How to Create a Powerful and Secure Customized Firewall with Defender
Hackers can be persistent at trying to get into your site and drop malicious code, figuring out your credentials, and leaving spam. Thankfully, with WPMU DEV’s 5-star security plugin, Defender, you can set up a firewall, block IP addresses with customized lists, and more…leaving troublemakers unable to take even the first step into your WordPress site.
This tutorial will demonstrate how easy it is to set up Defender’s IP banning and keep your WordPress site safe.
Here are 8 areas we’ll be covering (jump to a specific topic by clicking on it):
- Automatically Identify Bad Acting IP Addresses
- Creating a Custom Blocklist & Allowlist
- Active Lockout Displays
- Unlocking IP Addresses
- Location Banning
- Creating Custom Message for Banned Users
- Importing and Exporting Custom Blocklist & Allowlist
- Check Your Lockout Log for Suspicious Activity
Most areas of this tutorial are accessible in Defender under the Firewall and IP Banning section unless specified differently.
Let’s get started with the best and most powerful feature of Defender’s firewall…
Defender automatically identifies bad acting IP addresses and adds them to a firewall, providing your site with ongoing security and protection.
You can lock out users who attempt a number of failed login attempts. Defender gives you control over the threshold and duration of the lockout in the Login Protection screen (Defender > Firewall > Login Protection).
You can view how many IP addresses have been temporarily blocked in the Active Lockouts section of the IP Banning screen (Defender > Firewall > IP Banning > Active Lockouts). You can also unblock IP addresses here.
You can also enable 404 detection (Defender > Firewall > 404 Detection), and Defender will automatically block IP addresses that repeatedly request pages on your website that don’t exist. It will also temporarily block these offending IP addresses from accessing your site.
Tip: You can use the 404 detection feature in combination with Defender’s login masking feature to immediately identify and block IP addresses requesting your site’s login page.
In addition to Defender’s automatic IP blocking features, you can also block IPs manually, as the next section explains.
Creating a custom blocklist & allowlist with Defender will keep unwanted IPs from accessing your site.
It’s done by easily entering any IP addresses. This includes admins, too.
The first area is for your Blocklist.
You can type out any IPs you want to be blocked, and they’ll no longer be able to access your site.
When you scroll down a bit further, you’ll have the option to add IP addresses to your Allowlist.
It’s the same as the blocklist, where you just enter the IP addresses that you’d like to always have access to your WordPress site.
IPv4 and IPv6 are both supported for the blocklist and allowlist.
Note: We recommend adding your own IP to avoid getting locked out by accident. Your current IP address will be shown below the allowlist and you can easily copy and paste it in.
When you have all the information added to the blocklist and allowlist, there’s a Save Changes button at the bottom of the screen that will save everything.
Unwanted IPs are no longer going to be stopping by your WordPress site.
You can easily view any IP addresses that are blocked from accessing your site based on your rules.
Once you start having lockouts, they’ll all be compiled here. You can see how many IP addresses are currently blocked.
And if you need to unblock any IPs, there’s…
Sometimes an IP is blocked or banned and you need to unblock it for many reasons.
Defender makes it simple to release any IP addresses from the Active Lockout area by hitting the Unlock IPS button.
This will reveal all of the blocked IP addresses and it’s one-click to unblock them by clicking Unblock.
There’s no need to hit anything further after this. It will unblock the IP and you’re all set.
You can also search for specific IPs in the search area if you’re having difficulty locating them on the list.
Along with IP addresses, you can also ban entire countries with Defender. This feature is handy when you don’t want or expect traffic from specific locations and want to put a stop to hackers and bots visiting from certain areas.
All of this can be achieved in the Locations section.
Defender works with a company called MaxMind, so it can have access to the GeoLite2 Database. It’s free to set up an account and will ask you to do so when first setting up location banning.
There are prompts for a free account. From there, they’ll email you steps to set up a password. Once you login in, you click the link for a new license key in Defender’s dashboard.
Create a new license key in MaxMind and then it will be ready to copy and paste into Defender.
Once your new license key is pasted, you’ll be all set once you hit the Download button. It may take a few minutes for the key to register, so keep that in mind.
Now you have the option to Blocklist & Allowlist any country.
There is a drop-down menu that displays them. Once you start typing, it will populate any corresponding countries that start with that letter.
They’ll all appear in the box below your choice of blocklist or allowlist. You can also take them off the list by clicking on the ‘X’ next to the country’s name.
When completed, it’s all saved by hitting the Save Changes button.
Give any locked out hacker a customized message from Defender himself. All of this can be done in the Message area.
You have the ability to add a customized message in this space.
And after that, anyone that is on the blocklist will be greeted by Defender.
After clicking the Save Changes button, the message will be functioning and unwelcome guests will know why they’re IP isn’t making the cut.
If you have a blocklist or allowlist from another website and want to import them, it’s quick and easy to do. Likewise, you can export your list that you have for blocklist and allowlist to use on another website.
All of this is under Import and Export in Defender.
There’s an Import button to import and Export button to export a list.
Importing will not remove existing IPs. Also, when you export, it will include the blocklist and allowlist.
You can view all of your lockouts and quickly ban, allowlist, or delete the list in just a couple of clicks. Plus, you can easily download your activity logs of IP lockouts.
This, unlike the previous sections, is located in Firewall and Logs on Defender’s dashboard.
Once here, you can sort logs by the latest, oldest, or IP address. You can also export them as a CSV and adjust the date range.
Also, take care of the issues in one-click with Bulk Update. You can ban, allowlist, or delete just by checking the boxes individually or by the dropdown to take care of them all.
You can also get more detailed information by clicking on the arrow dropdown next to the issue. There, you’ll also have an option to allowlist or blocklist.
And just like that, all of your lockouts are now taken care of.
Unwanted guests won’t get far with Defender’s custom IP address lockout.
And it’s more than just customized IP address lockout — there’s custom messages, location banning, logs, and much more with Defender.
For more information, check out Defender’s documentation page.