Hi, is it possible to increase the normal ban time beyond 999 minutes, for example, to 1 week?
Is there any way to change it?
The plugin’s maximum time (999 minutes) is too short for me to block accesses that are clearly vulnerability scans, or direct attempts to access wp-login, which I don’t use.
Thank you very much.
In terms of security in 2025, increasing the normal ban time beyond 999 minutes is no longer very useful and it can even become harmful for real users.
Attackers today rarely use a single fixed IP
They typically operate from subnets or IP ranges, often coming from cloud servers, proxies, VPNs, or distributed botnets. Their IPs change constantly, and they adapt to your patterns:
They detect your security rules and adjust their behavior.
Some “baby AIs” already perform low-noise attacks: they stay below your thresholds, scan slowly, leave, switch IPs, come back later, etc.
Because of this, long-term bans on individual IPs rarely stop modern attackers.
On top of that, very long bans can cause collateral damage:
Many IPv4 subnets are used by real users with dynamic IPs. By banning a single malicious IP for a very long time, you may end up blocking an entire subnet used by legitimate visitors or customers.
In practice, shorter or medium-length bans are usually enough, because your security plugin will automatically re-block the next malicious attempt anyway.
Also, for example, WP Cerber displays the IP prefixes, which makes it easy to see whether the source is:
a datacenter server,
a residential ISP user,
or an automated robot network.
This lets you decide when blocking a subnet makes sense, and when it would be dangerous to do so.
From a modern security point of view, extremely long ban times are not necessary and often create more problems than they solve.
Additionally, you also need to consider that the same tools attackers use against your project are the same tools real users rely on to browse the internet.
This makes the situation even more complex: people today often use VPNs, custom proxies, private relay systems, shared subnets, and home proxy setups
So distinguishing an attacker from a legitimate visitor becomes much harder.
1 Like