Add Blacklist section in your security tab
The current server management console, has a n area where we can whitelist our IP address to avoid lockout problems. But could we also get for our servers a blacklist option?
There are multiple WordPress sites I manage. And you have no idea how many hacking attempts I get daily. Being able to block the ip addresses from where these attempts are coming from...could really help us secure our WP sites even more.
Pablo Miatello commented
Very good feature!!
Andy Towler commented
This is absolutely essential. Please implement asap!
Axel de la Torre commented
Yes, this is necessary!
yes, please add this feature asap!
Ada Maria Lorenc commented
I would loooove this feature!
Dan Lavie commented
Please implement this feature as soon as possible.
I'll have to switch to digital ocean soon if this feature is not available.
Please implement this feature, it would go very well alongside being able to whitelist. It feels kinda weird being able to add trusted sources but not being able to block harmful sources.
Also, please do this as a feature just as whitelisting, and NOT having us rely on further crappy WP plugins such as iThemes or Wordfence. Keep the platform clean, and let people use whatever plugins they want, but don't rely on these bloated monster plugins for basic stuff as firewall black-listing.
Tevya Washburn - FS commented
iThemes Security plugin has an option to blacklist IP's. Plus lots of great tools/settings to automatically blacklist them. It's worked great for us. Reach out to me, if you want help configuring it.
I've made a suggestion to wp login here http://feedback.cloudways.com/forums/203824-service-improvement/suggestions/7566501-wordpress-security
If implemented it should solve most basic bruteforce attempt. Unless the hacker is determined to find for the login URL by trying random strings.
So far, wordfence has helped lock them out, but being able to do that on a higher level and not depend on a plugin would be the best.
It makes sense for you guys to have a unified blacklist across all your hosted solutions. If one IP hit 3 or more sites under your system, one time in each one (on the WP admin in one, SSH on the other, and another on on Magento, for example) it would be included on the black list.
Then the site administrator would set up the policy he would like on his server. Ban only the attacked service, all his services, the attacking IP, the class C, and for how long.
Maybe you could give a firewall rule so I could control what country would have access to my site.
Nowadays security is paramount.