Installation & Configuration

Installing the Plugin

Installing “Proxy & VPN Blocker” can be done either by searching for “Proxy & VPN Blocker” via the “Plugins > Add New” screen in your WordPress dashboard, or by using the following steps:

  1. Download the plugin via WordPress.org
  2. Upload the ZIP file through the ‘Plugins > Add New > Upload’ screen in your WordPress dashboard
  3. Activate the plugin through the ‘Plugins’ menu in WordPress
  4. Follow the configuration guide below, you aren't quite finished yet!

Configuration

Main

 

Master Activation (toggle)

Turning this off disables querying the proxycheck.io API and thus the plugin will be inactive.

proxycheck.io API key (text Field)

After installing the Plugin to your WordPress please go to PVB > Proxy & VPN Blocker in your WordPress Dashboard and you will see that there are multiple settings that you can configure, one of which is the API Key field.

It is not necessary to have an API key to use this Plugin's basic features but note that it would be limited to 100 daily queries with proxycheck.io.

A free API Key gives you 1,000 daily queries and  is simple to get just by entering your email address to sign up with proxycheck.io. There are also paid plans available.

If you have an API Key, enter it in the API Key field of Proxy & VPN Blocker.

Remote Visitor IP Header (dropdown with text field for custom entry) (2.0.0+)

Default: REMOTE_ADDR

If you are unsure, please leave as default. Though it is recommended that you check that the correct IP is displayed under PVB Debugging - Please see the note below regarding this.

If you are using Cloudflare please select HTTP_CF_CONNECTING_IP

You may enter a Custom Entry in the field contained within this dropdown list (in the format CUSTOM_IP_HEADER) if your hosting provider or CDN (Content Delivery Network) has a specific header for providing the Visitors actual IP Address.

Note:  You may confirm if the IP header is correct by enabling PVB Debugging under the Advanced tab in PVB Settings then going to the PVB Debugging tab that will appear under PVB Settings in the WordPress Admin Sidebar, this will appear at the top where it says "Checking if we can reach the proxycheck.io API". If the displayed IP matches and there are no errors then Proxy & VPN Blocker should be working fine.

Cloudflare? (toggle) (< 2.0.0)

If you are using Cloudflare please turn this setting 'on' so your visitors IP Addresses are able to be forwarded to proxycheck.io for checking. Detection is in place to determine if you may be using it. If you are not using Cloudflare, leave this setting 'off'. If your web hosting supports Cloudflare this setting should still be turned on.

Day Restrictor (toggle)

By default an IP is checked for proxy/vpn activity within the last 7 days but you can configure this to be as strict as you like between 1 and 60 days.

Detect VPN's? (toggle)

By default only Proxies are checked for, if you would like to also block VPN's turn this setting to 'on'.

Use TLS? (toggle)

Transport Layer Security is recommended to be 'on' however this has the potential to slightly slow down query time.

Log User IP's Locally (toggle)

When set to on, User's Registration and most recent Login IP Addresses will be logged locally and displayed (with link to proxycheck.io threats page for the IP) in WordPress Users list and on User profile for administrators.

If you used "Register IP's" Plugin previously, Proxy & VPN Blocker will get User Registration IP's saved by this from the DB and will log future registration and most recent Login IP's for each user.

Restrict Pages/Posts

 

This section has now been deprecated, though restricting on Pages/Posts is still possible. Please see here for more details.

 

 

Block Action

 

Custom Blocked Page (text field with search)

By default the Plugin will show a default 'blocked' page to visitors who are blocked, however you can specify a page to use within your site for further customisability.

Note: Selecting a page here WILL turn off 'Block On All Pages' option. You also may not select a page here that already exists in your "Restrict on Specific Pages" List.

Access Denied Message (text field)

This is the message that is shown on the default "blocked" page shown to visitors who are blocked. You can change this to say anything you like (i.e. another language than English).

Redirect to URL (toggle)

This is alternative to Custom Blocked Page, with this setting you can configure PVB to send blocked visitors to another website entirely.

 

Risk Scores

 

Risk Score Checking (toggle)

The plugin optionally supports proxycheck.io risk scores. You can individually set a risk score for both Proxies and VPN's.

Risk Score Proxy (slider)

For example, if we set a minimum risk score of 33 for Proxies, any Proxy with a risk score below 33 would be allowed through and any Proxy with a Risk Score higher than this will be blocked.

Risk Score VPN (slider)

if we set a minimum risk score of 66 for VPN's, any VPN with a risk score below 66 would be allowed through and any VPN with a Risk Score higher than this will be blocked.

 

Restrict Country/Continent

 

This feature is ideal if you would like to block ALL visitors from specific countries and/or continents, select them from the list.

Important: If you block your own country/continent here you WILL lose access to your website, you will have to upload a blank .txt file called disablepvb.txt to your WordPress root directory, Proxy & VPN Blocker actively checks for this file and if present, will not check connecting IP's. You can then remove your country/continent from the list in PVB Settings and then delete the disablepvb.txt file.

Country/Continent (list)

Select countries/Continents in this list (you can type to search).

By default, countries entered here are blocked.

Treat Country/Continent List as a Whitelist (toggle)

If this is turned 'on' then the Countries/Continents selected in the list above will be Whitelisted instead of Blacklisted, all other countries will be blocked.

Read The Warning!!

 

Advanced

 

Custom Tag (text field)

If you enter a custom tag in this field this will show next to IP's in your Positive Detection Log rather than the URL of the querying site/page.

Known Good IP Cache (slider)

By default, IP's that are detected as clean are cached for 30 minutes so as to not slow them down too much and to also reduce the number of queries made. You are able to set this to between ten minutes and 240 minutes (4 hours).

Last Detected Within (slider)

By default, IP's are checked for proxy/vpn activity within the last seven days but you are able to configure this to between one and 60 days. One day would be very liberal and 60 days would be very strict. We recommend that this setting is not changed from the default.

Protect login authentication (toggle)

This option blocks Proxy/VPN's on Login Authentication.

It is not recommended under any circumstances to turn this off.

Block on Entire Site? (toggle)

This feature is not recommended to be used however it was added on request. This WILL result in much higher query usage to the proxycheck API.

This will block people using Proxies and (optionally) VPN's on all pages of your site!

Note: This will not work if you are using a page caching plugin.

Proxy & VPN Blocker Help Mode (toggle)

Provides further information as an admin notice if there is a misconfiguration with certain settings.

Allow Staff Bypass (toggle)

Set this to \'on\' to allow non Admin Staff Members (Editors & Authors) to Bypass the checks when \'Block on Entire Site\' is in use and \'Protect WordPress Login/Auth\' is turned off. This will allow Site Staff access to the WordPress Dashboard.

proxycheck.io 'denied' status emails (toggle)

Turning this option on will allow Proxy & VPN Blocker to send you an email (Via your WordPress admin email address) if the Plugin encounters a 'denied' error when attempting to make a query to the proxycheck.io API. This could have one of the following messages:

Your access to the API has been blocked due to using a proxy server to perform your query. Please signup for an account to re-enable access by proxy.

(# of queries plan has) Paid queries exhausted. Please try the API again tomorrow or purchase a higher paid plan.

(# of queries plan has) Paid queries exhausted and a burst token has already been consumed.

100 queries exhausted, if you sign up for a free API key you'll be able to make 1,000 free queries per day.

You're sending more than 125 requests per second.

This is limited to sending an email every three hours and will cease when the 'denied' message clears.

Your admin email will not be used for anything else and is not viewable outside of your WordPress installation.

proxycheck.io has a built in, almost instant queries exhausted email feature that you may use instead of this. You can find this on your proxycheck.io dashboard.

Proxy & VPN Blocker Debugging (Experimental) (toggle)

A new option has been integrated in 1.8.2 which enables a debugging page that outputs information which may be useful for the developer to help diagnose any issues that you may be experiencing

It is NOT recommended to leave this option on at all times because of the possibility that in future this feature will be expanded upon with things that may result in higher load and make queries take slightly longer. Only enable this option if you need debugging information!

Cleanup on Uninstall (toggle)

This option is off by default since introduction, now when deactivating and removing the plugin, the settings will not be cleared unless this option is enabled.