DW 404 Deny
Intercept the 404 errors, test them for malicous behaviour, block malicous IP’s via the DENY IP instruction to your .htaccess.
Hackers and web scrappers have been trolling the internet since it was first created. Mostly, they are looking for website vulnerabilities and ways to gain access to websites for neferious reasons. Modern AI bots are scapping the websites for all the information they can, stealing everyones Intellectual Property in the form of images and text and then making it available to other developers as if it was original content. DDoS attacks fire countless access requests to websites purely in an attempt to shutdown the CPU.
It is time to stop the IP theft and protect websites from hackers by fighting back.
This plugin is designed to allow website administrators to block any IP Address that meets the administrators definition of malicious.
By identifying the IP Addresses that generate 404 errors on your website and what caused the 404 error, we can identify if the 404 was malicous or accidental.
Any malicous hits can then have the IP Address blocked with the .htaccess DENY command and the attacks will never be available again from that computer.
An example of a malicous attack is someone trying to access a .php file directly. This is the mnost common type of vulnerability scan and occurs 1000’s of times daily against most computers. By blocking the bot after the first attempt, all subsequent attacks stop.
Another example is searches that target backup software like “https://website.com/backup” or “https://website.com/bc”. Looking for a specific director that doesn’t exist on your website is an example of neferious searches and indicates a potential hacker.
Most AI bots will identify themselves, so we can use that to block their searches and stop them from scrapping your website, but another technique is to check how many times a bot hits your website over time and if it comes too often, you probably should stop it any way.
We can also add specific IP Addresses as acceptable, to you never block yourself or your adminstrator or website developer from accessing your website. Also, you probably want Google and Bing bots to check your website, so you will probably want to white list them too.
As a developer, I have seen far too many attacks hitting websites and found that the DENY option is the best to block this behaviour.
This plugin is designed purely for the websites I manage, but I am making it available to the general public as a free plugin as I know it has great value.
I am expecting to develop a pro version which automatically collects blocked IP Address listings and shares them with other websites, so that if an attack gets blocked on one website, all websites that use the shared block list will automatically be protected agaisnt the specific attacking IP Address.