One of the important aspects of securing your WordPress site is monitoring the IP addresses of users and user agents accessing your site. There are many situations you may need to block the IP address of a user when running a WordPress blog.
Jun 27, 2010 - Try this list: Although the combination of Google, Yahoo, Bing, Baidu,. Jump to Bingbot/MSN. NOKIA; Lumia 530) like Gecko BingPreview/1.0b. Regex to match all of these user-agent strings: bingbot, bingpreview, msnbot.
Below are some of the scenarios when happens continuously need blocking action from your side:. User or bot trying to access your login page. User or bot leaving spam comments.How to Monitor Harmful IP Addresses?In order to block the harmful IPs, first you need to monitor the traffic activities on your site.
You can do this on server level or use plugin and monitor on the admin dashboard. Server Level MonitoringLogin to your hosting account and navigate to the cPanel. Look out under statistics section to check the tools available for monitoring the traffic on your site. Awstats is one of the popular statistics tool offered by almost all of the popular hosting companies. Click on the icon and select your site to view the traffic data. Blocking IP Address Using IP Deny Manager Blocking Bots with.htaccessUnfortunately no tool in cPanel allows you to directly block user agents or bad robots.
You need to use directives in.htaccess file to block the identified robots. Besides the list you found from Awstats robots access list, there are also many readymade lists of bad bots available online. Below is one of the lists available on, which you can copy and add under.htaccess file. This is an exhaustive list blocking many known bots along with Baidu Spider and Yandex bot. Learn more on how to. # END Blocking Bad BotsIt is also good idea to discuss with your host to find the list of bad bots if they already have one.
Problems with Server Level BlockingThere are few problems with server level IP blocking:. Most of the time the IPs include the CDN and your own hosting IPs.
It is difficult to find the harmful IPs just by doing analysis without any references. Wrongly blocking IPs will stop the real users instead of hacker’s IP. You have no option to add user agents directly in IP deny manager.
You need to block those bad bots by directly modifying.htaccess file.Using Plugin to Block IPsThe tedious job of blocking IPs and user agents on server level can easily be done with a plugin from the admin dashboard. There are many free and paid plugins out there for doing this job perfectly. We will discuss the feature available with one of the popular security plugin “All in One WP Security & Firewall”. Finding All in One WP Security and Firewall PluginInstall and activate the plugin from your WordPress admin dashboard.
There are settings to be enabled in order to monitor the harmful IP addresses. Navigate to “WP Security Login Lockdown” and enable the option “Enable Login Lockdown Feature”. This will log all the IP addresses trying to login to your site. You can get an instant email when there is a lockdown and view the full list of locked IP addresses under “WP Security Dashboard Locked IP Addresses”.Login Lockdown Option in All in One WP Security and Firewall Plugin. Enable comment spammer’s IPs under “Spam Prevention Comment Spam IP monitoring” section. You can automatically block the spammer’s IP permanently when particular number of spam comments is received.
All the permanently blocked IPs can be viewed under “Dashboard Permanent Block List” section.Once you have the list of harmful IP addresses then navigate to “Blacklist Manager” option. Enter the IP addresses one per line and save your settings.
You can enter individual IPs or with wild card like 195.47.89. or 195.47. or 195. ConclusionMonitoring and blocking IP addresses in a continuous action and hence we recommend using “All in One WP Security & Firewall” or any other security plugin for this purpose.
At the same time, blocking bad bots is one time activity or you can do it as and when required by directly editing.htaccess file. At any case, ensure you are monitoring and blocking the harmful IPs. This will not only help to improve the security of your site but also save bandwidth on your hosting server by denying access to bad users and user agents.
Copy/paste any user agent string in this field and click 'Analyze'Internet Explorer 6.0MozillaMozillaProductSlice. Claims to be a Mozilla based user agent, which is only true for Gecko browsers like Firefox and Netscape.
For all other user agents it means 'Mozilla-compatible'. In modern browsers, this is only used for historical reasons. It has no real meaning anymore4.0Mozilla versioncompatibleCompatibility flagIndicates that this browser is compatible with a common set of featuresMSIE 6.0Name:version 6.0Windows NT 5.1Operating System:SV1Windows XP Service Pack 2 installed (Security Version 1).