VPN blocking should not be default

  • postcd

    (@postcd)


    1 week ago

    For many people in growing number of countries VPN/proxy is only way to access uncensored internet. Blocking these people by default (as your plugin seems to be doing) on a General settings tab, seems like bad idea. It should be unchecked or set to challenge (with captcha – not all works in China etc, or similar anti-bot – js, PoW challenge) such user instead of a blocking.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Omajemite Don

    (@ejesgist)

    5 days, 15 hours ago

    Hi @username,

    You raise a valid point about VPN/proxy users in censored regions. Let me explain how BotFend handles this.

    What the “Block Proxies/VPNs” setting actually does:

    It does NOT block all proxy/VPN users immediately. Here’s what happens:

    1. Proxy/VPN detected → adds 3 score points (configurable)
    2. User exceeds rate limit (default 100 requests/minute) → block
    3. Legitimate VPN user browsing normally will never hit 100 requests/minute
    4. Only bots/scrapers making hundreds of requests get blocked

    The settings you control:

    • Score for proxy/VPN (default: 3) – you can reduce to 1 or 0
    • Rate limit (default: 100/min) – you can increase or set to 0 to disable
    • Action (General tab) – Log Only Mode prevents any blocking while you test

    For countries you trust (including censored regions):

    Go to WordPress Tab → Country Whitelist section:

    1. Enable Country Whitelist
    2. Add trusted countries (comma-separated: CN,IR,RU,etc.)
    3. Set Max Score for Whitelisted Countries (default: 8)

    Whitelisted countries get higher tolerance – they are only blocked if their bot score exceeds 8 (very high). A legitimate VPN user will never reach that.

    Recommended settings for maximum access: Setting Value Block Proxies/VPNs ✅ Check ON Score for Proxy/VPN 1 (not 3) Rate Limit 200/min Log Only Mode ✅ ON (for testing) Country Whitelist Add CN, IR, RU, etc. Whitelist Max Score 8

    A legitimate user from a censored region using VPN:

    • Gets +1 score (minor)
    • Makes 2-5 requests per minute (well under limit)
    • Never gets blocked

    A bot/scraper:

    • Gets +1 score
    • Makes 500+ requests/minute
    • Exceeds rate limit → blocked

    Your website should be “Fend” – protecting against bots while respecting legitimate users. The current settings allow this. You just need to whitelist the countries you trust.

    If you still prefer challenge instead of score, set Score for Proxy/VPN to 0 and let other detection methods (rate limit, 404s, behavioral analysis) handle bots.

    Thanks for the discussion.

    Thread Starter postcd

    (@postcd)

    3 days, 15 hours ago

    What the “Block Proxies/VPNs” setting actually does:

    It does NOT block all proxy/VPN users immediately.

    Then adjust that setting “Block Proxies/VPNs” description on General settings tab. Because you have failed to mention it there + its scoring impact so admin can understand it. But i doubt what you are saying is true, looks rather like an AI hallucination to me.

    set Score for Proxy/VPN to 0

    There is no such score near mine described setting “Block Proxies/VPNs”

    Also i have not asked for a description of the feature or how to set a whitelist. Please avoid wasting more of my time with this stupid AI-like responses.

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Tags