Featured Imgs 13
Posted on by Nathanael Fakes

How to Create a Powerful and Secure Customized Firewall with Defender

Hackers can be persistent at trying to get into your site and drop malicious code, figuring out your credentials, and leaving spam. Thankfully, with WPMU DEV’s 5-star security plugin, Defender, you can set up a firewall, block IP addresses with customized lists, and more…leaving troublemakers unable to take even the first step into your WordPress site.

This tutorial will demonstrate how easy it is to set up Defender’s IP banning and keep your WordPress site safe.

Here are 8 areas we’ll be covering (jump to a specific topic by clicking on it):

  1. Automatically Identify Bad Acting IP Addresses
  2. Creating a Custom Blocklist & Allowlist
  3. Active Lockout Displays
  4. Unlocking IP Addresses
  5. Location Banning
  6. Creating Custom Message for Banned Users
  7. Importing and Exporting Custom Blocklist & Allowlist
  8. Check Your Lockout Log for Suspicious Activity

Most areas of this tutorial are accessible in Defender under the Firewall and IP Banning section unless specified differently.

Let’s get started with the best and most powerful feature of Defender’s firewall…

1. Automatically Identify Bad Acting IP Addresses

Defender automatically identifies bad acting IP addresses and adds them to a firewall, providing your site with ongoing security and protection.

You can lock out users who attempt a number of failed login attempts. Defender gives you control over the threshold and duration of the lockout in the Login Protection screen (Defender > Firewall > Login Protection).

Defender Login Protection screen.
Defender lets you set how many failed login attempts will trigger a lockout for a user’s IP address.

You can view how many IP addresses have been temporarily blocked in the Active Lockouts section of the IP Banning screen (Defender > Firewall > IP Banning > Active Lockouts). You can also unblock IP addresses here.

Defender Active Lockouts
View and release temporarily blocked IP addresses in the Active Lockouts section.

You can also enable 404 detection (Defender > Firewall > 404 Detection), and Defender will automatically block IP addresses that repeatedly request pages on your website that don’t exist. It will also temporarily block these offending IP addresses from accessing your site.

Defender 404 Detection
Defender’s 404 detection blocks IP addresses that repeatedly request pages on your site that don’t exist.

Tip: You can use the 404 detection feature in combination with Defender’s login masking feature to immediately identify and block IP addresses requesting your site’s login page.

In addition to Defender’s automatic IP blocking features, you can also block IPs manually, as the next section explains.

2. Creating a Custom Blocklist & Allowlist

Creating a custom blocklist & allowlist with Defender will keep unwanted IPs from accessing your site.

It’s done by easily entering any IP addresses. This includes admins, too.

The first area is for your Blocklist.

The area to enter your blocklisted IPs.
The area to enter your blocklisted IPs.

You can type out any IPs you want to be blocked, and they’ll no longer be able to access your site.

When you scroll down a bit further, you’ll have the option to add IP addresses to your Allowlist.

The Allowlist area.
The Allowlist area.

It’s the same as the blocklist, where you just enter the IP addresses that you’d like to always have access to your WordPress site.

IPv4 and IPv6 are both supported for the blocklist and allowlist.

Note: We recommend adding your own IP to avoid getting locked out by accident. Your current IP address will be shown below the allowlist and you can easily copy and paste it in.

When you have all the information added to the blocklist and allowlist, there’s a Save Changes button at the bottom of the screen that will save everything.

Unwanted IPs are no longer going to be stopping by your WordPress site.

3.Active Lockout Displays

You can easily view any IP addresses that are blocked from accessing your site based on your rules.

Active lockouts screen.
Active lockouts screen.

Once you start having lockouts, they’ll all be compiled here. You can see how many IP addresses are currently blocked.

And if you need to unblock any IPs, there’s…

4. Unlocking IP Addresses

Sometimes an IP is blocked or banned and you need to unblock it for many reasons.

Defender makes it simple to release any IP addresses from the Active Lockout area by hitting the Unlock IPS button.

Unlock IPs area.
You can see there are 30 IP addresses currently blocked here.

This will reveal all of the blocked IP addresses and it’s one-click to unblock them by clicking Unblock.

Where you’ll unblock an IP address.
Where you’ll unblock an IP address.

There’s no need to hit anything further after this. It will unblock the IP and you’re all set.

You can also search for specific IPs in the search area if you’re having difficulty locating them on the list.

5. Location Banning

Along with IP addresses, you can also ban entire countries with Defender. This feature is handy when you don’t want or expect traffic from specific locations and want to put a stop to hackers and bots visiting from certain areas.

All of this can be achieved in the Locations section.

Defender works with a company called MaxMind, so it can have access to the GeoLite2 Database. It’s free to set up an account and will ask you to do so when first setting up location banning.

The Locations area. When you get started with Defender, it asks you to set up an account with MaxMind.
The Locations area. When you get started with Defender, it asks you to set up an account with MaxMind.

There are prompts for a free account. From there, they’ll email you steps to set up a password. Once you login in, you click the link for a new license key in Defender’s dashboard.

Create a new license key in MaxMind and then it will be ready to copy and paste into Defender.

Where a new key is produced.
Where a new key is produced.

Once your new license key is pasted, you’ll be all set once you hit the Download button. It may take a few minutes for the key to register, so keep that in mind.

Now you have the option to Blocklist & Allowlist any country.

There is a drop-down menu that displays them. Once you start typing, it will populate any corresponding countries that start with that letter.

The drop-down menu of countries. Select as many as you’d like to blocklist or allowlist.
The drop-down menu of countries. Select as many as you’d like to blocklist or allowlist.

They’ll all appear in the box below your choice of blocklist or allowlist. You can also take them off the list by clicking on the ‘X’ next to the country’s name.

Blocklist of countries.
List of the countries added so far.

When completed, it’s all saved by hitting the Save Changes button.

6. Creating Custom Messages for Banned Users

Give any locked out hacker a customized message from Defender himself. All of this can be done in the Message area.

You have the ability to add a customized message in this space.

Customized blocklist message.
Where you’ll type in a customized message.

And after that, anyone that is on the blocklist will be greeted by Defender.

A message from Defender.
Defender is here to tell them what’s happening.

After clicking the Save Changes button, the message will be functioning and unwelcome guests will know why they’re IP isn’t making the cut.

7. Importing and Exporting Blocklist & Allowlist

If you have a blocklist or allowlist from another website and want to import them, it’s quick and easy to do. Likewise, you can export your list that you have for blocklist and allowlist to use on another website.

All of this is under Import and Export in Defender.

Where you can import and export blocklist and allowlist.
Where you can import and export blocklist and allowlist.

There’s an Import button to import and Export button to export a list.

Importing will not remove existing IPs. Also, when you export, it will include the blocklist and allowlist.

8. Check Your Lockout Log for Suspicious Activity

You can view all of your lockouts and quickly ban, allowlist, or delete the list in just a couple of clicks. Plus, you can easily download your activity logs of IP lockouts.

This, unlike the previous sections, is located in Firewall and Logs on Defender’s dashboard.

Where you can view all of your lockout activity.
Where you can view all of your lockout activity.

Once here, you can sort logs by the latest, oldest, or IP address. You can also export them as a CSV and adjust the date range.

Where you can sort the logs.
Where you can sort the logs.

Also, take care of the issues in one-click with Bulk Update. You can ban, allowlist, or delete just by checking the boxes individually or by the dropdown to take care of them all.

Take care of things in bulk with the bulk update.
Take care of things in bulk with the bulk update.

You can also get more detailed information by clicking on the arrow dropdown next to the issue. There, you’ll also have an option to allowlist or blocklist.

And just like that, all of your lockouts are now taken care of.

Setting Up a Lockout Firewall Can’t Get Any Easier

Unwanted guests won’t get far with Defender’s custom IP address lockout.

And it’s more than just customized IP address lockout — there’s custom messages, location banning, logs, and much more with Defender.

To learn more tips on using Defender, check out our article about finding & deleting suspicious code and all about how to stop hackers in their tracks.

For more information, check out Defender’s documentation page.