New Feature: Playlist Center! Pick a topic and let our playlists guide the way.

Easy-to-follow video tutorials help you learn software, creative, and business skills.Become a member

Controlling proxy access

From: WordPress 3: Developing Secure Sites

Video: Controlling proxy access

It may be impossible to block 100% of proxy visits to your site, but you can block most of them. In this screencast, we'll see how to control proxy access with PHP and htaccess. Keep in mind that not all proxies are evil. So only use this technique if you're sure that you don't want anyone visiting via proxy. Here in our FTP/file editor we're looking at the root htaccess file for our WordPress installation.

Controlling proxy access

It may be impossible to block 100% of proxy visits to your site, but you can block most of them. In this screencast, we'll see how to control proxy access with PHP and htaccess. Keep in mind that not all proxies are evil. So only use this technique if you're sure that you don't want anyone visiting via proxy. Here in our FTP/file editor we're looking at the root htaccess file for our WordPress installation.

Currently, it contains only our WordPress PERMALINK rules, as seen here. After our existing rules, let's add this htaccess snippet, graciously provided by perishablepress.com. We copy the code and return to our htaccess file and paste into place. There is a lot going on in this slice of code, so for more information visit the short URL provided here.

There are no edits to make, so we save and upload the file to the server, and we're done. Now let's jump back over to our demo site and check that everything is working okay. The pages seem to be loading quickly, and everything is working great. If for some reason, the pages aren't loading or if something isn't working right, just remove the code and try again. By itself, this code should reduce the amount of proxy traffic hitting your site, but there are many types of proxies and blocking them happens in layers.

This htaccess code is like the first layer, and so now let's add another strong layer of protection, using PHP. Here in the demo site, we go to wp- content and then to the themes folder. We want to find our header.php file in the theme that we are using. We're using the default TwentyTen theme, and here's the header.php file that we're looking for. So we click to open it and then grab the second slice of code included with this screencast.

Copy this snippet, return to the FTP/file editor, and paste this at the top of the page. Next, save and upload the file and then return to the browser and refresh the page. As expected, everything is still working fine. This second layer of code does an excellent job of transparently blocking even some of the most clandestine of proxy sites. So let's wrap up this screencast by visiting some currently available proxies and seeing if we can access our now protected demo site.

So let's head on over to proxy.org for a list of active proxy services. Try any of the ones listed in green. We want to enter the URL for our site and then click Go. Some of them may be a little difficult to determine what's actually happened, but up in the corner here, we see that access is not allowed. We have been denied access to our site using this particular proxy.

Let's quickly try another one. Proxify is a reputable proxy. So we enter our URL and click Proxify. Excellent. Proxy access not allowed. This is due to our script that we have in place. Everything is all set at this point. These two layers of protection, htaccess and PHP, are going to block out most of the proxy visits to your site. Again, it's virtually impossible to block all proxies.

There are many types of proxies available: HTTP, SOCKS, VPNs, TOR, and so on. Further filtering of proxies is possible, but quickly goes beyond the scope of this tutorial. Even so, in this screencast, we've seen how combining a little PHP and htaccess proves an effective way to block many proxy visits to your site.

Show transcript

This video is part of

Image for WordPress 3: Developing Secure Sites
WordPress 3: Developing Secure Sites

36 video lessons · 11196 viewers

Jeff Starr
Author

 

Start learning today

Get unlimited access to all courses for just $25/month.

Become a member
Sometimes @lynda teaches me how to use a program and sometimes Lynda.com changes my life forever. @JosefShutter
@lynda lynda.com is an absolute life saver when it comes to learning todays software. Definitely recommend it! #higherlearning @Michael_Caraway
@lynda The best thing online! Your database of courses is great! To the mark and very helpful. Thanks! @ru22more
Got to create something yesterday I never thought I could do. #thanks @lynda @Ngventurella
I really do love @lynda as a learning platform. Never stop learning and developing, it’s probably our greatest gift as a species! @soundslikedavid
@lynda just subscribed to lynda.com all I can say its brilliant join now trust me @ButchSamurai
@lynda is an awesome resource. The membership is priceless if you take advantage of it. @diabetic_techie
One of the best decision I made this year. Buy a 1yr subscription to @lynda @cybercaptive
guys lynda.com (@lynda) is the best. So far I’ve learned Java, principles of OO programming, and now learning about MS project @lucasmitchell
Signed back up to @lynda dot com. I’ve missed it!! Proper geeking out right now! #timetolearn #geek @JayGodbold

Are you sure you want to delete this note?

No

Thanks for signing up.

We’ll send you a confirmation email shortly.


Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

Keep up with news, tips, and latest courses with emails from lynda.com.

Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

   
submit Lightbox submit clicked
Terms and conditions of use

We've updated our terms and conditions (now called terms of service).Go
Review and accept our updated terms of service.