Yogesh Chauhan's Blog

How to Block IPs and User Agents using code in Drupal or WordPress?

in Drupal & WordPress on March 29, 2021

IN WordPress and Drupal both, there are built-in methods to add specific IP addresses or other means of identification to block them. If you’re looking for code to do the same, here are the snippets.

In Drupal, you can use “settings.php” file and in WordPress, you can use “wp-config.php” file to add these snippets.

PHP code snippets to block IP addresses

There are few advantages to use PHP code to block the IP addresses.

  • First of all, you don’t need to install the plugin that will add data to database and then fetch it every time.
  • You won’t need the additional code of plugin.
  • A plugin requires making connections to database and also it requires the WordPress or Drupal to be loaded.
  • If you site is already affected by DDoS attack then you can’t add a plugin/module.

Add this code to block a single IP address


if ($_SERVER['REMOTE_ADDR'] == '192.168.1.1') {
  header('HTTP/1.0 403 Forbidden');
  exit;
}

👉 Do not forget to replace the IP address (192.168.1.1) with the one you want to block.

Add this code to block a range of IP addresses


// IPv4: Single IPs and CIDR.
$request_ip_blocklist = [
  '192.0.2.38',
  '192.0.3.125',
  '192.0.67.0/30',
  '192.0.78.0/24',
];

$request_remote_addr = $_SERVER['REMOTE_ADDR'];
// Check if this IP is in blocklist.
if (!$request_ip_forbidden = in_array($request_remote_addr, $request_ip_blocklist)) {
  // Check if this IP is in CIDR block list.
  foreach ($request_ip_blocklist as $_cidr) {
    if (strpos($_cidr, '/') !== FALSE) {
      $_ip = ip2long($request_remote_addr);
      list ($_net, $_mask) = explode('/', $_cidr, 2);
      $_ip_net = ip2long($_net);
      $_ip_mask = ~((1 << (32 - $_mask)) - 1);

      if ($request_ip_forbidden = ($_ip & $_ip_mask) == ($_ip_net & $_ip_mask)) {
        break;
      }
    }
  }
}

if ($request_ip_forbidden) {
  header('HTTP/1.0 403 Forbidden');
  exit;
}

👉 Do not forget to replace the IP addresses with the ones you want to block.

PHP code snippets to block User Agents

You can also target unwanted user agents and block them from visiting your site either by “robots.txt” file or with PHP stripos function. I’ll show you the second method here.

The stripos function from PHP is a case-insensitive match and it’s really helpful while blocking the bots or crawlers like as Curl/dev vs curlBot.

Add this code to block a single bot


if (stripos($_SERVER['HTTP_USER_AGENT'], 'UglyBot') !== FALSE) {
  header('HTTP/1.0 403 Forbidden');
}

👉 Do not forget to replace the UglyBot with the one you want to block.

Add this code to block a list of bots


$bots = ['UglyBot', 'PetalBot'];
foreach ($bots as $bot) {
  if (stripos($_SERVER['HTTP_USER_AGENT'], $bot) !== FALSE) {
    header('HTTP/1.0 403 Forbidden');
    exit;
  }
}

👉 Do not forget to replace the $bots array values with the ones you want to block.

Credit: Pantheon


Most Read

#1 How to check if radio button is checked or not using JavaScript? #2 Solution to “TypeError: ‘x’ is not iterable” in Angular 9 #3 How to add Read More Read Less Button using JavaScript? #4 How to uninstall Cocoapods from the Mac OS? #5 PHP Login System using PDO Part 1: Create User Registration Page #6 How to Use SQL MAX() Function with Dates?

Recently Posted

#Aug 15 Is PHP still good for back-end programming? #Aug 10 How to create a multisite network in WordPress? #Aug 3 How to create a circle that follows a cursor using JavaScript and CSS? #Aug 3 How to make a curtain slider using jQuery and CSS? #Aug 2 How to progressively load images and add a blurry placeholder? #Aug 1 How to create a placeholder loader (throbber) using CSS?
You might also like these
How to create a for loop in SCSS (Sass)?SCSSinclude, include_once, require, require_once in PHPPHPHow to use @if and @else in SCSS?SCSSHow to swap images on hover using CSS?CSSMicroservices vs Monolithic ArchitectureMiscellaneousHow to Find the Highest (or Lowest) Number in an Array in JavaScript?JavaScript