Fall Sale! Code FALL2024 takes 25% OFF our Pro Plugins & Books »
Web Dev + WordPress + Security

7G Out of Beta

The 7G Firewall was released about a year ago as beta, and has had time now to mature/develop into a stable release. So this is just a heads up that 7G is now officially out of beta and ready for use in live/production environments.

Thank you to everyone who helped with development by providing bug reports and feedback for 7G, very much appreciated.

Learn more and download 7G Firewall »
Want to help test 8G Firewall? Check out the 8G beta sandbox.

For more information about the thinking and work behind the nG-series firewalls, check out this post on building the 4G blacklist.

About the Author
Jeff Starr = Designer. Developer. Producer. Writer. Editor. Etc.
USP Pro: Unlimited front-end forms for user-submitted posts and more.

19 responses to “7G Out of Beta”

  1. Hey Jeff, I added “7G Out of Beta” to my .htaccess and it doesn’t allow me to add new images in a post or directly to the wp media library.

    • Jeff Starr 2020/01/27 7:38 pm

      Glad to help. When you say that “I added ‘7G Out of Beta’ to my .htaccess”, what exactly are you adding? I ask because this post, “7G Out of Beta”, is just a notification and does not provide any code (look at the post, you will find zero codes).

  2. Friends, when logging blocked requests having a proxy in front of your server, then all IPs are of your proxy. I solved it adding the php code below, inside 7g_log.php, just after date_default_timezone_set.

    function get_ip_address() {
    	if (!empty($_SERVER['HTTP_CLIENT_IP']) && validate_ip($_SERVER['HTTP_CLIENT_IP'])) {
    		return $_SERVER['HTTP_CLIENT_IP'];
    	}
    	if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    		if (strpos($_SERVER['HTTP_X_FORWARDED_FOR'], ',') !== false) {
    			$iplist = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
    			foreach ($iplist as $ip) {
    				if (validate_ip($ip))
    					return $ip;
    			}
    		} else {
    			if (validate_ip($_SERVER['HTTP_X_FORWARDED_FOR']))
    				return $_SERVER['HTTP_X_FORWARDED_FOR'];
    		}
    	}
    	if (!empty($_SERVER['HTTP_X_FORWARDED']) && validate_ip($_SERVER['HTTP_X_FORWARDED']))
    		return $_SERVER['HTTP_X_FORWARDED'];
    	if (!empty($_SERVER['HTTP_X_CLUSTER_CLIENT_IP']) && validate_ip($_SERVER['HTTP_X_CLUSTER_CLIENT_IP']))
    		return $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'];
    	if (!empty($_SERVER['HTTP_FORWARDED_FOR']) && validate_ip($_SERVER['HTTP_FORWARDED_FOR']))
    		return $_SERVER['HTTP_FORWARDED_FOR'];
    	if (!empty($_SERVER['HTTP_FORWARDED']) && validate_ip($_SERVER['HTTP_FORWARDED']))
    		return $_SERVER['HTTP_FORWARDED'];
    	return $_SERVER['REMOTE_ADDR'];
    }
    function validate_ip($ip) {
    	if (strtolower($ip) === 'unknown')
    		return false;
    	$ip = ip2long($ip);
    	if ($ip !== false && $ip !== -1) {
    		$ip = sprintf('%u', $ip);
    		if ($ip >= 0 && $ip <= 50331647) return false;
    		if ($ip >= 167772160 && $ip <= 184549375) return false;
    		if ($ip >= 2130706432 && $ip <= 2147483647) return false;
    		if ($ip >= 2851995648 && $ip <= 2852061183) return false;
    		if ($ip >= 2886729728 && $ip <= 2887778303) return false;
    		if ($ip >= 3221225984 && $ip <= 3221226239) return false;
    		if ($ip >= 3232235520 && $ip <= 3232301055) return false;
    		if ($ip >= 4294967040) return false;
    	}
    	return true;
    }
    
    $_SERVER["REMOTE_ADDR"] = get_ip_address();
  3. Friends, when logging blocked requests having a proxy in front of your server, then all IPs are of your proxy. I solved it adding the php code below, inside 7g_log.php, just after date_default_timezone_set
    https://pastebin.com/Fzcm8T5i

  4. Thank you for your great work and for giving it to us for free. I will be happy to donate something via PayPal from time to time.

  5. Hello Jeff, I have been consulting your blog regularly for 2 years now and I am very grateful for your work and the sharing of knowledge with others. It’s my turn to share with you. I had graphics bugs on the mobile part. The menu icon was gone and I couldn’t change my easy slider from my enfold theme. I can easily reproduce errors or make you a screenshot if you wish, just change my .htaccess and it’s done. In the meantime I went back on the 6G version which it produces no error. It could be a mix of extensions and your 7G too. Anyway, i’m ready to share with you and thank you so much for your collaborative work! Cya :)

    • Jeff Starr 2020/02/01 9:50 am

      Hi Arnaud, thanks for the feedback. In order to resolve any bugs with 7G, I need to know the URL(s) that are getting blocked. That way I can compare the URLs with the patterns in the 7G or addon, and then make any necessary corrections. Let me know if any questions about this, glad to help :)

  6. Hi Jeff, as indicated in my email, 7G is only disfonctional with my wordpress theme and on both sides (admin and public). It’s hard to unravel who is interfering with what so i’m back to 6G for the moment. Anyway, thanks a lot for your reply and i will continue to follow the adventures of the perishable press. Bye :).

  7. Jim S Smith 2020/02/03 3:03 pm

    I have had very good fortune using these to protect my WordPress installation.

    # PROTECT WORDPRESS FOLDERS AND CONTENTS.
    RewriteCond %{REQUEST_URI} /wp-admin/
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteCond %{REQUEST_URI} .php$ [NC]
    RewriteCond %{REQUEST_URI} !/wp-admin/(load-styles|admin-ajax).php$
    RewriteCond %{HTTP:Cookie} !wordpress_logged_in_.+
    RewriteRule .* - [G,L]
    
    RewriteCond %{REQUEST_URI} /wp-includes/
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteCond %{REQUEST_URI} .php$ [NC]
    RewriteCond %{REQUEST_URI} !/wp-includes/js/tinymce/wp-tinymce.php$
    RewriteCond %{HTTP:Cookie} !wordpress_logged_in_.+
    RewriteRule .* - [G,L]
    
    RewriteCond %{REQUEST_URI} /wp-content/
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteCond %{REQUEST_URI} !.((s?c|le)ss|js(on(p)?)?|gif|ico|jpe?g?|png|svgz?|tiff?|avi|mp(3|4|(e|g)|eg)|eot|otf|tt(f|c)|woff2?)$ [NC]
    RewriteRule .* - [G,L]

    This generally uses the stance of: “Block all access to PHP files except for these, and if the user is not logged in”.

    I came to using these directives after much trial-and-error, and doing a lot of my own research. These may not work the same for everyone else, but they can be tailored to suit. – These I found necessary, as there are constant attempts at trying to access files that should NOT be web-accessible.

    Anyway,

    I hope some folks may find these useful.

    – Jim S.

    • Thanks for sharing, Jim! Personally I do not recommend these particular techniques, but know that some folks have had success with them. Either way, it’s always good to hear from you :)

  8. Jim S Smith 2020/02/05 5:57 pm

    Not really security-related, but I found this suggestion on-line a couple of years ago. I tried it, and found it to work pretty well. It helps to speed up WordPress loading a little bit, by making it more efficient in its .htaccess redirects.

    # BEGIN WordPress
    
    # Unless you have set a different RewriteBase preceding this
    # point, you may delete or comment-out the following
    # RewriteBase directive:
    RewriteBase /
    
    # if this request is for "/" or has already been rewritten to WP
    RewriteCond $1 ^(index.php)?$ [OR]
    
    # or if request is for image, css, or js file
    RewriteCond $1 .(gif|jpe?g?|png|css|js|ico|pdf)$ [NC,OR]
    
    # or if URL resolves to existing file
    RewriteCond %{REQUEST_FILENAME} -f [OR]
    
    # or if URL resolves to existing directory
    RewriteCond %{REQUEST_FILENAME} -d
    
    # then skip the rewrite to WP
    RewriteRule ^(.*)$ - [S=1]
    
    # else rewrite the request to WP
    RewriteRule . /index.php [L]
    
    # END WordPress

    NOTE: AFAIK – This example only works for a SINGLE-SITE, not multi-site installation!

    – Jim S.

  9. I’ve updates your 7G firewall, to add the list written by a who defends against Ghost Spam. His list is found here. The updated firewall code merges your code and his code together, below is the update:

    # 7G:[HTTP REFERRER]
    <IfModule mod_rewrite.c>
    	
    	RewriteCond %{REQUEST_URI} !(7g_log.php) [NC]
    	
    	RewriteCond %{HTTP_REFERER} (semalt|ranksonic|timer4web|anticrawler|uptime(robot|bot|check|\-|\.com)|foxweber|:8888|xtraffic\.plus|(christopherblog|tammyblog|billyblog)\.online|traffic4free|bottraffic|easy-website\-traffic|bot4free|trafficbot|todaperfeita) [NC,OR]
    	RewriteCond %{HTTP_REFERER} (axcus|dotmass|artstart|dorothea|artpress|matpre|ameblo|freeseo|jimto|seo-tips|hazblog|overblog|squarespace|ronaldblog|c\.g456|zz\.glgoo|harriett|webedu|barbarahome|verabauer|deirdre|ninacecillia|reginanahum|deniseconnie|firstblog|maxinesamson)\.top [NC,OR]
    	RewriteCond %{HTTP_REFERER} (ambien|blue\spill|cialis|cocaine|ejaculat|erectile|erections|hoodia|huronriveracres|impotence|levitra|libido|lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby|ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo) [NC]
    
    	RewriteRule .* - [F,L]
    	
    	# RewriteRule .* /7g_log.php?log [L,NE,E=7G_HTTP_REFERRER:%1]
    	
    </IfModule>
  10. Hello Jeff!
    Thank you for your work. Working perfectly.
    I’m not sure about one thing.
    Does this method block the original Googlebot?
    Because I don’t want to block it.

  11. Thanks Jeff! Comforting. Best wishes!

  12. Hi Jeff,

    First of all, I am thankful and highly appreciate the efforts you have put to share the knowledge you have. I am a Computer Networking guy and always wanted to start a blog for computer networking articles.

    Didn’t have any knowledge of wordpress security. I found your blog(s) and started reading all articles one by one. I have a plan to read them all to gain knowledge.

    Atleast as of today, I know that lots of security have been covered by your amazing 7G firewall. I have deployed 7G firewall. I am very happy and confident :)

    I was wondering if there is anything else that i need to look into in addition to 7G firewall. Could you please answer my following two questions:

    1) Do I need to install any other firewall plugin(s) ? I have seen lots of firewall plugins but I am not installing them if 7G will do the job. I am a bit confused in it.

    2) Is there any special BLACKList other than 7G firewall which I need to install with it ?

    Again, Thanks a lot for your efforts and help to the community.

    • Hey Raees, thank you for the feedback :)

      1) If you’re decent hosting you should be fine with 7G only, but each firewall protects against a unique set of threats so there may be benefit to adding more than one firewall layer. On my sites, using only the nG series firewalls has protected well over the years. Your mileage may vary, again it depends on a lot of factors, etc.

      2) Blacklists and firewalls operate the same basic way: they both block bad requests. Actually the “nG Firewall” originally was named “nG Blacklist” for several versions. Around version 5G/6G, I transitioned over to use the name Firewall instead. And to answer your question specifically, it is the same basic principle applies as for #1: each firewall/blacklist protects against a unique set of threats; there tends to be lots of overlap, but you may benefit from any unique firewall rules.

      If that makes sense, it’s early and I’ve yet to coffee up.

Comments are closed for this post. Something to add? Let me know.
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
Banhammer: Protect your WordPress site against threats.
Thoughts
I disabled AI in Google search results. It was making me lazy.
Went out walking today and soaked up some sunshine. It felt good.
I have an original box/packaging for 2010 iMac if anyone wants it free let me know.
Always ask AI to cite its sources. Also: “The Web” is not a valid answer.
All free plugins updated and ready for WP 6.6 dropping next week. Pro plugin updates in the works also complete :)
99% of video thumbnail/previews are pure cringe. Goofy faces = Clickbait.
RIP ICQ
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.