I recently attended WordCamp Raleigh 2019, where they celebrated their 10th anniversary. I’m proud to say that I’ve been to every single one of those WordCamps. WordCamps are fascinating things – it’s a place for both beginners and developers to meet and converse.
At WordCamp Raleigh 2019, I had the privilege of meeting the developer (Vasyl Martyniuk) behind the very popular plugin Advanced Access Manager. The plugin currently has over 100,000+ installations. AAM allows the website administrator to perform some very intricate manipulation of what a visitor to your website can access. You can even write policies, very reminiscent of Amazon’s IAM policies, to fine-tune how visitors access your site and content.
In this particular instance, I want to explain how to use AAM to extend the functionality of tinyShield to redirect visitors who are potentially blocked by tinyShield to an actual block page instead of just a 403 error code. One could argue from a usability standpoint that redirecting a blocked user to a page that informs them of being blocked is better than just giving them the error. The following tutorial assumes that you have both plugins already installed, and that you already have purchased the Plus Package Extensions from AAM.
Step 1: First, simply create a new page on your site that you wish your soon-to-be-blocked visitors to be redirected to if they are blocked by tinyShield. This could be as simple as a page called Blacklisted IP and a description of why they may have been blocked. The important part of this page is the slug. Copy that and we’ll use it later.
Step 2: Go to the AAM menu and then Access Policies. From there, create a new access policy. Give it a simple name, something like redirect_blacklisted_ips. In the Policy Document section of the page, copy and paste the following policy. Ensure you replace the “Statement->Metadata->Redirect->Slug” with the Slug of the page you created in Step 1. In our code, it is currently denoted by “blacklisted-ip”
Step 3: Assign our newly created policy to only visitors to our site.
Step 4: Next, ensure that the Plus Package is activated under AAM->Extensions.
That’s it! Now, any time your site is visited by someone who is appears in the tinyShield blacklist, they will get a nice notification on your block page instead of the default 403 Forbidden error. I’d highly recommend that you place some text in your block page notifying the blocked user on how to contact you in case they are blocked. That way you can whitelist them.