How to Create a Powerful and Secure Customized Firewall with Defender

WPMU DEV’s 5-star security plugin, Defender, lets you easily set up a firewall, block IP addresses with custom blocklists and allowlists, and more…leaving unwelcome visitors unable to step even near your WordPress site.

Hackers can be persistent at trying to get into your site and drop malicious code, figuring out your credentials, and leaving spam. This tutorial will show you just how easy it is to set up Defender’s IP banning and keep your WordPress site safe and protected.

Defender firewall dashboard.
Ban IP addresses and lock out hackers from your WordPress site with Defender.

Here are the areas we’ll be covering (jump to a specific topic by clicking on it):

    1. Automatically Identify Bad Acting IP Addresses
    2. Creating a Custom Blocklist & Allowlist
    3. Active Lockout Displays
    4. Unlocking IP Addresses
    5. Location Banning
    6. Creating Custom Message for Banned Users
    7. Importing and Exporting Custom Blocklist & Allowlist
    8. Check Your Lockout Log for Suspicious Activity
    9. Locked Yourself Out? Here’s How To Get Back In

Most areas of this tutorial are accessible in Defender under the Firewall and IP Banning section unless specified differently.

Let’s get started with the best and most powerful feature of Defender’s firewall…

1. Automatically Identify Bad Acting IP Addresses

Defender automatically identifies bad acting IP addresses and adds them to a firewall, providing your site with ongoing security and protection.

You can lock out users who attempt a number of failed login attempts. Defender gives you control over the threshold and duration of the lockout in the Login Protection screen (Defender > Firewall > Login Protection).

Defender Login Protection screen.
Defender lets you set how many failed login attempts will trigger a lockout for a user’s IP address.

You can view how many IP addresses have been temporarily blocked in the Active Lockouts section of the IP Banning screen (Defender > Firewall > IP Banning > Active Lockouts). You can also unblock IP addresses here.

Defender Active Lockouts section.
View and release temporarily blocked IP addresses in the Active Lockouts section.

You can also enable 404 detection (Defender > Firewall > 404 Detection), and Defender will automatically block IP addresses that repeatedly request pages on your website that don’t exist. It will also temporarily block these offending IP addresses from accessing your site.

Defender - 404 Detection screen
Defender’s 404 detection blocks IP addresses that repeatedly request pages on your site that don’t exist.

Tip: You can use the 404 detection feature in combination with Defender’s login masking feature to immediately identify and block IP addresses requesting your site’s login page.

In addition to Defender’s automatic IP blocking features, you can also block IPs manually, as the next section explains.

2. Creating a Custom Blocklist & Allowlist

Creating a custom blocklist & allowlist with Defender will keep unwanted IPs from accessing your site, including IP addresses for admins.

You can do this easily by entering IP addresses in the Defender > IP Banning > IP Addresses section.

IPv4 and IPv6 are both supported for the blocklist and allowlist.

To ban IPs from accessing your site, select the first tab: Blocklist.

Defender IP Addresses - Blocklist section
Enter IP addresses you’d like to permanently ban from accessing your site in the Blocklisted IPs text area.

Type in (or copy and paste) any IPs you want to block–one IP address per line. These IP addresses will no longer be able to access your site.

Select the next tab to add IP addresses that you want to always have access to your WordPress site to your Allowlist.

Note that Defender recommends adding your own IP to the Allowlist section to prevent being accidentally locked out of your site and even detects and presents your IP address for you.

Defender - IP Addresses - Allowlist.
Defender recommends adding your own IP to the Allowlist section to prevent yourself from being accidentally locked out.

After adding IP addresses to the blocklist and/or allowlist, click the Save Changes button to update your settings.

3. Active Lockout Displays

The Active Lockouts section (Defender > IP Banning > Active Lockouts) lets you easily view how many IP addresses are blocked from accessing your site based on the rules you have set.

Defender Active Lockouts section.
Defender lets you see how many IP addresses have been blocked.

And if you need to unblock any IPs, there’s…

4. Unlocking IP Addresses

If you need to unblock a blocked or banned IP address for any reasons, just click the the Unlock IPS button in the Active Lockouts section.

Defender - Active Lockouts - Unlock IPs button highlighted.
Click the button to unlock blocked or banned IP addresses.

This will display all blocked IP addresses and allow you to unblock those you select by clicking the Unblock icon.

Defender - Temporary IP Block List
Unblock IP addresses by clicking on the padlock icon.

The IP will be automatically unblocked. There’s no need to click any additional buttons or save anything further after this.

You can also search for specific IP addresses in the search area if you’re having difficulty locating them on the list, and unblock all IPs with the click of a button.

Defender - Unblock All IPs
You can also search IP addresses and unblock all IPs with the click of a button.

5. Location Banning

In addition to blocking specific IP addresses, Defender also lets you ban entire countries from accessing your site.

This feature is handy when you don’t want or expect traffic from specific locations, and want to stop hackers and bots visiting from certain countries.

All this can be done in the Locations section (Defender > IP Banning > Locations).

Defender uses the GeoLite2 Database from MaxMind for this feature. You will need to set up a free account to use location banning.

Defender - Locations section.
Follow the steps to set up an account with MaxMind and ban countries you don’t want accessing your site.

Follow the prompts and click on the links provided to set up your free account. You will receive an email with instructions on how to set up a password.

After logging in, click the link for a new license key in Defender’s dashboard, create a new license key in MaxMind and copy and paste this key into the License Key field in Defender’s Locations section.

Where a new key is produced.
Where a new key is produced.

After pasting in your new license key, hit the Download button to enable the option to Blocklist and Allowlist any country.

Note: Allow a few minutes for the key to register.

Once the key has registered and feature has been activated, you’ll see a drop-down menu displaying a list of countries as you start typing.

Select the countries you want to blocklist from this dropdown menu and repeat this process for any countries you want to allowlist.

Defender - Locations - Drop-down menu of countries for blocklisting.
Select the countries you’d like to blocklist or allowlist from the dropdown menu.

Selected countries will appear in the box below the blocklist and allowlist areas. To remove any countries from your list, click on the ‘X’ next to the country’s name.

Blocklist of countries.
List of the countries added so far.

If you make any changes in this section, remember to update your settings by clicking the Save Changes button.

6. Creating Custom Messages for Banned Users

Defender lets you customize the message that will display to locked out users.

If you want to display a message other than the default that Defender automatically provides, just scroll down to the Message section (Defender > IP Banning > Message) and enter your custom message in thetext area .

Defender - Messages - Add a custom message to locked out users.
Add a custom message to locked out users or use the default message provided.

Anyone on the blocklist will now be greeted with your message.

Defender Blocked IP message: The administrator has blocked your IP from accessing this website.
Defender’s blocked IP message to unwelcome guests.

7. Importing and Exporting Blocklist & Allowlist

If you want to export your blocklist and allowlist to use on another website or import a blocklist or allowlist from another website into your site, Defender makes this quick and easy using the Import and Export features found at the bottom of the IP Banning screen.

Import and export blocklist and allowlist.
Import and export your blocklist and allowlist for use across different sites.

Note that importing IP addresses from exported CSV files will not remove any existing IPs; these will simply be added to your existing lists. Also, export files include both your blocklist and allowlist.

8. Check Your Lockout Log for Suspicious Activity

In Defender’s dashboard, head to Firewall > Logs. Here, you can view all of your lockouts and quickly ban, allowlist, or delete the list, plus easily export activity logs of IP lockouts.

Defender - Firewall - Logs
Defender logs all lockout activities.

You can find logs using a range of sorting and filtering functions, adjust the date range, and export these as a CSV file.

Defender Firewall logs - filters
Use the sorting and filtering features to find logged records quickly and easily.

You can also expedite things using the Bulk Actions feature in Firewall > Logs. Select all items at once or check individual boxes, then use the options in the dropdown menu and click the Apply button to ban, allowlist, or delete IP addresses.

Defender - Firewall - Logs - Bulk options menu
Perform bulk IP address banning, allowlisting, or deletions using the Bulk Actions feature.

To get more detailed information about the logged event, click on the dropdown arrow next to an item. You’ll also have the option to allowlist or ban the IP in this section.

Defender Logs - Description of log events.
See detailed descriptions of logged events and ban the IP address or add it to your allowlist.

And just like that, all of your lockouts are now taken care of.

Locked Yourself Out? Here’s How To Get Back In

Defender offers so many options to lock out unwanted visitors…but, what if you accidentally lock yourself out due to multiple failed login attempts?

If you are the administrator of the site and you’ve locked yourself out, there’s an easy and secure way to get back in.

If you have exceeded the number of valid login attempts (set in Defender’s Firewall > Threshold settings), you will see a screen like the one shown below.

Click on the Unlock Me button.

Defender Access Denied with Unlock Me feature
Accidentally locked yourself out? Defender’s Unlock Me feature lets you get back in!

Enter the username or the email address associated with the site’s login and click the Unlock Me button again. An email will be sent to your email address with a link to unlock yourself.

Defender's Unlock Me feature screen.
Enter your admin username or email and click the button to regain access.

Setting Up a Lockout Firewall Can’t Get Any Easier

Unwanted guests won’t get far with Defender’s custom IP address lockout.

And, as you can see, it’s more than just an IP address lockout feature — you can create custom messages, set location banning, view and edit logs, and so much more.

For more tips on using Defender, check out our articles about finding & deleting suspicious code and how to stop hackers in their tracks.

For more information about using all the security features of the plugin, check out Defender’s documentation page.

[Editor’s note: This post was originally published in July 2023 and updated in March 2024 for accuracy.]

Go to source

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.