In the last tutorial we saw how . Today we will see how to block these visitors, so that they cannot even access our website.
There are several approaches we can take to do this, depending on the pattern we detect in those visits. Let’s see the typical cases and how to solve it.
Block visit by referring domain
To block visits, the easiest and most comfortable way will be to edit the .htaccess file. This is a bit of a weird file, because it doesn’t have an extension, just a dot followed by its name. This is so because files beginning with a dot are hidden files.
We have to be very careful when editing this file, because a single misplaced comma can wreak havoc across the web. Fortunately, if that happens we simply have to “undo” the change, save again and that’s it.
That being said, we are going to block visitors. What we must do is detect the domain of SPAM (let’s say domainspam.com for example). The lines of code that we must put are the following:
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} domainspam\.com
RewriteRule .* –
Obviously, we will have to change the “spam domains” for the domain that concerns us. If we want to place several domains, no problem, we place them per line:
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} domainspam\.com
RewriteCond %{HTTP_REFERER} other-domainspam\.com
RewriteCond %{HTTP_REFERER} even-other-spam-domain\.com
RewriteRule .* –
Notice that the flags have changed (information between claudators). We will place in all but the last one.
There are many (hundreds, thousands) of these referrers. Fortunately, the most problematic ones are well known, so if you want to save yourself the work of doing this manually, you can use the , which has no more and no less than 8,000 of them. In fact, this list is already prepared so that you can copy and paste it into your .htaccess. You only have to modify the first two lines:
RewriteCond %{HTTP_REFERER} !.*YOURDOMAIN\.com/.*$ RewriteCond %{HTTP_REFERER} !.*YOURSECONDADOMAIN\.com/.*$
Well, with this we already have the subject of cursed referrers. Let’s now see what happens with the countries and regions.
Block visits by countries
So let’s imagine that we have discovered that we have a prominent number of visits from Russia. Unless our website is in Russian, or that we export to that country, the most likely thing is that we have SPAM or some other hacker doing strange things. Well, in that case what we should do is filter by country.
But it turns out that there is no such thing as “filtering by country”, but we will have to do it through IPs, since each country has its ranges of IPs. So, if for example, we want to block the Vatican (I give this example because it is a tiny country with few IPs, not because they have many hackers 😉we should put this:
# BLOCK COUNTRY BY IP RANGE
order allow,deny
# BLOCK THE VATICAN
deny from 46.36.200.0/22
deny from 185.17.220.0/22
deny from 185.77.224.0/22
deny from 212.77.0.0/19
deny from 193.43.102.0/23
deny from 193.43.128.0/22
allow from all
As you can see, this is quite cumbersome, since it is not easy to know all those IPs. And I am not telling you if you want to block Russia, which is hundreds of ranks. Fortunately, there are tools for that, such as those from , which generates a file with all the IPs by country, or the tool from , which generates a code to copy and paste.
Block countries with plugins
So far we have seen how to lock by code, which is what I like. But if you are terrified of touching code, and drops of cold sweat run down your back every time you have to edit a file, you can do it through plugins.
Remember that WordPress already has an integrated utility to block comments from certain IPs. We can see it in the , in lesson 7, . But that does not block the visit, but the fact of leaving a comment.
So, the first solution is to use a plugin from the same people as IP2Location, called (They have herniated thinking about the name, huh?)which does just that.
In addition, the plugin allows us to both block the front-end (the Web) like the back end (control panel), as well as selecting which page we are going to send them to, or even what error we want to show them. A very complete plugin, which also gives us the possibility to connect with your service automatically (prior registration)which will allow us to keep the IP databases updated.
Another option is to use , which works with the Maxmind database, which has an accuracy of more than 99%, making it a more than safe bet.
Block IPs with plugins
On the other hand, if what you want is to block certain IPs, you can use , a plugin that allows us to ban visits by IP, IP range, referrer, or even host and user agent:
In addition, the plugin also allows us to display the message that those who try to access through one of those conditions will see. We have a small text box that allows us to edit the message, and we can even use 6 variables that we have at our disposal to customize the reason for the ban:
Ok, and that’s all for today. You already know how to block by referrers, by countries and by IPs, both by code and through plugins. Now it’s time to do your homework and apply everything.
danger eye
Above all, be very careful with these tools, because they all touch the .htaccess file or the database in one way or another, and if you are not careful you can block yourself, a situation in which you surely do not want to find yourself, because for To solve it you will have to modify the .htaccess file directly by FTP, or even modify the database. In other words, be very careful!
And as always, you already know that if you want to know more and better, you have at your disposal the , all of them guided video tutorials in real time. 😉
Facebook Comments
Disqus