New CrowdSec plugin to protect WordPress sites

Hello everyone! We are actively working on the development of our system for blocking unwanted IP addresses and today we are pleased to tell the community about our new development – a WordPress plugin to simplify the life of webmasters and protect the sites they administer.

Like many of our other solutions, the new bouncer for WordPress is an open source development that we distribute under the MIT license. We distribute it as an officially approved WordPress plugin. You can familiarize yourself with the page of our development and download it at official WordPress site

The new CrowdSec bouncer for WordPress solves two webmaster tasks at once: it cuts off unwanted IP addresses and has an additional softer blocking function – it shows captchas to unwanted or suspicious IP addresses.

In order for the plugin to work, you, as in the case of a separate server or network, will need to install the server side of CrowdSec. We have previously published a small tutorial on this topic, you can read it here. Our WordPress plugin is compatible with CrowdSec 1.0.x versions, that is, with the latest current releases after our big update, in which we refactor the architecture and switched to using the API instead of direct calls of system elements to the database.

Flex Mode

Sites on WordPress are, very often, sites for small and medium-sized businesses that use a ready-made solution instead of their own lengthy development. Each visitor who can potentially become a client or buyer is extremely important to such resources. Also, webmasters often simply do not have a budget, or they are self-taught who do not know how to properly configure protection.

CrowdSec is quite a powerful tool, like any other project in this area, and a permanent ban by IP address is no joke.

Precisely so that the webmaster does not, through ignorance or carelessness, do the irreparable, we created Flex Mode for the WordPress plugin.

Flex Mode is a sparing mode of operation of the bouncer and the server with the site. In this mode, the owner of the suspicious IP-address cannot get a permanent ban. The maximum restrictions on access to the site for such a visitor is the need to go through the captcha.

We believe that captcha is a fairly effective tool that will help to effectively limit a fairly large part of suspicious visits to the resource, and the ability to enable captcha by installing a plugin is a good way to quickly secure your WordPress site. Yes, you will need to install the server part of our product, but, in fact, there is nothing difficult there and even a novice user who is at least remotely familiar with the console can handle it.

Especially for those who do not care about the appearance of their site, we have additionally introduced a system for customizing the appearance of the captcha window, which gives our plugin to suspicious visitors. This is how the default captcha looks like:

And this is already customized:

We know that the appearance has nothing to do with protection functions, but the ability to organically fit a captcha into the site is not superfluous. At least visually, the visitor will understand that the site is taken more seriously than in many other places where he came across captchas.

Balancing protection and performance

Our plugin has two modes of communication with the CrowdSec backend.

The first default mode is “Live mode”. This is a mode in which the bouncer, when accessing the site of a new user in real time, calls the server API to obtain information. Including, in this mode, the IP of the site visitor is checked against the general CrowdSec ban list, which is generated from our side as developers. After that, the server sends the information back to the bouncer in the plugin and he already bans / does not ban the user, or shows him a captcha.

This mod provides the most protection for your site, but, as you can imagine, affects the performance of the site and, with a lot of traffic, creates a load on the server side of CrowdSec, generating a traffic flow.

If such constant requests to the server are unacceptable for you, then the second version of the plugin’s work will suit you, to which you can switch it.

It’s called “Stream Mode” – and it works in the opposite way than “Live Mode”. When you turn on the streaming mode, the server part becomes the main initiator of unloading the ban list, which, with a certain frequency, simply updates the lists on the bouncer side, allowing it to work with greater autonomy.

Streaming mode not only reduces the load on all parts of the system we are describing, but also eliminates a serious impact on the performance of the site from the side of the bouncer, and also creates almost no Internet traffic. This mod is suitable for administrators and webmasters of large resources, or resources hosted on a not very powerful hosting.

If you are using a CDN, reverse proxy, or load balancer, you can specify the IP ranges for these devices in the bouncer settings. This will allow you to check the IP addresses of your users. For other IP addresses, the bouncer will not trust the X-Forwarded-For header.

What will happen next

We did not stop working on the plugin after the release, and in the near future it received a visual control panel through which it will be possible to visualize the bouncer activity. This will give you more information and insight into what’s going on with your site and how effective the CrowdSec plugin is. Also, soon we will allow you to directly connect to the reputation database, which we collect ourselves, so that you do not need an agent to check the public ban list.

We tested the new plugin on most WordPress versions that are currently relevant in the world. In total, we covered 90% with tests, according to the statistics of using WP around the world. We also tested on PHP versions 7.2, 7.3, 7.4 and 8 to avoid conflicts at the language level in which WordPress is written. Of course, with the release of new versions of both the engine and the programming language, we will continue to work in this direction.

Again, the plugin is released under the MIT license – the free and widest free license in the world. Plugin source code in full available on githubjust like the CrowdSec source code.

New bouncers can be found on our hub, where we first of all publish new versions and updates.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *