Configuration: Proxy & VPN Blocker Premium

Main

Proxy & VPN Blocker Premium License Key (text Field)

After installing the Plugin to your WordPress please go to 'PVB Settings > Main' in your WordPress Dashboard and you will see that there are multiple settings that you can configure, one of which is the License Key field.

In order to get updates you will need to input your License Key which can be obtainted from the Proxy & VPN Blocker Premium Page.


Master Activation (toggle)

Turning this off disables querying the proxycheck.io API and thus the plugin will be inactive.


proxycheck.io API key (text Field)

After installing the Plugin to your WordPress please go to 'PVB Settings > Main' in your WordPress Dashboard and you will see that there are multiple settings that you can configure, one of which is the API Key field.

It is not necessary to have an API key to use this Plugin's basic features but note that it would be limited to 100 daily queries with proxycheck.io.

A free API Key gives you 1,000 daily queries and  is simple to get just by entering your email address to sign up with proxycheck.io. There are also paid plans available.

If you have an API Key, enter it in the API Key field of Proxy & VPN Blocker Settings.


Remote Visitor IP Header (dropdown with text field for custom entry) (2.0.0+)

Default: REMOTE_ADDR

If you are unsure, please leave as default. Though it is recommended that you check that the correct IP is displayed under PVB Debugging - Please see the note below regarding this.

If you are using Cloudflare please select HTTP_CF_CONNECTING_IP

You may enter a Custom Entry in the field contained within this dropdown list (in the format CUSTOM_IP_HEADER) if your hosting provider or CDN (Content Delivery Network) has a specific header for providing the Visitors actual IP Address.

Note: You may confirm if the IP header is correct by enabling PVB Debugging under the Advanced tab in PVB Settings then going to the PVB Debugging tab that will appear under PVB Settings in the WordPress Admin Sidebar, this will appear at the top where it says "Checking if we can reach the proxycheck.io API". If the displayed IP matches and there are no errors then Proxy & VPN Blocker should be working fine.


Cloudflare? (toggle) <2.0.0p

If you are using Cloudflare please turn this setting 'on' so your visitors IP Addresses are able to be forwarded to proxycheck.io for checking. Detection is in place to determine if you may be using it. If you are not using Cloudflare, leave this setting 'off'. If your web hosting supports Cloudflare this setting should still be turned on.


Detect VPN's? (toggle)

By default only Proxies are checked for, if you would like to also block VPN's turn this setting to 'on'.


Log User IP's Locally (toggle)

When set to on, User's Registration and most recent Login IP Addresses will be logged locally and displayed (with link to proxycheck.io threats page for the IP) in WordPress Users list and on User profile for administrators.

If you used "Register IP's" Plugin previously, Proxy & VPN Blocker will get User Registration IP's saved by this from the DB and will log future registration and most recent Login IP's for each user.

Restrict Pages/Posts

This section has now been deprecated, though restricting on Pages/Posts is still possible. Please see here for more details.

Block Action [Premium]

Select Blocking Method

Blocking Method can either be:

  • Default Block Page
  • Captcha Challenge Page
  • Custom Block Page within your site
  • URL Redirect to another URL or Website

Default Block Page is a customisable (background, logo and text) page.

Sub Options:

  • Access Denied Title (text field): This is the title text that is shown on the default "blocked" page shown to visitors who are blocked. You can change this to say anything you like (e.g. another language than English).
  • Access Denied Message (text field): This is the message that is shown on the default "blocked" page shown to visitors who are blocked. You can change this to say anything you like (e.g. another language than English).
  • Default Block Page Background: Allows you to select an image to use as a background on the default Block Page.
  • Default Block Page Logo: Allows you to select a logo to use on the left side of the default Block Page.

Captcha Challenge Page is a customisable (background, logo and text) page that displays a captcha challenge to detected visitors on your protected assets.

Sub Options:

  • Captcha Option (Select): This can be either Cloudflare Turnstile, hCaptcha, ReCAPTCHA V2 (Checkbox), or ReCAPTCHA V3 (invisible).
    • Cloudflare Turnstile Secret Key (text field): Enter the Turnstile secret key from your Cloudflare Dashboard.
    • Cloudflare Turnstile Site Key (text field): Enter the Cloudflare site key for your site.
    • hCaptcha Secret Key (text field): Enter the hCaptcha secret key from your hCaptcha account.
    • hCaptcha Site Key (text field): Enter the hCaptcha site key for your site.
    • ReCAPTCHA V2 Secret Key (text field): Enter the ReCAPTCHA V2 secret key from your ReCAPTCHA account.
    • ReCAPTCHA V2 Site Key (text field): Enter the ReCAPTCHA V2 site key for your site.
    • ReCAPTCHA V3 Secret Key (text field): Enter the ReCAPTCHA V3 secret key from your ReCAPTCHA account.
    • ReCAPTCHA Site Key (text field): Enter the ReCAPTCHA V3 site key for your site.
  • Show to VPN's only (toggle): Shows Captcha Challenge page to VPN's only. Other detected visitors will be blocked.
  • Challenge Page Title (text field): Title Text for Challenge Page. You can change this to say anything you like (e.g. another language than English).
  • Challenge Page Text (text field): Paragraph Text for Challenge Page. You can change this to say anything you like (e.g. another language than English).
  • Captcha Page Background (media select): Allows you to select an image to use as a background on the hCaptcha challenge page.
  • Captcha Page Logo (media select): Allows you to select a logo to use on the left side of the hCaptcha challenge page.

Custom Block Page Allows you to select any page within your wordpress site as a block page.

Sub Options:

  • Custom Blocked Page (text field with search): Note: Selecting a page here WILL turn off 'Block On All Pages' option. You also may not select a page here that already exists in your "Restrict on Specific Pages" List.

URL Redirect allows you to set a URL all positively detected visitors will be immediately sent to the set address.

Sub Options:

  • Redirect URL (text field): You can enter a custom redirect URL here.

Risk Scores

Risk Score Checking (toggle)

The plugin optionally supports proxycheck.io risk scores. You can individually set a risk score for both Proxies and VPN's.


Risk Score Proxy (slider)

For example, if we set a minimum risk score of 33 for Proxies, any Proxy with a risk score below 33 would be allowed through and any Proxy with a Risk Score higher than this will be blocked.


Risk Score VPN (slider)

if we set a minimum risk score of 66 for VPN's, any VPN with a risk score below 66 would be allowed through and any VPN with a Risk Score higher than this will be blocked.

Restrict Country/Continent

This feature is ideal if you would like to block visitors from specific countries and/or continents, select them from the list.

Important: If you block your own country/continent here you WILL lose access to your website, you will have to upload a blank .txt file called disablepvb.txt to your WordPress root directory, Proxy & VPN Blocker actively checks for this file and if present, will not check connecting IP's. You can then remove your country/continent from the list in PVB Settings and then delete the disablepvb.txt file.

Country/Continent (list)

Select countries/Continents in this list (you can type to search).

By default, countries entered here are blocked.


Treat Country/Continent List as a Whitelist (toggle)

If this is turned 'on' then the Countries/Continents selected in the list above will be Whitelisted instead of Blacklisted, all other countries will be blocked.

Read The Warning!!

Email Filtering [Premium]

Enable Email Filtering

Enables sending Email Addresses on user registration to the proxycheck.io api for checking.

Note: It costs one query for Disposable Email check. On registration this would be in addition to the one query for the Proxy/VPN check, so two queries are consumed.


Send Email Anonymously

This will send an anonymised email address to the proxycheck.io API (e.g: [email protected]). It is only really needed to check the email domain (after the @) but we must send a complete email address.

Advanced

Custom Tag (text field)

If you enter a custom tag in this field this will show next to IP's in your Positive Detection Log rather than the URL of the querying site/page.


Known Good IP Cache (slider)

By default, IP's that are detected as clean are cached for 30 minutes so as to not slow them down too much and to also reduce the number of queries made. You are able to set this to between ten minutes and 240 minutes (4 hours).


Last Detected Within (slider)

By default, IP's are checked for proxy/vpn activity within the last seven days but you are able to configure this to between one and 60 days. One day would be very liberal and 60 days would be very strict. We recommend that this setting is not changed from the default.


Protect on Login/Authentication (toggle)

This option blocks Proxy/VPN's on Login Authentication.

It is not recommended under any circumstances to turn this off.


Block on Entire Site? (toggle)

This feature is not recommended to be used however it was added on request. This WILL result in much higher query usage to the proxycheck API.

This will block people using Proxies and (optionally) VPN's on all pages of your site!

Note: This will not work if you are using a page caching plugin.


proxycheck.io 'denied' status emails (toggle)

Turning this option on will allow Proxy & VPN Blocker to send you an email (Via your WordPress admin email address) if the Plugin encounters a 'denied' error when attempting to make a query to the proxycheck.io API. This could have one of the following messages:

Your access to the API has been blocked due to using a proxy server to perform your query. Please signup for an account to re-enable access by proxy.


(# of queries plan has) Paid queries exhausted. Please try the API again tomorrow or purchase a higher paid plan.


(# of queries plan has) Paid queries exhausted and a burst token has already been consumed.


100 queries exhausted, if you sign up for a free API key you'll be able to make 1,000 free queries per day.


You're sending more than 125 requests per second.

This is limited to sending an email every three hours and will cease when the 'denied' message clears.

Your admin email will not be used for anything else and is not viewable outside of your WordPress installation.

proxycheck.io has a built in, almost instant queries exhausted email feature that you may use instead of this. You can find this on your proxycheck.io dashboard.


Proxy & VPN Blocker Debugging (toggle)

A new option has been integrated in 1.8.2 which enables a debugging page that outputs information which may be useful for the developer to help diagnose any issues that you may be experiencing

It is NOT recommended to leave this option on at all times because of the possibility that in future this feature will be expanded upon with things that may result in higher load and make queries take slightly longer. Only enable this option if you need debugging information!


Cleanup on Uninstall (toggle)

This option is off by default since introduction, now when deactivating and removing the plugin, the settings will not be cleared unless this option is enabled.