Installation & Configuration
Installing Proxy & VPN Blocker
Installing Proxy & VPN Blocker can be done either by searching for “Proxy & VPN Blocker” via the “Plugins > Add New” screen in your WordPress dashboard, or by using the following steps:
Download the plugin via WordPress.org
- Upload the ZIP file through the ‘Plugins > Add New > Upload’ screen in your WordPress dashboard.
- Activate the plugin through the ‘Plugins’ menu in WordPress.
- Follow the configuration guide below, you aren't quite finished yet!
Blocking Proxies and VPNs on Specified Pages and Posts
Proxy & VPN Blocker provides a several methods to select your pages and posts for blocking.
1. Proxy & VPN Blocker Admin Bar Menu
When viewing a Page or Post on your WordPress Site while logged in to your Admin account you will see the Proxy & VPN Blocker logo as a Menu item.
If a Page/Post is not selected for blocking the logo will show a red dot and in the menu will be the text "This Page/Post is not restricted for Proxies/VPNs" Below this is a menu item titled "Immediately Block Proxies and VPN's here", clicking this will instantly set that particular Page/Post for blocking.
Conversely, if a Page/Post is selected for blocking the logo will show a green dot and in the menu will be the text "This Page Post is currently restricted for Proxies/VPN's" Below this is a menu item titled "Immediately Unblock Proxies and VPN's here", clicking this will immediately allow Proxies/VPN's on the particular Page/Post.
2. Bulk Actions
On the WordPress Dashboard Posts/Pages lists there is a Bulk Action where you can select multiple pages/posts to Block or unblock Proxies/VPN's at the same time.
These lists also show the current Proxy & VPN Blocker Status for every Post and Page at a glance.
3. WordPress Editor Sidebar
On the WordPress Editor there is a sidebar option so you can select the Page or Post for blocking before you Publish (Or, later on when Editing).
Master Activation (toggle)
Turning this off disables querying the proxycheck.io API and thus the plugin will be inactive.
proxycheck.io API key (text Field)
After installing the Plugin to your WordPress please go to PVB > Proxy & VPN Blocker in your WordPress Dashboard and you will see that there are multiple settings that you can configure, one of which is the API Key field.
It is not necessary to have an API key to use this Plugin's basic features but note that it would be limited to 100 daily queries with proxycheck.io.
A free API Key gives you 1,000 daily queries and is simple to get just by entering your email address to sign up with proxycheck.io. There are also paid plans available.
If you have an API Key, enter it in the API Key field of Proxy & VPN Blocker.
Remote Visitor IP Header (dropdown with text field for custom entry)
Default: REMOTE_ADDR
If you are unsure, please leave as default. Though it is recommended that you check that the correct IP is displayed under PVB Debugging - Please see the note below regarding this.
If you are using Cloudflare please select HTTP_CF_CONNECTING_IP
You may enter a Custom Entry in the field contained within this dropdown list (in the format CUSTOM_IP_HEADER) if your hosting provider or CDN (Content Delivery Network) has a specific header for providing the Visitors actual IP Address.
Note: You may confirm if the IP header is correct by enabling PVB Debugging under the Advanced tab in PVB Settings then going to the PVB Debugging tab that will appear under PVB Settings in the WordPress Admin Sidebar, this will appear at the top where it says "Checking if we can reach the proxycheck.io API". If the displayed IP matches and there are no errors then Proxy & VPN Blocker should be working fine.
Day Restrictor (toggle)
By default an IP is checked for proxy/vpn activity within the last 7 days but you can configure this to be as strict as you like between 1 and 60 days.
Detect VPN's? (toggle)
By default only Proxies are checked for, if you would like to also block VPN's turn this setting to 'on'.
Log User IP's Locally (toggle)
When set to on, User's Registration and most recent Login IP Addresses will be logged locally and displayed (with link to proxycheck.io threats page for the IP) in WordPress Users list and on User profile for administrators.
If you used "Register IP's" Plugin previously, Proxy & VPN Blocker will get User Registration IP's saved by this from the DB and will log future registration and most recent Login IP's for each user.
Custom Blocked Page (text field with search)
By default the Plugin will show a default 'blocked' page to visitors who are blocked, however you can specify a page to use within your site for further customisability.
Note: Selecting a page here WILL turn off 'Block On All Pages' option. You also may not select a page here that already exists in your "Restrict on Specific Pages" List.
Access Denied Message (text field)
This is the message that is shown on the default "blocked" page shown to visitors who are blocked. You can change this to say anything you like (i.e. another language than English).
Redirect to URL (toggle)
This is alternative to Custom Blocked Page, with this setting you can configure PVB to send blocked visitors to another website entirely.
Risk Score Checking (toggle)
The plugin optionally supports proxycheck.io risk scores. You can individually set a risk score for both Proxies and VPN's.
Risk Score Proxy (slider)
For example, if we set a minimum risk score of 33 for Proxies, any Proxy with a risk score below 33 would be allowed through and any Proxy with a Risk Score higher than this will be blocked.
Risk Score VPN (slider)
if we set a minimum risk score of 66 for VPN's, any VPN with a risk score below 66 would be allowed through and any VPN with a Risk Score higher than this will be blocked
Locational Restrictions
This feature is ideal if you would like to block ALL visitors from specific countries and/or continents, select them from the list.
Important: If you block your own country/continent here you WILL lose access to your website, you will have to upload a blank .txt file called disablepvb.txt to your WordPress root directory, Proxy & VPN Blocker actively checks for this file and if present, will not check connecting IP's. You can then remove your country/continent from the list in PVB Settings and then delete the disablepvb.txt file.
Country/Continent (list)
Select countries/Continents in this list (you can type to search).
By default, countries entered here are blocked.
Treat Country/Continent List as a Whitelist (toggle)
If this is turned 'on' then the Countries/Continents selected in the list above will be Whitelisted instead of Blacklisted, all other countries will be blocked.
Read The Warning!
BETA: Add DONOTCACHEPAGE Headers (toggle)
This will only add no cache headers to your selected Pages and Posts and Login in order to prevent them from being cached by WordPress cache plugins in order to allow visitors to be checked and blocked as necessary, instead of cache serving them the page anyway.
Custom Tag (text field)
If you enter a custom tag in this field this will show next to IP's in your Positive Detection Log rather than the URL of the querying site/page.
Known Good IP Cache (slider)
By default, IP's that are detected as clean are cached for 30 minutes so as to not slow them down too much and to also reduce the number of queries made. You are able to set this to between ten minutes and 240 minutes (4 hours).
Last Detected Within (slider)
By default, IP's are checked for proxy/vpn activity within the last seven days but you are able to configure this to between one and 60 days. One day would be very liberal and 60 days would be very strict. We recommend that this setting is not changed from the default.
Protect login authentication (toggle)
This option blocks Proxy/VPN's on Login Authentication.
It is not recommended under any circumstances to turn this off.
Block on Entire Site? (toggle)
This feature is not recommended to be used however it was added on request. This WILL result in much higher query usage to the proxycheck API.
This will block people using Proxies and (optionally) VPN's on all pages of your site!
Note: This will not work if you are using a page caching plugin.
Proxy & VPN Blocker Help Mode (toggle)
Allow Staff Bypass (toggle)
proxycheck.io 'denied' status emails (toggle)
Turning this option on will allow Proxy & VPN Blocker to send you an email (Via your WordPress admin email address) if the Plugin encounters a 'denied' error when attempting to make a query to the proxycheck.io API. This could have one of the following messages:
| Your access to the API has been blocked due to using a proxy server to perform your query. Please signup for an account to re-enable access by proxy.
(# of queries plan has) Paid queries exhausted. Please try the API again tomorrow or purchase a higher paid plan. (# of queries plan has) Paid queries exhausted and a burst token has already been consumed. 100 queries exhausted, if you sign up for a free API key you'll be able to make 1,000 free queries per day. You're sending more than 125 requests per second. |
This is limited to sending an email every three hours and will cease when the 'denied' message clears.
Your admin email will not be used for anything else and is not viewable outside of your WordPress installation.
proxycheck.io has a built in, almost instant queries exhausted email feature that you may use instead of this. You can find this on your proxycheck.io dashboard.
Proxy & VPN Blocker Debugging (Experimental) (toggle)
A new option has been integrated in 1.8.2 which enables a debugging page that outputs information which may be useful for the developer to help diagnose any issues that you may be experiencing
It is NOT recommended to leave this option on at all times because of the possibility that in future this feature will be expanded upon with things that may result in higher load and make queries take slightly longer. Only enable this option if you need debugging information!
Cleanup on Uninstall (toggle)
This option is off by default since introduction, now when deactivating and removing the plugin, the settings will not be cleared unless this option is enabled.