Wordfence "Manual Block by Administrator" (503) WordPress Setup (Don’t Block Legitimate Traffic)

by | 31st August 2018

The Wordfence "Manual Block by Administrator" is an error caused by the way in which the system generally prevents "normal" traffic from accessing a WordPress site due to the way in which it's rate-limited several credentials.

The main cause of the problem is the way in which the system has been designed to block the increasing amount of "referral spam" constantly bombarding websites.

Whilst it generally succeeds in protecting websites, the core issue is that it can often be too zealous - leading to the errors you're experiencing.

Cause

The cause of the problem is Wordfence - a security plugin for WordPress.

Wordfence basically acts as a "firewall" for WP websites, allowing you to block various websites and traffic from accessing your system.

To appreciate the cause of your error, you have to understand that Wordfence works on "blocking" inbound traffic depending upon different criteria attributed to the different requests.

The error shows as follows:

Your access to this service has been temporarily limited. Please try again in a few minutes. (HTTP response code 503)

Reason: Manual block by administrator

Important note for site admins: If you are the administrator of this website note that your access has been limited because you broke one of the Wordfence advanced blocking rules. The reason your access was limited is: "Manual block by administrator".

The reason it shows is down to how Wordfence blocks inbound traffic.

Each time someone accesses a website, a series of "HTTP Headers" are appended to the request, which let the server know about everything from the system's operating system, to IP address to the referral website that originally sent it.

The big problem we've got with your site/app is that it is blocking traffic which it deems to be rogue, but is actually legitimate.

The main reason is due to the "rate limiting" feature of the system (which basically prevents multiple requests from the same source in a short space of time -- typical of many "referral SPAM" attacks).

The fix is to ensure Wordfence is working properly, which can be done using the steps below.

Solution

The general solution to the issue is to ensure that your Wordfence installation is able to operate as effectively as possible.

To do this, you first need to ensure that you are first able to remove any of the ineffective blocks / filters, and then determine the correct way to get it set up.

The most important thing here is that if you're unable to access the site yourself, you may need to forcibly remove the plugin from the site's "plugins" directory. This is the first step; if you already have access - ignore it and start with step 2.

Step 1 - Remove Wordfence From Plugins Directory (ONLY If You Don't Have Any Access To The Site)

The first step is only applicable if you're totally locked out from your site...

  • Log into your hosting account
  • If you're using CPanel, you should look for "File Manager"
  • If you're using some other system, you'll typically have to use "FTP" to access your server
  • Once you have access to the files on your server, look for the following:
  • [WordPress directory]/wp-content/plugins/wordfence/
  • Rename the "wordfence" directory to something like "wordfence_bk" or similar

Once you've done this, try accessing your WordPress website again.

The system should deactivate the Wordfence plugin, allowing you to start using the system again.

If this is the case, you'll then need to install the "WF Assistant" plugin, which allows you to control how Wordfence works without having access to the plugin directly:

  • Click on "Plugins" > "New"
  • Search for "WordPress Assistant"
  • Click "Install" & "Activate"
  • Go to the "WF Assistant" menu
  • Click the button to disable the Wordfence firewall

This will allow you to rename the "wordfence" folder again without getting locked out of your website.

Step 2 - Remove Rate Limitations

If you have access to the WordPress backend / admin area, you need to remove "rate limiting" from the Wordfence settings.

This can be done using the steps below:

  • In WP's admin area, click onto the Wordfence > Dashboard
  • Select "Rate Limiting" and click "Disable"
  • Try accessing the site again

The reason this is important is because Wordfence basically has a built-in tool that's meant to prevent the multitude of fake referral SPAM that's become prevalent now.

Essentially, hackers / spammers will set up VPS servers and then use them to send 100's of requests to different websites every second.

These spam injections have no purpose except to pollute website's referral logs with fake websites - leading to them hopefully being promoted. Obviously, it doesn't work and site owners are left with 100's of fake referrals to deal with.

Wordfence works to recognize these requests by using a "rate limiter". This is a system which allows you to limit the number of requests received from a particular source in any given time.

As such, if you disable this functionality, it should stop the "manual block" error you're seeing.

Step 3 - Manage Rate Limitations

Disabling the Rate Limiter is not a solution in itself; rather a way to gauge whether the system is able to work with it.

The real solution is to have the "rate limiter" enabled, but to ensure that the filters are not causing "real" traffic to be blocked...

  • In WP's admin area, click onto the Wordfence > Dashboard
  • Click on the Rate Limiting link
  • This will open the rate limiting options page
  • Select the following:
  • "If a human's page views exceed 500 per minute then throttle it"

This should ensure that the block is not applied to actual (human) traffic.

If you're still experiencing the error, it means that your underlying Wordfence installation is not set up correctly.

Either removing the plugin entirely, or re-installing a fresh version will typically resolve the issue.



Source by Richard Peck

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Member of The Internet Defence League

Blog Stats

  • 873 hits