Save 15% on our Pro WordPress plugins with discount code: LAUNCH2021
Web Dev + WordPress + Security

WordPress Block Proxy Visits

I’ve covered a lot of techniques for controlling proxy access. And I’m not done yet. This post expands on the block tough proxies technique by making it plug-&-play with WordPress.

Update: Also check out Block Proxy Visits with PHP for more advanced PHP-based proxy-blocking techniques.

Block Proxy Visits with WordPress

Here is the magic bullet, add via functions.php or plugin:

// block proxy visits @ https://m0n.co/05
function shapeSpace_block_proxy_visits() {
	if (!is_user_logged_in()) {
		if (@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1)) {
			die('Proxy access not allowed');
		}
	}
}
add_action('after_setup_theme', 'shapeSpace_block_proxy_visits');

As explained in the original article, this code snippet isn’t enough to block all proxies, but it works great at stopping a LOT of them. Over the years, proxy services and scripts have mushroomed in terms of functionality, complexity, and effectiveness. So there’s not really a one-size-fits-all, plug-&-play technique for blocking 100% all proxies. This script is meant to give devs a simple way to knock out a wide range of proxy services in order to free up precious resources for legit traffic.

How does it work?

Here’s the basic logic behind this technique:

  1. Checks that current user is not logged in to WordPress
  2. Blocks the request if port 80 is open on the remote machine
  3. Hooks the function into WP’s after_setup_theme

So it’s very simple logic-wise, but does require a quick connection to the remote machine. This is why the technique is better employed as a temporary solution, as explained in the next section.

Usage example

This script is nice because it’s simple and about as lightweight as you can get via PHP (you can get better performance using one of the .htaccess techniques linked at the beginning of this post). A good use example: when I notice my sites getting scanned or spammed by some automated d-bag, I can slap this proxy-block script into functions.php to quell the storm and save some server resources. Then after a few hours, I can remove the script without any fuss. It’s really best used as a short-term deterrent as opposed to a permanent proxy-block solution.

Jeff Starr
About the Author
Jeff Starr = Creative thinker. Passionate about free and open Web.
USP Pro: Unlimited front-end forms for user-submitted posts and more.

One response to “WordPress Block Proxy Visits”

  1. Works fine. I am happy!

Comments are closed for this post. Something to add? Let me know.
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
Banhammer: Protect your WordPress site against threats.
Thoughts
WP 5.8 Gutenberg/Block Widgets is breaking many sites. Fortunately Disable Gutenberg makes it easy to restore Classic Widgets with a click.
Easily the most common exploit scan for WordPress is /{path}/wp-login.php.
Pushing 110+ ℉ for several days now, expected for at least another week or so.
After 12 intense weeks the Plugin Planet redesign is now live. Much work still happening behind the scenes.
June, July, August historically are slow months on the Web. Perfect time to get some real work done (think projects).
Redesigning Plugin Planet is one the most challenging things I’ve done online. Almost there, about another two weeks ’til launch.
I could listen to Mouse Rat all day.
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.