IP-Fence

Detailed Documentation

Bots — Your Site's Invisible Enemy

A significant portion of the traffic to your site is bots. An estimated 30–50%. Some of these bots are legitimate — search engine crawlers like Googlebot and Bingbot. But a large portion is malicious:

• Content scrapers: Bots crawling to copy your content.
• Vulnerability scanners: Attack bots constantly probing your site for security weaknesses.
• Resource exhausters: Bots designed to drain your server resources for DDoS preparation.
• Email harvesters: Spam bots collecting email addresses from your site.
• Aggressive SEO crawlers: AhrefsBot, SemrushBot, and similar competitive analysis bots that need to be controlled.

IP-Fence filters this traffic before it reaches your server.

Early-Hook Blocking Architecture

IP-Fence's most critical feature is its early-hook blocking. Most security plugins wait for WordPress to fully boot — bot traffic consumes server resources all the way to the page render stage.

IP-Fence works differently: it activates at the very start of the plugins_loaded hook and blocks suspicious requests before WordPress core begins loading. For blocked bots, the server's PHP processor barely runs at all — the resource savings are substantial.

Detection Mechanisms

IP-Fence detects suspicious bots using three main criteria:

• User-Agent signature: Known malicious bot user-agent strings (e.g., "AhrefsBot", "MJ12bot" — optionally blocked).
• IP reputation: Lists of known malicious IPs (botnets, abused VPN proxies).
• Behavioral analysis: Abnormal request frequency, patterns inconsistent with typical human traffic.

Whitelist Override: Respect for Legitimate Bots

IP-Fence is aggressive but smart. Googlebot, Bingbot, Applebot, Yandex, and other major search engine bots are automatically whitelisted. Your SEO is not harmed.

The whitelist mechanism performs reverse DNS verification. If a bot arrives with a "Googlebot" user-agent but the IP doesn't belong to Google — it's blocked. This prevents malicious bots from impersonating legitimate ones.

Whitelist Editor

You can add your own bots (uptime monitoring, deployment scripts, backup services) to the whitelist. IPs or CIDR ranges can be added with one click from the admin panel.

Shared database with FeedControl: IPs you add to the IP-Fence whitelist are automatically recognized by FeedControl as well. Single-point management.

Detailed Block Logs

Every blocked request is logged: IP, user-agent, request URI, timestamp, block reason. You can filter logs from the admin panel and export them as CSV. It's a critical tool for detecting attack patterns.

Log retention is configurable: 7, 30, or 90 days. Old records are auto-purged — your database doesn't bloat.

Performance: Zero Overhead

Because IP-Fence works at the early hook, it adds almost no overhead to legitimate user traffic. Whitelist checks take an average of 0.5–1 ms. This makes no perceptible impact on page load time.

When bots are blocked, server resource savings are significant. On a typical blog site, after IP-Fence is enabled, a 20–40% reduction in server load is observed.

Hidden Door + IP-Fence: Complete Login Security

Hidden Door hides wp-login.php — IP-Fence prevents suspicious bots from reaching the server at all. Together, they nearly fully close your site's login attack surface. The attacker can neither find the login door nor scan for it.

Compliance Notes

• ISO 27001:2022 — A.8.20: Network security controls.
• ISO 27001:2022 — A.8.16: Logging. Detailed block logs.
• ITIL v4 — Information Security Management: Access filtering.
• COBIT 2019 — DSS05.04: Information access rights management.