Better Tool Than IP Deny to Block Countries IPs

Avatar
InMotionFans
  • Answered
There is a tool for Wordpress called http://www.wordfence.com/

It would save InMotionHosting significant bandwith ( = $ ) if they included this product on an account wide basis.

Manually entering all the IPs for countries not wanted is laborius and can be difficult for your basic user. Certainly including this kind of tool on CPanel would be to InMotionHosting's advantage as well as every user.

Please consider an easier tool than the IP Deny Tool.
Replies 1
Avatar
0
JacobIMH
Hello, and thanks for your question. The WordFence Security plugin does work great if you have a WordPress website. We also already utilize server-wide ModSecurity rules to protect all of our users from WordPress brute force attacks. Because not all of our customers run WordPress, it's not something we'd want to include on every account by default. Most WordPress security plugins can cause you to have higher CPU usage as they analyze your traffic. If you'd like to block a specific country from any website no matter the CMS you're running, you can always use a tool like the IP2Location Block Visitors by Country, then like you said manually put them in your .htaccess file. But take note that the China IP block for instance is about 6,200 lines in itself. That means if you had China and a few other countries with large IP pools blocked via your .htaccess file, your good visitors you're expecting from the USA or other places will have to have every single one of their requests processed through those .htaccess rules which can lead to slower response times. We can look into possibly developing a better IP Deny plugin for use within cPanel, so that WordPress or any other type of website can be more easily protected. In my experience the best method for this is reviewing your website access logs via a cronjob and if problematic requests are coming in, then add that IP to the .htaccess rules. That way if you just have 1 person from China trying to access your website maliciously you don't need to have the server check through every possible Chinese IP range for all requests, just block the single one causing problems. Thanks for the suggestions! - Jacob