For increasing security there are many security measures developed for WordPress so far. IP Geo Block is Definitely the Best WordPress Brute Force Plugin in 2016 Being Capable to Throw Custom HTTP Error Based on Country, Analyze the Attempts and Being Lighter. It is comparatively less known, free, without any spammy promotion of service. IP Geo Block WordPress is really advanced in all the ways.
Expected Features From a Best WordPress Brute Force Plugin
It is expected that such plugin will block all the predefined unwanted attempts from bonnet based on a logic, almost have no false positive for wrongly identifying the owner and blocking, possibly have a text based log files. IP Geo Block does have all the features and one can easily uninstall the heavy common plugins, of course if the server backend is configured in the way we described in chapter 3 of iptables basics tutorial. The plugin does all the works more than we ever expected from a WordPress plugin. Frankly, the plugin library should be included within WordPress by default.
IP Geo Block : Best WordPress Brute Force Plugin
The WordPress plugin is available on WordPress Plugin repository :
---
1 | https://wordpress.org/plugins/ip-geo-block/ |
Also, the developer has a detailed guide :
1 | http://www.ipgeoblock.com/codex/the-best-practice-of-target-settings.html |
But the writings are nothing. If you are not from India, then try to access our wp-login.php page :
1 | https://thecustomizewindows.com/wp-login.php |
You will see a custom 403 HTTP error. If you are from India, then use Tor browser to change IP address to different country and access the same URL to see the 403 HTTP error.
You may argue that, botnet can run attack from Indian IP and intrude inside. But we have Fail2Ban on server with another beautiful WordPress plugin to integrate Fail2Ban. We kept not much ways. Additionally, it is easier to take legal action against own country’s brute forcing IP addresses – at least officially there are ways. Not only that, within WordPress admin, we can actually view your IP address, such tries. IP Geo Block represent the tries as pie chart, keeps log. We can use that log creating a bash script for direct ban via iptables.
These are total IP range which can be whitelisted in CIDR format, there is a blank in the plugin’s settings page named “Whitelist of extra IP addresses prior to country code (CIDR)” :
1 | 127.0.0.0/8,66.135.32.0/19,66.155.0.0/18,69.174.240.0/20,72.232.0.0/17,76.74.248.0/21,192.0.64.0/18,198.181.116.0/22,207.198.64.0/18,209.15.0.0/16,216.151.208.0/20,69.46.36.0/27 |
The above are WordPress related (may be needed to add for allowing the automatic functions), yet you can perform web search with the IPs before adding them. We gathered them for blocking all to XML-RPC via Nginx to fight with PHP5-FPM error out of error (you probably need to read it).
We saw such quality of work with Header and Footer plugin, Ad Injection etc. Users may need to temporary disable the feature to block Admin area, Ajax attempts during uploads of post. If you have noticed any other tips to troubleshoot problem, please inform us to update this small guide.
Tagged With 69 46 36 0 , 7 Best WordPress Plugins To Block Certain Geographical IPs , Brute Force SEO