We’ve known the Internet has been running out of IP addresses for a while. I’m going to explain how the current addressing scheme works, how the new addressing scheme works and why this matters to WordPress site owners – and what Wordfence is doing about it.
When the Net was first invented we used IP addresses that look like this: A.B.C.D or for example, 126.96.36.199. That is actually a human readable format of what IP addresses really look like. Under the hood, an IP address is actually a really big number. It’s technically a 32 bit unsigned integer which means that it’s a number that ranges from 0 to 4294967295. So intuitively you can figure out that the maximum number of machines that can exist on the Network at any one time is 4294967296 (remember the zero if you’re checking my work) or four billion two hundred and ninety-four million nine hundred and sixty-seven thousand two hundred and ninety-six.
However, many of these addresses are not usable because they are reserved for certain things. So we’re left with a lot less addresses.
In the early 1990s, we started thinking about the fact that we’re going to run out of IP addresses and the first article discussing something called Network Address Translation was published in the January 1993 issue of Computer Communication Review titled “Extending the IP Internet Through Address Reuse.” This evolved into what we today know as Network Address Translation or NAT. NAT has been widely adopted and lets us reuse IP addresses in the legacy IPv4 addressing system.
Around 1994, the Internet Engineering Task Force (IETF) started work on IP version 6 (IPv6) which gives us a lot more addresses. IP version 6 gives us a total of 340282366920938463463374607431768211456 addresses. There are claims that that is enough addresses for every grain of sand on Earth to have it’s own IP address with space left over for another 340 billion planets to have IP addresses for their grains of sand too. But you get the idea – it solves the problem of an IP address shortage with room to spare.
Because NAT has been so effective at solving the IPv4 address shortage problem, the adoption of IPv6 has been slow. This chart shows the percentage of people that access Google using IPv6 – currently at around 6% of visitors:
I’m sure you’re curious at this point about whether or not you are on an IPv6 network. You can use this site to find out if your Internet service provider has put you on an IPv6 network.
So what does an IPv6 address look like? Google’s dedicated IPv6 hostname for their search engine is ipv6.google.com and it’s address is:
Which can be shortened to:
You’ll notice that the leading zero’s have been dropped and there’s a double colon before the 8a that gets rid of the sequential zeroes. IPv6 is really cool because it lets you get rid of zeros that way, and so while the full address for a loopback Interface is:
We can shorten that to:
Now that you have a solid understanding of what IPv6 is, the problem that it solves and what addresses look like, lets talk about IPv6 and WordPress security:
Wordfence now fully supports IPv6
IPv6 is becoming increasingly active on WordPress sites. The frequency with which we receive support requests regarding IPv6 is increasing. But more importantly we are seeing an increase in the emergence of IPv6 specific attack tools and toolkits.
Today we are announcing full support for IPv6 in Wordfence. We have extended all Wordfence functionality to fully support IPv6 including:
IP blocking now tracks and blocks IPv6 addresses.
Whois lookups fully support IPv6 which means you can find out an IPv6 address’s owner and which network it belongs to.
IPv6 addresses appear in live traffic along with their geographic location down to the city level.
Advanced blocking ranges lets you specify IPv6 address ranges to block entire networks.
You can now whitelist IPv6 addresses and are able to use our square bracket and dash notation for IPv6 address ranges you want to whitelist.
We support reverse DNS lookups (PTR lookups) for IPv6 addresses, so when viewing live traffic you will see the hostnames for IPv6 addresses visiting your site.
Falcon fully supports IPv6 which means that when you are running a high performance site and have Falcon enabled, we write any IPv6 addresses and address ranges to your .htaccess as block rules for improved performance.
Wordfence also rate limits, blocks and locks out from login any malicious IPv6 addresses attacking your site.
You can also specify IPv6 addresses you want to ignore in live traffic.
This is a major version release which takes us up to Wordfence 6.0.1
This is a big release and is a major improvement in Wordfence and we are therefore incrementing our major version number to 6, which makes this Wordfence 6.0.1.
Update: Wordfence 6.0.2 was released shortly after 6.0.1 today with a minor improvement to help migrate legacy IPv6 data to our new schema which supports IPv4 and IPv6 data.
We are also passing 6 million downloads this week!
We’re excited to continue to provide a high quality security product to the WordPress community and I’d personally like to thank every one of you for your continued support. I’m proud of our team for delivering this rock solid release and you should expect even more incredible features and improvements soon.
Wordfence’s popularity has increased dramatically over the past 2 years and this week we will roar past the 6 million download mark.
For us this is a big milestone and what comes to mind is Nat King Cole’s Route 66 – IPv6 routing, Wordfence 6.0.1 and 6 million downloads.
Here’s Depeche Mode’s awesome rendition of Route 66. Enjoy!