Plugin Sale! Save 15% on pro plugins with discount code: FALL2020
Web Dev + WordPress + Security

WordPress Block Proxy Visits

I’ve covered a lot of techniques for controlling proxy access. And I’m not done yet. This post expands on the block tough proxies technique by making it plug-&-play with WordPress.

Update: Also check out Block Proxy Visits with PHP for more advanced PHP-based proxy-blocking techniques.

Block Proxy Visits with WordPress

Here is the magic bullet, add via functions.php or plugin:

// block proxy visits @ https://m0n.co/05
function shapeSpace_block_proxy_visits() {
	if (!is_user_logged_in()) {
		if (@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1)) {
			die('Proxy access not allowed');
		}
	}
}
add_action('after_setup_theme', 'shapeSpace_block_proxy_visits');

As explained in the original article, this code snippet isn’t enough to block all proxies, but it works great at stopping a LOT of them. Over the years, proxy services and scripts have mushroomed in terms of functionality, complexity, and effectiveness. So there’s not really a one-size-fits-all, plug-&-play technique for blocking 100% all proxies. This script is meant to give devs a simple way to knock out a wide range of proxy services in order to free up precious resources for legit traffic.

How does it work?

Here’s the basic logic behind this technique:

  1. Checks that current user is not logged in to WordPress
  2. Blocks the request if port 80 is open on the remote machine
  3. Hooks the function into WP’s after_setup_theme

So it’s very simple logic-wise, but does require a quick connection to the remote machine. This is why the technique is better employed as a temporary solution, as explained in the next section.

Usage example

This script is nice because it’s simple and about as lightweight as you can get via PHP (you can get better performance using one of the .htaccess techniques linked at the beginning of this post). A good use example: when I notice my sites getting scanned or spammed by some automated d-bag, I can slap this proxy-block script into functions.php to quell the storm and save some server resources. Then after a few hours, I can remove the script without any fuss. It’s really best used as a short-term deterrent as opposed to a permanent proxy-block solution.

Jeff Starr
About the Author
Jeff Starr = Web Developer. Security Specialist. WordPress Buff.
BBQ Pro: The fastest firewall to protect your WordPress.

One response to “WordPress Block Proxy Visits”

  1. Works fine. I am happy!

Comments are closed for this post. Something to add? Let me know.
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
WP Themes In Depth: Deep dive into WP theme development.
Thoughts
Happy Birthday to Perishable Press, celebrating 15 years online! :)
Hide in the basement and hope for the best.
Part of my success is from being able to look ahead down the road and see things coming before they actually get here.
Spent some time refreshing my business portfolio at MonzillaMedia.com :)
Tried lots of apps for making animated GIFs from screen captures, so far Kap is my favorite. For example the GIF on this post.
Autumn is my favorite time of year.
Stoked! Had a great interview with Eric over at Speckyboy.com :)
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.