We value your privacy

We use cookies to enhance your browsing experience, serve personalised ads or content, and analyse our traffic. By clicking "Accept All", you consent to our use of cookies. Read more.

Customise Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorised as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

  • Cookie
    XSRF-TOKEN
  • Duration
    2 hours
  • Description
    This cookie enhances visitor browsing security by preventing cross-site request forgery.
  • Cookie
    intercom-id-*
  • Duration
    8 months 26 days 1 hour
  • Description
    Intercom sets this cookie that allows visitors to see any conversations they've had on Intercom websites.
  • Cookie
    intercom-session-*
  • Duration
    7 days
  • Description
    Intercom sets this cookie that allows visitors to see any conversations they've had on Intercom websites.
  • Cookie
    intercom-device-id-*
  • Duration
    8 months 26 days 1 hour
  • Description
    Intercom sets this cookie that allows visitors to see any conversations they've had on Intercom websites.
  • Cookie
    _GRECAPTCHA
  • Duration
    6 months
  • Description
    Google Recaptcha service sets this cookie to identify bots to protect the website against malicious spam attacks.
  • Cookie
    rc::a
  • Duration
    Never Expires
  • Description
    This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
  • Cookie
    rc::f
  • Duration
    Never Expires
  • Description
    This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
  • Cookie
    rc::c
  • Duration
    session
  • Description
    This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
  • Cookie
    rc::b
  • Duration
    session
  • Description
    This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

  • Cookie
    yt-remote-device-id
  • Duration
    Never Expires
  • Description
    YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
  • Cookie
    ytidb::LAST_RESULT_ENTRY_KEY
  • Duration
    Never Expires
  • Description
    The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.
  • Cookie
    yt-remote-connected-devices
  • Duration
    Never Expires
  • Description
    YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
  • Cookie
    yt-remote-session-app
  • Duration
    session
  • Description
    The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
  • Cookie
    yt-remote-cast-installed
  • Duration
    session
  • Description
    The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
  • Cookie
    yt-remote-session-name
  • Duration
    session
  • Description
    The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
  • Cookie
    yt-remote-fast-check-period
  • Duration
    session
  • Description
    The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.
  • Cookie
    sp_t
  • Duration
    1 year
  • Description
    The sp_t cookie is set by Spotify to implement audio content from Spotify on the website and also registers information on user interaction related to the audio content.
  • Cookie
    sp_landing
  • Duration
    1 day
  • Description
    The sp_landing is set by Spotify to implement audio content from Spotify on the website and also registers information on user interaction related to the audio content.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

  • Cookie
    _omappvp
  • Duration
    1 year 1 month 4 days
  • Description
    The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
  • Cookie
    _omappvs
  • Duration
    20 minutes
  • Description
    The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.
  • Cookie
    _gcl_au
  • Duration
    3 months
  • Description
    Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
  • Cookie
    _ga_*
  • Duration
    1 year 1 month 4 days
  • Description
    Google Analytics sets this cookie to store and count page views.
  • Cookie
    _ga
  • Duration
    1 year 1 month 4 days
  • Description
    Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
  • Cookie
    _hjSessionUser_*
  • Duration
    1 year
  • Description
    Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
  • Cookie
    _hjSession_*
  • Duration
    1 hour
  • Description
    Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
  • Cookie
    _fbp
  • Duration
    3 months
  • Description
    Facebook sets this cookie to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising after visiting the website.
  • Cookie
    _gh_sess
  • Duration
    session
  • Description
    GitHub sets this cookie for temporary application and framework state between pages like what step the user is on in a multiple step form.

Performance cookies are used to understand and analyse the key performance indexes of the website which helps in delivering a better user experience for the visitors.

  • Cookie
    loglevel
  • Duration
    Never Expires
  • Description
    Squarespace sets this cookie to maintain settings and outputs when using the Developer Tools Console on the current session.

Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.

  • Cookie
    YSC
  • Duration
    session
  • Description
    Youtube sets this cookie to track the views of embedded videos on Youtube pages.
  • Cookie
    VISITOR_INFO1_LIVE
  • Duration
    6 months
  • Description
    YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
  • Cookie
    VISITOR_PRIVACY_METADATA
  • Duration
    6 months
  • Description
    YouTube sets this cookie to store the user's cookie consent state for the current domain.
  • Cookie
    yt.innertube::requests
  • Duration
    Never Expires
  • Description
    YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
  • Cookie
    yt.innertube::nextId
  • Duration
    Never Expires
  • Description
    YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Other uncategorised cookies are those that are being analysed and have not been classified into a category as yet.

  • Cookie
    psdb_session
  • Duration
    2 hours
  • Description
    Description is currently not available.
  • Cookie
    patchstack_src
  • Duration
    1 year 1 month 4 days
  • Description
    Description is currently not available.
  • Cookie
    __Secure-ROLLOUT_TOKEN
  • Duration
    6 months
  • Description
    Description is currently not available.
  • Cookie
    _octo
  • Duration
    1 year
  • Description
    No description available.
  • Cookie
    logged_in
  • Duration
    1 year
  • Description
    No description available.
Powered by Cookieyes logo
Skip to content
Patchstack Docs

Additional settings

Additional protection settings are available for all Patchstack paid plan users.
Protection settings and modules are available for WordPress sites only.

The Additional settings subpage is found at Sites > yoursite.com > Protection > Additional settings in Patchstack App.

Additional settings features

Protection settings

Enable firewall - this toggle enables or disables Patchstack’s firewall. When turned off, your site won’t be protected by virtual patches or firewall rules. However, other security measures (such as IP bans, country blocking, and .htaccess rules) will remain active. We recommend disabling the firewall only for testing purposes.

Enable auto-prepend firewall - this feature is new and currently designated a beta feature. It allows Patchstack to inject the auto_prepend_file variable into the .htaccess file which will let the Patchstack firewall run in all PHP scripts across the entire web-server. This makes it possible to block vulnerabilities in PHP files which are loaded outside WordPress core itself. This feature only works on Apache servers.

User role whitelist

You can whitelist user types from the Patchstack firewall engine. This means that the Patchstack firewall would not run against these user types at all. To whitelist any user type, do the following:

  1. Navigate to your sites’ Protection > Additional settings page in Patchstack App
  2. Look for the User role whitelist section
  3. Toggle the roles, that you wish to whitelist
  4. Click Save settings once the changes have been done.

Country blocking

In case you want to block traffic to your site from certain countries, you can do so in the Country blocking section. To block any country from viewing your site, do the following:

  1. Navigate to your sites’ Protection > Additional settings page in Patchstack App
  2. Look for the Country blocking section
  3. Toggle the Enable country blocking switch
  4. Start typing the name of the country into the country list field
  5. Click on the country name
  6. Scroll down and click on Save settings

Inversed country blocking

Patchstack has also added the option which inverses the country blocking. When “Turn it into whitelist” is checked, the countries which are typed into the country list input, will be the only countries from which the traffic to your site is allowed.

Example case:
If you want to allow traffic ONLY from (for example) Germany:

  1. Type “Germany” into country input field
  2. Check Turn it into whitelist instead
  3. Check Enable country blocking
  4. Click on Save settings

PS! In some rare occurrences, the country blocking feature can cause false positive blockings. We rather recommend using country blocking on a server level.

General whitelist settings

Under the General whitelist settings section, you can manage whitelist settings and add IP address header override rule.

📘 Whitelist

Each rule must be on a new line.

The following keywords are accepted
IP:IPADDRESS
PAYLOAD:someval
URL:/someurl

Definitions
IP = firewall will not run against the IP
PAYLOAD = if the entire payload contains the keyword, the firewall will not proceed
URL = if the URL contains given URL, firewall will not proceed

Example
IP:192.168.1.1
PAYLOAD:contact_form
URL:water
URL:/some-form

In this scenario, the firewall will not run if the IP address is 192.168.1.1 or if the payload contains contact_form or if the URL contains water or if the URL contains /some-form.

📘 IP Address Header Override

If you would like to override the IP address header that we use to grab the IP address of the visitor, enter the value to IP Address Header Override input.

This must be a valid value in the $_SERVER array, for example HTTP_X_FORWARDED_FOR. If the $_SERVER value you enter does not exist, it will fallback to the Patchstack IP grab function so ask your hosting company if you are unsure.

Leave this empty to use the Patchstack IP address grabbing function.

Block IP settings

In this section, you can Block IPs that are a potential threat to your sites.

🚧 Example case:

Patchstack has blocked 5 attacks on your site from one specific IP address in a period of 60 minutes.
You would now want this IP to be blocked.

Type in the following data:

Block IP for 4320 Minutes
After 5 Blocked Attacks
Over A Period of 60 Minutes

Click Save Settings

Now - any IP address which meets all those conditions will be blocked for three days.

📘 IP Block List

Lets you completely block IP addresses by entering each IP address to a new line.

Following formats are accepted:
127.0.0.1
127.0.0.*
127.0.0.0/24
127.0.0.0-127.0.0.255