Customizing Block & Locked Messages from Wordfence

To find the source code for a block message, easiest way I’ve found is to do a text string search on the Wordfence plugin folder, using a text string unique to the block message. You got me interested in doing customized block messages again, so I’ll mess around with this and get back.

FYI, it’s been a huge disappointment that Wordfence never gave us the functionality of using our own block messages (instead, they destroy a perfectly good UI). They don’t seem to get the philosophy of this. To that end, a simple explanation: Dear Wordfence, we are publishers, for better or worse we need to control the public facing side of our websites. That’s what a publisher does. Please support us. This is a feature request. Again.

MTN

This is all the more important – as you wrote that we are the publishers – we are responsible for the security of our websites. Of course, we use Wordfence – for which I thank the authors ?? But I would rather be able to change this message myself. Everything for security of course!

BTW!

I’m blocking someone who is doing very bad! For example, searching and penetrating what is the link to login to the admin panel. I will say it again – everything for safety!

• This reply was modified 6 years, 9 months ago by robertozsgh.

Another thing. Some of us have high traffic websites, with thousands of blocked hits. Those hits use bandwidth. I prefer a blocked notification page with about 150 characters of text and nothing else, no PHP, no links, nothing. Why Wordfence insists on not allowing this is mystifying.

At the risk of thread drift, if you’re having trouble with login attacks, first step is simply hide the login using WPS Hide Login plugin, and remove all login links from public facing pages of course. Unless you need public logins, in that case, may the gods be with you.

MTN

Cool! I have a lock to the default admin panel link;) But thanks to Wordfence and Life scanner and adding a certain filter – I see – how many different attempts are made to “search” the correct one. That’s why I prefer that the message about the blockade be short and transparent, like:

<?php if (!defined('WORDFENCE_VERSION')) { exit; } ?>
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>Blocked</title>
</head><body>

<p><span style="color: #F00;">Your access to this site has been BLOCKED</span></p>
<p style="width: 600px;">
<b>Important note: </b><i> Please contact the administrator</i>

</p>
<p style="color: #999999;margin-top: 2rem;"><em>Generated <?php echo gmdate('D, j M Y G:i:s T', wfUtils::normalizedTime()); ?>.
</body></html>

It is me who wants to verify what will be in the message! And so far it has been how the file changed: wf503.php.
Why it does not work now – I have no idea! ??

• This reply was modified 6 years, 9 months ago by robertozsgh.
• This reply was modified 6 years, 9 months ago by robertozsgh.

You also need to edit following file along with the above mentioned files:

/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/views/503.php

The files I modify are these:

/plugins/wordfence/lib/wf503.php
/plugins/wordfence/lib/wfLockedOut.php
/plugins/wordfence/vendor/wordfence/wf-waf/src/views/503.php

For testing, I use a VPN and browse to one of my banned URLs, as well as trying to break a Firewall rule.

Time consuming BS, please Wordfence just give us the option of using custom error pages.

MTN

Thanks!

Here was the solution to the problem:
/plugins/wordfence/vendor/wordfence/wf-waf/src/views/503.php

It is a pity that you have to bury it so deeply in the code to do it ??
Perhaps the Wordfence authors would think of some simple function in the panel to modify this error / lock code.

Hi @robertozsgh,

The feature to customize the text users see when they are locked out or blocked is on our roadmap.

(For reference the internal ticket is #FB521)

^^ That’s awesome news. It would be fantastic to be able to customize the blocked page.

That’s good news, thanks.