Become Wordpress Professional - Your Ultimate Wordpress Guide

Thursday, 21 March 2013

How to Block Proxy Servers From Accessing Wordpress Site

How to block Proxy servers in WordPress
It may be impossible to block 100% proxy visits for your site but you can block most of them and in this tutorial you will learn how to control proxy access with php and .htaccess. Keep in mind that not all proxies are evils so only use this technique if you are sure you know anyone bad is visiting your site with proxy.

Open your Online Web Host Cpanel account and open the root .htaccess file for your WordPress installation and after beneath all existing rules lets add the given code below

# BLOCK PROXY VISITS

<IfModule mod_rewrite.c>
 RewriteEngine on
 RewriteCond %{HTTP:VIA}                 !^$ [OR]
 RewriteCond %{HTTP:FORWARDED}           !^$ [OR]
 RewriteCond %{HTTP:USERAGENT_VIA}       !^$ [OR]
 RewriteCond %{HTTP:X_FORWARDED_FOR}     !^$ [OR]
 RewriteCond %{HTTP:PROXY_CONNECTION}    !^$ [OR]
 RewriteCond %{HTTP:XPROXY_CONNECTION}   !^$ [OR]
 RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
 RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$
 RewriteRule .* - [F]
</IfModule>

This htaccess snippet has lot going on in this slice of code. Now open your WordPress site and navigate to check everything is working fine and if everything looks great, if it does, then your code is working fine.

Adding another layer of security in theme header.php file

By itself this code will reduce the amount of proxy traffic accessing your site but there are many types of proxies and blocking them happens will layers. This .htaccess code is like a first layer and so now lets add another strong layer of protection using php .

Go to wp-content folder and into the theme folder and find header.php of the theme you are currently using so click and open it copy the given php code.

Note: Make sure to backup header.php file before making any changes, This is highly recommended

<?php if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1)) die("Proxy access not allowed"); ?>

Copy this snippet and paste it at the top of the header.php file and save the file and return to the browser to check and navigate everything in your WordPress site is still working fine. As expected and tested everything is working fine.

You May Also Like: Adding 5G Firewall Security to Wordpress Site

Verify your code and blocked access

This second layer of code does an excellent job and it transparently blocking even some of the most known bad proxy servers of proxy sites. You can verify the your new security layer by visiting:

http://proxy.org/

and there you can check this on currently working proxy. There are many types of proxies that are available like HTTP, Socks, VPN and so on. Now you have learnt how to secure your site from bad proxy servers and how little snippet of php code with .htaccess can prove a way to block bad proxy from visiting your site.

2 comments:

  1. Hey nice work... i tried it in Apache version 2.2.23 server and worck's just fine though i'd lyke to know what does "X_FORWARDED_FOR " , "HTTP:VIA" and "HTTP:FORWARDED" are blocking more exactly?

    ReplyDelete
  2. i tried, but user still can proxy visit my site...

    https://webproxy.com/browse.php?u=http%3A%2F%2Fwww.ukwebhost.space%2F&b=28&f=norefer

    ReplyDelete

Please Avoid Spamming. Comments will be moderated before they are published.