[Dеfеndеr Рrо] Rе-Рrосеѕѕ ІР аddrеѕѕеѕ wіth сurrеnt URL bаn lіѕtѕ

Can we re-run a URL blocklist against logged traffic?

That is, now that I have updated my URL blocklist, I want to go back through the log and ban any IP that would have been banned by the current list.

Why? Because someone at that IP has proven that they are malicious and intent on intruding on one of my sites. If they come back, I don’t want them probing again with some new trick. I don’t want them on Any of my sites. So I want to Pro-actively ban them, rather than waiting for them to hit the site again so that I can Maybe Re-actively ban them if they try some activity that I’ve already identified.

Imagine a world where the Hub allows us to update a URL blocklist for all sites, like we can with IP addresses. And with a single button click we can trigger all sites to process the current common list in addition to their own individual lists, banning IPs from all sites that tried to abuse any of our sites.

As always, if Defender and the Hub don’t already do this, please just point me to the function that needs to be called to ban an IP. I’ll run a cron process, look at the logs myself, run prior visitors through my new lists, and – with the provided function – ban the IP.

Or I’ll just do this outside of Defender and let fail2ban handle it.

What are the options for this?

Thanks!

Thu, 1 May 2025 23:22:33

Nithin Ramdas
- Support Wizard
- 4,159 pts: Hero points 32,771 pts: Rep. points LEVEL 30
Hi Tony G ,

At the moment, the Defender Pro plugin can only block IPs based on firewall rules. There isn’t any feature to ban a domain based on IPs.

I’ll make sure to bring this to our Defender teams’ attention to check whether such a feature would be handy or not, and whether it could be implemented later on the roadmap.

Kind Regards,
Nithin
Tony G
- Mr. LetsFixTheWorld
- 1,428 pts: Hero points 2,738 pts: Rep. points LEVEL 14
That’s not what I asked. Please look again. Thanks.
Patrick Freitas
- FLS
- 4,567 pts: Hero points 25,277 pts: Rep. points LEVEL 30
Hi Tony G

Sorry for misunderstanding, you can handle it with something like:
```
$prepared_ip_list_for_ban = array(
    '1.1.1.1',
    '2.2.2.2',
    '3.3.3.3',
//...other IPs.
);
foreach ( $prepared_ip_list_for_ban as $ip ) {
    $blocklist_model = new \WP_Defender\Model\Setting\Blacklist_Lockout();
    $blocklist_model->add_to_list( $ip, 'blocklist' );
}
```
If you are using Defender its own logs then you can loop for items from PREFIX_defender_lockout_log, but note that we can’t provide the full implementation, I do understand you know how to handle it and the above would be just the start point.

Best Regards
Patrick Freitas
Tony G
- Mr. LetsFixTheWorld
- 1,428 pts: Hero points 2,738 pts: Rep. points LEVEL 14
I think that just became the best bit of code I’ve ever seen here. Thanks Patrick!

I’ll try to post back here after I’ve worked with that.

How do you rate me?

Thank you for rating your experience!