Musubu IP Threat Blocker Review: A Simple WordPress Firewall
If you want to secure your WordPress site, a firewall is a great way to stop malicious actors before they can damage or spam your site.
Firewalls play a key role in most of the popular WordPress security plugins. But some of the existing firewalls out there are tough to set up, are pricey, and/or come with a bunch of other features that you may or may not want.
In our Musubu IP Threat Blocker review, we’ll take a look at a new WordPress security plugin that offers an affordable and dead simple way to protect your WordPress site with a firewall.
Musubu IP Threat Blocker Review: How Does It Work?
Musubu IP Threat Blocker is a WordPress application firewall (or WAF). Essentially, what this means is that when someone/something tries to connect to your WordPress site, Musubu IP Threat Blocker will analyze that IP address before it’s allowed to access your site.
If it’s a normal human visitor, they’ll just see your site as they normally would. But if it’s a malicious visit — like a spam bot — Musubu IP Threat Blocker will block that visit so that it can’t try to attack you, spam you, etc.
One of the key differentiators between Musubu and other WordPress security plugins is its simplicity. It’s super easy to set up, while still letting you connect to a smart API service to score incoming threats.
In contrast, some of the other simple firewalls that you find at WordPress.org are just a static set of rules, rather than tools that actually score individual IP addresses.
How Does Musubu IP Threat Blocker Detect Bad Traffic?
In order to determine whether an IP address is safe or not, Musubu IP Threat Blocker connects to the Musubu API.
The Musubu API then analyzes and scores each IP address to detect potential threats.
By default, the plugin will do this automatically. But if you want more control, you can also target specific threat levels or countries with the firewall.
Hands-On: How to Set Up IP Threat Blocker
Setting up Musubu’s IP Threat Blocker is super easy, which is one of the appeals of the plugin.
Once you install and activate the plugin, pretty much the only thing you need to do to start securing your site is get your Masubu API key.
You can get your API key from the Musubu IP Threat Blocker website. Then, all you need to do is enter the email associated with your API key in your WordPress dashboard:
Once you click Save, you should see a success message and Musubu IP Threat Blocker starts working right away.
Setting Up Your Block Mode
Musubu IP Threat Blocker is super easy to use, which is one of the draws of this plugin over other security plugins.
In fact, if you’re happy to use the Automatic block mode, you literally don’t need to configure a single setting — Musubu IP Threat Blocker just automatically starts filtering traffic as soon as you activate it with your API key.
With Automatic mode, the plugin automatically sets thresholds for each visitor’s:
- Threat score – a score from 1-100 that estimates the threat level from an IP address. In Automatic mode, the plugin blocks any IP address with a score higher than 80, as defined by Musubu’s 24/7 monitoring.
- Threat class – the type of threat that an IP address has been identified as.
- Country – the country where the IP address is located.
If a visitor/IP address exceeds that threshold, Musubu IP Threat Blocker will automatically block it – you literally don’t need to do anything.
If you’d prefer more manual control, you can also activate Manual mode.
With Manual mode, you can define your own scores, classes, and countries.
For example, you can set the threat score anywhere from 1 to 100.
You can also choose which threat classes to block. The full list is:
- Brute force
- Tor hidden bridges
Finally, you can choose specific origin countries to block. For example, my Vietnamese compatriots have somewhat of a reputation for malicious traffic, so you might want to block all Vietnamese traffic if you don’t do any business in Vietnam.
For the Threat Class and Country of Origin options, you can select as many options as needed:
If you’re not sure what all of those terms mean, I’d recommend just sticking with the Automatic mode as it’s a lot simpler and Musubu is automatically set up to block malicious requests.
And that’s it for setting up the plugin – you’re ready to start blocking malicious traffic!
Analyzing Blocked Traffic
I’m not sure how to test the threat score and threat class features, but I did want to play around with Musubu’s firewall so I set up some country blocking rules and visited my test site with a VPN to see if Musubu could successfully filter out traffic.
My test was a success – I set up a Thai country filter, connected to a Thai VPN, and then got this when I tried to visit my test site:
The error uses 503 headers, if you’re wondering.
So — success! All the visitors from Thailand will see that message.
Additionally, you’ll see a summary of each blocked visit in the Blocked IP Addresses section.
For example, when I connected to a Thai server on my VPN, I received a threat score of 40, which seems appropriate given that I’m using a public VPN IP address:
Changing the Message for Blocked Traffic
You can’t customize the message that blocked visitors see from the plugin’s interface, but the code is easy enough to find in the plugin’s file, so I imagine you could write a filter to modify it if you want.
For example, I was just playing around in the plugin’s code like this:
Don’t modify the plugin’s code directly – it will get overwritten when you update. This is just for fun.
And now we have a fun personalized error message:
It would be nice to be able to edit this error message from the plugin’s settings, though. I mean, most people who get flagged are probably bots so it doesn’t matter. But if you’re setting up a country blocker regardless of someone’s threat level, telling them why you’ve blocked them is a little more user-friendly.
Musubu IP Threat Blocker Pricing
The Musubu IP Threat Blocker plugin is available for free at WordPress.org, but you’ll need a paid API key to connect to the Musubu API to actually analyze traffic to your site.
License keys are affordable, starting at just $20 per site per year with discounts for volume purchases.
Here are the per-site prices based on volume:
- 1 site – $20
- 2-5 sites – $19
- 6-10 sites – $18
- 11-25 sites – $17
- 26+ sites – $15
Final Thoughts on Musubu IP Threat Blocker
The big thing that sticks out to me about Musubu IP Threat Blocker is simplicity.
If you use the automatic protection option, literally all you need to do is:
- Install the plugin.
- Enter your email address and click a button.
- …that’s it.
It achieves this simplicity by focusing on one thing – a web application firewall.
So if you want a simple way to secure your WordPress site (or your clients’ sites), give Musubu IP Threat Blocker a look.