Defend on WordPress, PHP, and other crawlers

Introduction

I have been using Vercel for hosting this website for a while now. One of the features I recently discovered is the Vercel Firewall, which allows you to block requests based on various criteria. This is particularly useful for blocking unwanted crawlers, bots, and other malicious traffic.

In this post, I will show you how to set up rules to block WordPress, PHP, and other unwanted crawlers using the Vercel Firewall.

Setting Up the Firewall Rules

To get started, navigate to your project settings in the Vercel dashboard and look for the "Firewall" section. Here, you can create custom rules to block specific types of requests.

Blocking PHP Requests

Since this website is built with Next.js and doesn't use PHP, any request for PHP files is likely from a bot or crawler trying to exploit vulnerabilities. I created a custom rule to deny .php requests. Here's what it looks like:

Vercel Firewall rule configuration showing how to block PHP requests — Vercel Firewall rule configured to deny all requests ending with .php extensions

Results

It's fascinating to see how many requests this small website receives from crawlers. Thanks to the Vercel Firewall, the majority, many categorized as DDoS attacks, are now effectively blocked, improving both security and performance.