YogeshChauhan.com

How to Block IPs and User Agents using code in Drupal or WordPress?

March 29, 2021

IN WordPress and Drupal both, there are built-in methods to add specific IP addresses or other means of identification to block them. If you’re looking for code to do the same, here are the snippets.

In Drupal, you can use “settings.php” file and in WordPress, you can use “wp-config.php” file to add these snippets.

PHP code snippets to block IP addresses

There are few advantages to use PHP code to block the IP addresses.

  • First of all, you don’t need to install the plugin that will add data to database and then fetch it every time.
  • You won’t need the additional code of plugin.
  • A plugin requires making connections to database and also it requires the WordPress or Drupal to be loaded.
  • If you site is already affected by DDoS attack then you can’t add a plugin/module.

Add this code to block a single IP address



if ($_SERVER['REMOTE_ADDR'] == '192.168.1.1') {
  header('HTTP/1.0 403 Forbidden');
  exit;
}


πŸ‘‰ Do not forget to replace the IP address (192.168.1.1) with the one you want to block.

Add this code to block a range of IP addresses



// IPv4: Single IPs and CIDR.
$request_ip_blocklist = [
  '192.0.2.38',
  '192.0.3.125',
  '192.0.67.0/30',
  '192.0.78.0/24',
];

$request_remote_addr = $_SERVER['REMOTE_ADDR'];
// Check if this IP is in blocklist.
if (!$request_ip_forbidden = in_array($request_remote_addr, $request_ip_blocklist)) {
  // Check if this IP is in CIDR block list.
  foreach ($request_ip_blocklist as $_cidr) {
    if (strpos($_cidr, '/') !== FALSE) {
      $_ip = ip2long($request_remote_addr);
      list ($_net, $_mask) = explode('/', $_cidr, 2);
      $_ip_net = ip2long($_net);
      $_ip_mask = ~((1 << (32 - $_mask)) - 1);

      if ($request_ip_forbidden = ($_ip &#038; $_ip_mask) == ($_ip_net &#038; $_ip_mask)) {
        break;
      }
    }
  }
}

if ($request_ip_forbidden) {
  header('HTTP/1.0 403 Forbidden');
  exit;
}


πŸ‘‰ Do not forget to replace the IP addresses with the ones you want to block.

PHP code snippets to block User Agents

You can also target unwanted user agents and block them from visiting your site either by “robots.txt” file or with PHP stripos function. I’ll show you the second method here.

The stripos function from PHP is a case-insensitive match and it’s really helpful while blocking the bots or crawlers like as Curl/dev vs curlBot.

Add this code to block a single bot



if (stripos($_SERVER['HTTP_USER_AGENT'], 'UglyBot') !== FALSE) {
  header('HTTP/1.0 403 Forbidden');
}


πŸ‘‰ Do not forget to replace the UglyBot with the one you want to block.

Add this code to block a list of bots



$bots = ['UglyBot', 'PetalBot'];
foreach ($bots as $bot) {
  if (stripos($_SERVER['HTTP_USER_AGENT'], $bot) !== FALSE) {
    header('HTTP/1.0 403 Forbidden');
    exit;
  }
}


πŸ‘‰ Do not forget to replace the $bots array values with the ones you want to block.

Credit: Pantheon

dreamhost

Most Read

#1 How to check if radio button is checked or not using JavaScript? #2 Solution to “TypeError: ‘x’ is not iterable” in Angular 9 #3 How to uninstall Cocoapods from the Mac OS? #4 How to Use SQL MAX() Function with Dates? #5 How to add Read More Read Less Button using JavaScript? #6 PHP Login System using PDO Part 1: Create User Registration Page

Recently Posted

Apr 7 Solution for “Yarn build: Failed because of a stylelint error” Apr 7 Make sure your links have descriptive text Apr 7 How to add Laravel to WordPress using Sage theme (and install Tailwind CSS)? Apr 2 How to create a sidebar using pure CSS? Apr 1 How to switch dark and light themes using pure CSS? Apr 1 How to calculate elapsed time in JavaScript?

You might also like these

Implicit and Explicit Joins in Oracle SQLSQL/MySQLIntroduction to Angular modules Part 2: NgModules and componentsAngularHow to create a Star Ratings using CSS?CSSIN Operator in PostgreSQLPostgresHow to concatenate variable with string in Swift?SwiftHow to Use ROLLUP Operator in SQL and MySQL?SQL/MySQL