96175
results for "wordpress"
-
This is why I like having a WordPress/Cloudflare integration that immediately blocks offending IPs at the cloudflare level. Go directly to jail, do not pass go, do not collect $200.
[Kupietz]
at
2026-04-29 05:18
-
Oh, wow. Look at this. This is evil. Someone is trying to see if I have a backup of my wordpress config file they can read.
[Kupietz]
at
2026-04-29 05:15
-
If anyone in the future ever encounters the same problem I did, I whipped up a wordpress plugin (apache 2.4+ only) that adds an .htaccess directive to inject User Agent headers into any incoming webmention that is lacking them, so you can leave WordFence's heavier-duty "block IPs that send POSTs without User Agent or Referrer" protection on, and it still will now let webmentions through.
[Kupietz]
at
2026-04-28 00:29
-
https://github.com/kupietools/ktwp-wp-plugin-webmention-useragent-injector-for-wordfence
[Kupietz]
at
2026-04-28 00:29
-
sp. agentless/referrerless POST blocking. Freudian slip
[Kupietz]
at
2026-04-26 20:29
-
Yeah, I'm not _that_ concerned with webmention spam (well, not at all concerned, now that it looks like I'm going to be turning the whole thing off.) 100% agree, the requirement for the originating page to have the right link is effective enough, as far as webmentions are concerned
[Kupietz]
at
2026-04-26 20:27
-
If I turn off the agentless/referrerless POS blocking in WordFence, then the comment spammers can always communicate with my server, even if I install Akismet to then deal with them there. Having been the victim of a DDoS just a few weeks ago, I'm not crazy about lowering my shields even more and putting more of the security work on my server's innards rather than on the WAF or on CloudFlare
[Kupietz]
at
2026-04-26 20:27
-
The problem is, the webmention plugin requires me to turn WP comments on, and with comments on and WordFence not set to block agentless or referrerless POSTs, I was stuck moderating a ton of comment spam. It doesn't show on the website but it still showed on the back end and I still had to wade through it. WordFence straight denies the requests at the firewall level, the comments never get submitted
[Kupietz]
at
2026-04-26 20:27
-
And also, this is important to me, WordFence integrates with PolarMass IP Blocker, which means once WordFence has denied a spam comment POST, the originating IP automatically gets blocked at the Cloudflare level and the spammer's packets never even make it to my server again. This is useful when you self-host. PolarMass also says automatic APN blocking is coming
[Kupietz]
at
2026-04-26 20:27
-
I defer to the WordFence folks how that setting is supposed to be used in order to be valid. I have gotten 1 or 2 webmention spam but the reality is that the requirement for an originating page to have an actual valid specific link is a pretty high bar. That said, I use akismet which does a fine job since I run comments, pingbacks, and webmentions open for (almost) all 25 years worth of posts
[artlung]
at
2026-04-26 19:41