Plugin Sale! Save 15% on pro plugins with discount code: NEWYEAR2021
Web Dev + WordPress + Security

WordPress Block Proxy Visits

I’ve covered a lot of techniques for controlling proxy access. And I’m not done yet. This post expands on the block tough proxies technique by making it plug-&-play with WordPress.

Update: Also check out Block Proxy Visits with PHP for more advanced PHP-based proxy-blocking techniques.

Block Proxy Visits with WordPress

Here is the magic bullet, add via functions.php or plugin:

// block proxy visits @ https://m0n.co/05
function shapeSpace_block_proxy_visits() {
	if (!is_user_logged_in()) {
		if (@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1)) {
			die('Proxy access not allowed');
		}
	}
}
add_action('after_setup_theme', 'shapeSpace_block_proxy_visits');

As explained in the original article, this code snippet isn’t enough to block all proxies, but it works great at stopping a LOT of them. Over the years, proxy services and scripts have mushroomed in terms of functionality, complexity, and effectiveness. So there’s not really a one-size-fits-all, plug-&-play technique for blocking 100% all proxies. This script is meant to give devs a simple way to knock out a wide range of proxy services in order to free up precious resources for legit traffic.

How does it work?

Here’s the basic logic behind this technique:

  1. Checks that current user is not logged in to WordPress
  2. Blocks the request if port 80 is open on the remote machine
  3. Hooks the function into WP’s after_setup_theme

So it’s very simple logic-wise, but does require a quick connection to the remote machine. This is why the technique is better employed as a temporary solution, as explained in the next section.

Usage example

This script is nice because it’s simple and about as lightweight as you can get via PHP (you can get better performance using one of the .htaccess techniques linked at the beginning of this post). A good use example: when I notice my sites getting scanned or spammed by some automated d-bag, I can slap this proxy-block script into functions.php to quell the storm and save some server resources. Then after a few hours, I can remove the script without any fuss. It’s really best used as a short-term deterrent as opposed to a permanent proxy-block solution.

Jeff Starr
About the Author
Jeff Starr = Fullstack Developer. Book Author. Teacher. Human Being.
Banhammer: Protect your WordPress site against threats.

One response to “WordPress Block Proxy Visits”

  1. Works fine. I am happy!

Comments are closed for this post. Something to add? Let me know.
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
The Tao of WordPress: Master the art of WordPress.
Thoughts
Simply Static is my go-to plugin for generating static HTML versions of WordPress sites. Works flawlessly.
Note to self: never, ever, ever buy any CD or DVD from eBay. Every single time the discs are scratched, damaged, missing, fake, or worse. Never again you clowns.
Find out if a plugin works with the latest version of WordPress @ plugintests.com
Going through all of my data, deleting all the chaff. Going for less than 500 GB total data storage.
Finally deleted all the cool unused placeholder Twitter accounts that I signed up for years ago. I will never use them.
After several years with Dashlane, I've moved on to a simpler, better solution.
After 10+ years, finally moved the last of my sites away from Media Temple.
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.