[Defender Pro] Defender causing high usage

The WP Defender app is causing high usage on our server. Here is an example from the log:

[30-Jun-2019 21:56:44 UTC] PHP Warning: count(): Parameter must be an array or an object that implements Countable in /home/britishicehockey/public_html/wp-content/plugins/wp-defender/app/module/ip-lockout/controller/main.php on line 643

Can you advise?

  • Ash
    • WordPress Hacker

    Hello James

    I have just tried the plugin on my site but I could not replicate the warning.

    Would you please let me know what is your php version? Please update your php to 7.3 and check if the issue exists?

    Please let us know how it goes. Have a nice day!

    Cheers,
    Ash

  • Nithin
    • Support Wizard

    Hi James,

    We keep WP Defender up to date, I thought it was meant to protect our sites? A bit disappointed to be honest.

    Sorry to hear if you are noticing any issues regarding this. What Defender Pro plugin helps is with hardening the website, so that it prevents any potentials attacks from bots and other means.

    There are a couple of features s which you'll have to make sure is enabled, like Mask Login Area, Geo-Location Block, Two Factor Authorization.

    We are experiencing attacks to our wp-login.php file on another site now.

    From the above reply, it sounds like you the WordPress login URL as:

    yourSiteURL.com/wp-admin

    If yes, then it's common for bots to target attacks on the default login URL, enabling Mask Login Area feature under Defender Pro > Advanced Tools > Mask Login Area, will allow you to rename the login URL so that it would help prevent such issues.

    Also, enabling Location block, under Defender Pro > IP Lockouts > IP Banning, should allow enabling countrywide blocks, to help reduce bots from specific country IP from attack.


    You'll have to 1st download the Geo IP Database by clicking the "Download" as shown in the screenshot to enable the settings.

    If your website is only meant for the visitor, and customers from the UK, then you can only block the rest of the country, which should bring a significant difference.

    If these mentioned options are already enabled, and still have issues regarding this, then please enable support access to your website if needed, so that we could give a closer look, if needed.

    Regarding the mentioned warning message in the initial reply, was that resolved with PHP version upgrade?

    To enable support access, you can grant access from WPMU DEV > Support > Support Access > Grant Access, or check this manual: https://premium.wpmudev.org/docs/getting-started/getting-support/#chapter-5

    Please let us know once you enable access so that we could give a closer look if needed.

    Kind Regards,
    Nithin

  • Nithin
    • Support Wizard

    Hi James,

    I'm afraid, at the moment there isn't any out of the box settings regarding this, GEO IP will block both the front and backend. There are chances where bots would call requests via the frontend too for any specific plugin vulnerable files etc

    Could I know any specific reason to only block this in the admin side, so that I could check with the developer for any workarounds, and also look into the possibility of for feature request if possible.

    Looking forward to your response. Have a nice day ahead.

    Kind Regards,
    Nithin

  • James
    • Flash Drive

    My thinking with blocking it admin side is that it would block access to Wordpress, dashboard etc (as all of our admins/editors are UK based); but wouldn't impact anybody wanting to visit the front end of the website from overseas.

  • Nithin
    • Support Wizard

    Hi James,

    Sorry for the delay in getting back to you. We have brought the feature of applying GEO IP block based on dashboard and frontend, unfortunately, there isn't an easy workaround regarding this at the moment. However, our team does see that this should be a handy feature and will be looking into implementing this down the plugin's roadmap.

    We are still experiencing common problems with brute force attacks, particularly from Chinese IPs.

    If the IPs are more specific to Chinese, is it possible that you could block the website from "China" in general via the GEO IP Block feature mentioned?

    On checking the dashboard further, most of the bot requests are 404 calls, would recommend you to reduce the number of lockout threshold to a lower value like 3, under Defender Pro > IP Lockouts > 404 Detection so more IPs are blocked by the plugin.

    Could you please check, and see whether these mentioned settings help further? What Defender Pro does is protect websites from such attack by hardening the website, other than these settings, if you still looking to fully prevent then it'll require implementing firewalls. You can check the following plugins for firewalls:
    https://www.wpbeginner.com/plugins/best-wordpress-firewall-plugins-compared/

    Please do let us know how that goes, have a nice day ahead.

    Regards,
    Nithin

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.