I suggest you ...

Add Blacklist section in your security tab

The current server management console, has a n area where we can whitelist our IP address to avoid lockout problems. But could we also get for our servers a blacklist option?

There are multiple WordPress sites I manage. And you have no idea how many hacking attempts I get daily. Being able to block the ip addresses from where these attempts are coming from...could really help us secure our WP sites even more.

54 votes
Sign in
(thinking…)
Password icon
Signed in as (Sign out)

We’ll send you updates on this idea

Mr. Avelardo Lopez / www.AvelardoLopez.com shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

7 comments

Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Submitting...
  • Dan Lavie commented  ·   ·  Flag as inappropriate

    Please implement this feature as soon as possible.
    I'll have to switch to digital ocean soon if this feature is not available.

  • Daniel commented  ·   ·  Flag as inappropriate

    Please implement this feature, it would go very well alongside being able to whitelist. It feels kinda weird being able to add trusted sources but not being able to block harmful sources.

    Also, please do this as a feature just as whitelisting, and NOT having us rely on further crappy WP plugins such as iThemes or Wordfence. Keep the platform clean, and let people use whatever plugins they want, but don't rely on these bloated monster plugins for basic stuff as firewall black-listing.

    Thank you

  • Tevya Washburn - FS commented  ·   ·  Flag as inappropriate

    iThemes Security plugin has an option to blacklist IP's. Plus lots of great tools/settings to automatically blacklist them. It's worked great for us. Reach out to me, if you want help configuring it.

  • dstar commented  ·   ·  Flag as inappropriate

    I've made a suggestion to wp login here http://feedback.cloudways.com/forums/203824-service-improvement/suggestions/7566501-wordpress-security

    If implemented it should solve most basic bruteforce attempt. Unless the hacker is determined to find for the login URL by trying random strings.

    So far, wordfence has helped lock them out, but being able to do that on a higher level and not depend on a plugin would be the best.

  • c_volto commented  ·   ·  Flag as inappropriate

    It makes sense for you guys to have a unified blacklist across all your hosted solutions. If one IP hit 3 or more sites under your system, one time in each one (on the WP admin in one, SSH on the other, and another on on Magento, for example) it would be included on the black list.
    Then the site administrator would set up the policy he would like on his server. Ban only the attacked service, all his services, the attacking IP, the class C, and for how long.
    Maybe you could give a firewall rule so I could control what country would have access to my site.
    Nowadays security is paramount.

Feedback and Knowledge Base