Category Archives: WordPress

Cloudflare Location Check

Recently I had a client come to me with a very interesting problem. They have multiple web servers running behind a Cloudflare load balancer and the majority of those requests flow through the load balancer and are directed properly. However, there were still a number of requests that would make it through straight to the origin IP’s. The majority of those requests were often attempts at common WordPress exploits or simply plugin scanning looking for vulnerable plugins. If those requests were properly going through Cloudflare they would be dealt with by the Cloudflare firewall but by using the IP address these bad actors were able to bypass that layer of security.

Thankfully Cloudflare has a way to check to see if the request actually passed through Cloudflare if the website has turned on the Cloudflare IP Geolocation. That service automatically adds the country code value passed along in the CF-IPCountry request header to the origin web server. If you want to know more about the Cloudflare IP Geolocation check out their support document.

The logic is pretty simple, if the request does not have the CF-IPCountry request header then the request did not pass through Cloudflare (and the Cloudflare Firewall) so redirect the request back to the fully qualified domain name.

/**
* Cloudflare Location Check
*
* Checks for the Cloudflare location header. This is only there if the visitor has come through Cloudflare.
* If the request does not have this it is direct access and should be redirected to the host name
*
*/
function lgr_cflocation_check () {
//the country header is added by Cloudflare. If it is not there then this is direct IP access and needs to be redirected.
if( !$_SERVER["HTTP_CF_IPCOUNTRY"] ) {
//send them to the full URL which should add it.
header("Location: ".home_url().$_SERVER['REQUEST_URI']);
die();
}

}
add_action( 'init', 'lgr_cflocation_check' );

If you are having problems with direct access to your website through the IP address this might help you.

WordPress GDPR Plugins

WordPress GDPR Plugins

For the record I am not a lawyer and I will not guarantee that any of the content below will help you in being GDPR compliant. Normally I don’t pay a lot of attention to laws coming out of the European Union, because frankly I live in Canada and for the most part their laws… Continue Reading

7 Essential WordPress Plugins in 2017

7 Essential WordPress Plugins in 2017

If you are just starting out with WordPress it can be daunting. The huge amount of themes and plugins to choose from is huge, not to mention the learning curve of purchasing a domain name, setting up your hosting, installing WordPress and eventually getting to writing and publishing your website. Adding in more things like… Continue Reading

CloudGuard

CloudGuard

It was not long ago that I was looking for a way to block visitors from some countries on some of my clients websites. The sites really only needed to be accessible from North America and did not need to be exposed to the extra visitors, bandwidth and possible hackers that might just want to… Continue Reading

UTF8 Sanitize

UTF8 Sanitize

There are times when little problems pop up using WordPress that you just might not expect. Most users don’t know or care about what character encoding their computer and browser are using but when that character encoding is different from what WordPress uses it can lead to some odd problems. Usually the tell tale sign… Continue Reading

Spam, Spam and More Spam

Spam, Spam and More Spam

As long as there has been the ability to leave comments on websites there has been spam. I recall creating a guestbook for a client once and even though the guestbook used a captcha it did not take long before it started to become overwhelmed with spammy comments. Fighting spam has become so difficult in… Continue Reading

Slow WordPress Queries

I love working with WordPress, it makes so many things easier for clients and it gives me as a web developer a great deal of flexibility to extend and offer to clients what they need for their websites. Unfortunately there are also times working with WordPress makes me scratch my head, this was one of… Continue Reading