Using Wordfence IP blockings (Wordpress WAF) for Crowdsec decisions

Hi,

Wordfence is a great Wordpress WAF with many options for blocking IP on some unwanted behaviors. I did not find any thing on Internet about Crowdsec scenario using Wordfence blockings to take decision.

I would like to use Wordfence IP blockings to trigger Crowdsec decision on firewall-bouncer to avoid CPU overload by PHP (Wordpress/Wordfence) processing.

So I’m writing a Wordpress plugin to log in a file all Wordfence IP blockings. Then I’ve to write a parser and a scenario to trigger decision for crowdsec.

At the moment the log looks like :

[date] [ip] [blocking duration] [action] [reason]
[12/Jul/2024:18:50:53 +0000] [188.246.233.180] [600] [block] [Blocked by Wordfence Security Network]
[12/Jul/2024:21:17:13 +0000] [66.23.225.60] [300] [block] [Blocked by login security setting]
[12/Jul/2024:22:53:35 +0000] [34.124.177.101] [600] [block] [Blocked by Wordfence Security Network]
[12/Jul/2024:23:48:00 +0000] [144.91.97.25] [600] [block] [Blocked by Wordfence Security Network]
[13/Jul/2024:02:23:16 +0000] [188.164.196.16] [600] [block] [Blocked by Wordfence Security Network]
[13/Jul/2024:04:53:19 +0000] [51.210.113.223] [600] [block] [Blocked by Wordfence Security Network]
[13/Jul/2024:06:41:45 +0000] [43.248.141.170] [60] [throttle] [Exceeded the maximum global requests per minute for crawlers or humans.]
[13/Jul/2024:06:41:46 +0000] [43.248.141.170] [59] [block] [Exceeded the maximum global requests per minute for crawlers or humans.]
[13/Jul/2024:06:41:46 +0000] [43.248.141.170] [59] [block] [Exceeded the maximum global requests per minute for crawlers or humans.]

Before continuing with this work, I’m coming to you to make sure that something doesn’t already exist :slight_smile:

Thanks for your contribution.

1 Like