more than 5 times. If the premium version of Wordfence can help me stop such acts then I don’t mind paying for it.

    • This topic was modified 3 years, 6 months ago by codevo.

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    3 years, 6 months ago

    Hi @codevo, thanks for your message.

    It’s generally an ineffective strategy to try maintaining custom blocks for hits on your site like this because Rate Limiting settings that would restrict visitors to 5 page loads over 30 minutes is going to catch a lot of legitimate users clicking around your site and hurt it in the long-run.

    Wordfence will do the important blocking for you, but prefers to look at the intent of a bot/human, such as trying vulnerable query strings, SQL injections, malicious User-Agents etc. Of course if an IP is continuously hitting your site an unreasonable amount of times and is sucking up resources, your Rate Limiting settings in Wordfence > All Options can be adjusted to taste. I generally set my Rate Limiting Rules to these values to start with: Rate Limiting Screenshot

    • If anyone’s requests exceed – 240 per minute
    • If a crawler’s page views exceed – 120 per minute
    • If a crawler’s pages not found (404s) exceed – 60 per minute
    • If a human’s page views exceed – 120 per minute
    • If a human’s pages not found (404s) exceed – 60 per minute
    • How long is an IP address blocked when it breaks a rule – 30 minutes

    I also always set the rule to Throttle instead of Block. Throttling is generally better than blocking because any good search engine understands what happened if it is mistakenly blocked and your site isn’t penalized because of it. Make sure and set your Rate Limiting Rules realistically and set the value for how long an IP is blocked to 30 minutes or so. In your case, you could try extending the block time to hours or days to try deterring them from trying so frequently once they do receive a block. However, the user you described is probably only making around 50 hits per hour using the pattern you’ve described so this could still be considered pretty strict, but you could trial it to see if it affects your genuine visitors.

    Remember there is no hard and fast, one size fits all set of rules for every site. This is just a good place to start. During an attack you may want to make those rules stricter. If you see visitors, like search engine crawlers getting blocked too often, you might want to loosen them up a little.

    Here is a video guide to Rate Limiting as well:
    Rate Limiting Guide

    Country Blocking could be a legitimate answer to this problem if they’re the only one from a specific destination and not your usual target-market. However, I can’t discuss premium features or perceived benefits of upgrading here on the free version’s support forums that ww.wp.xz.cn kindly provide for us. Emailing presales @ wordfence . com will help us answer any queries you have in this area.

    Thanks,

    Peter.

Viewing 1 replies (of 1 total)

The topic ‘Auto-refresh After a Set Time Interval’ is closed to new replies.

Tags