We are looking to enhance our site’s security by implementing rate limiting for Proxy/VPN/Tor IP Addresses. After reviewing ShieldPro’s features, I understand that to block bad IP/Visitors (Proxy/VPN/Tor), we can add a blocklist via the CrowdSec Community IP Reputation Database with the CrowdSec IP Blocking option set to “Block Request.” This entails purchasing a premium plan from CrowdSec and updating their CrowdSec Enroll ID in your plugin settings at Dashboard ? Config ? Block Bad IPs/Visitors ? CrowdSec Community IP Reputation Database.

Furthermore, we have already employed the rate-limiting feature at Dashboard ? Config ? Traffic Log ? Traffic Rate-Limiting. However, our specific requirement is to implement rate limiting for IP addresses detected as VPN/Proxy/Tor IP Addresses via the aforementioned blocklists, rather than applying rate limiting to the entire traffic.

Could you please provide guidance on how we can configure the rate-limiting feature to apply only to the identified VPN/Proxy/Tor IP Addresses listed in the CrowdSec Community IP Reputation Database?

Your prompt assistance on this matter is highly appreciated.

Tor Browser is a web browser based on Firefox that is used by many people living in oppressive countries or who otherwise need to use privacy tools to protect themselves online (eg when searching for information about a sensitive subject such as cancer).

Unfortunately, it appears that websites using this theme are completely broken on Tor Browser with “Safest” settings enabled. This, among other things, disables less-secure options such as Javascript.

* https://tb-manual.torproject.org/security-settings/

It is reasonable for a theme to follow the Progressive Enhancement concept, such that some flashy bells & whistles may not fully function when Javascript is disabled. However, it is not acceptable for something as critical as the navigation menu bar to be inaccessible to users with javascript disabled.

* https://en.wikipedia.org/wiki/Progressive_enhancement

Is there any currently-functioning workaround for this bug (eg to substitute the javascript hamburger menu function with a CSS-capable menu) so this theme is accessible to Tor Browser users with “Safest” settings enabled?

I’m looking for a very popular (>99,000 active installs) free or freemium theme that’s fast, ligthweight, and has good integration with WooCommerce. After some searching, I decided to try a couple very popular themes:

* GeneratePress
* Neve

Unfortunately, I was very disappointed in testing the demo sites of these themes to discover that they were completely broken on Tor Browser with “Safest” settings enabled. This, among other things, disables less-secure options such as Javascript.

* https://tb-manual.torproject.org/security-settings/

It’s important to me that my website is at least fully functional for at-risk customers that use tools to protect themselves (following the concept of Progressive Enhancement)

* https://en.wikipedia.org/wiki/Progressive_enhancement

The most obvious issue with the themes I’ve tested is that the hamburger menu does nothing when you click on it in Tor Browser with “Safest” settings enabled. If the user can’t access the menu, then they cannot navigate or use the website.

Are there any popular wordpress themes whose hamburger menus is functioning on Tor Browser’s “Safest” settings?

Is there any similar plugin to monitor any tor connections to my site?

Thank you

/wp-json/wc/store/v1?_locale=user

I have an issue with a website that is accessible on two domains: a clearnet domain and a darknet domain. Both domains talk to the same backend apache web server. One comes-in over the Tor network/daemon. The other comes-in over nginx.

* https://tech.michaelaltfield.net/2021/02/12/wordpress-multisite-tor-alias/

The website loads fine on the clearnet domain https://buskill.in

Unfortunately, there is an issue where the products never load in the woocommerce block to display all products; it basically just spins indefinitely https://buskillvampfih2iucxhit3qp36i2zzql3u6pmkeafvlxs3tlmot5yad.onion/

I checked the web browser’s dev tools, and I saw that there was one request failing when loading the site in the Tor Browser. Here’s a subset of the request headers:

OPTIONS /wp-json/wc/store/v1?_locale=user undefined
Host: buskillvampfih2iucxhit3qp36i2zzql3u6pmkeafvlxs3tlmot5yad.onion

However, when I load the clearnet domain for the same page in firefox, the first request for *wp-json* is a GET request (not OPTIONS). Here’s a subset of the request headers:

GET /wp-json/wc/store/v1?_locale=user HTTP/1.1
Host: www.buskill.in

For security reasons, I actually block OPTIONS requests to my webserver, so I suspect this is the issue.

What I don’t understand is why woocommerce tries to have the client execute an OPTIONS request on my customers visiting my site via our Onion Service, yet it’s a GET request on my customers visiting the site on the clearnet domain.

Can you please point me to the relevant file, function, and line number that is responsible for telling the client to make this ajax call in the woocommerce sourcecode?

This amazing idea for plugin,to we can combat against people who are trying to hide their IP -is.

I am using FREE version,but plugin not work at all. I try with TOR and with VPN. I can still browse site. Did i miss something in settings for FREE version?

Thanks

Is there an option in Wordfence to completely block Tor? It would be useful when site is under attack, and would be disabled in normal time. Of course it would mean to “often” update Tor exit nodes IPs to block them in WordPress.

There are some plugins that claim to do the job but they are all outdated.

Thank you!

People uses automatic programs for voting themselves through proxy/Tor network so that IP changes any time.
I do not want to enable the “Logged-in Users Only” option as my WP is intended for Guests only.

Is it possible to implement further checks on voting users?

It would be great if I was able to allow only 1..2..3..4..5…. votes per day per IP.

Also, anti-proxy, anti-VPN, anti-Tor mechanisms would be very nice.

When I try to access my word press website in tor for some reason it cannot load properly. It only partially loads the page.

It is as if the browser cannot load the theme properly.

Any ideas why this is happening?

Thanks in advance