开发者 | qwebltd |
---|---|
更新时间 | 2024年10月28日 17:26 |
PHP版本: | 5.6 及以上 |
WordPress版本: | 6.7 |
版权: | MIT |
版权网址: | 版权信息 |
Once you've installed and activated the plugin, all you need to do is enter an API access key into the settings page. Access keys are free and can be generated in seconds via the QWeb Ltd API Console. The plugin will automatically determine your own country as soon as you've entered your key, and add this to the allow list. You can add others if you like, but otherwise you're done!
Every time somebody, or something, tries to access your Wordpress admin panel or the XMLRPC mechanism, this plugin looks to see if it already knows the country that their IP address belongs to. If it doesn't, it uses the IP lookup service to find out. If the determined country is listed in your allow list, or for some reason the country can't be reliably determined, access is granted. Otherwise the plugin returns a HTTP 403 response and code execution stops there, meaning that your server doesn't have to waste resources serving complete pages to potentially malicious traffic. Successful lookups are cached for performance, and to reduce the number of requests made to the lookup service.
QWeb Ltd offer a free tier for the IP lookup service, which allows up to 40 daily lookups. This should be enough for the vast majority of Wordpress websites because lookups only happen once per unique IP attempting admin panel access. You can monitor usage via the QWeb Ltd API Console, and if you run out of quota you'll receive a notification by email. Paid tiers are also available if you need more requests, starting at $2 per month.
This plugin is built to only block access if it's absolutely certain that it should. So if the plugin doesn't already have a cached response for a given IP and the API is unavailable, or you've reached your requests quota, the plugin will just allow access for that IP until it manages to determine the correct country for it. This way, you never risk getting blocked out of your own admin panel.
You can see daily usage graphs via the QWeb Ltd API Console. As soon as you've entered your access key, the plugin does a lookup of your own IP to add your country to the allow list, so these graphs should immediately show some data and you'll know that the plugin is working. For performance, this plugin doesn't create any kind of logs directly as this would just slow the admin panel down unnecessarily.
We're a web design agency and manage a number of Wordpress websites, so we primarily built this plugin to ease our own administrative work. Other plugins exist but generally require manually downloading and updating IP databases, and tend to incorporate more features than we needed. We wanted a really simple, zero maintenance plugin and we already had our own IP lookups API for it to use. Once built, it just made good sense to release this for other Wordpress administrators to use. Admittedly, we also hope that if you find this plugin useful, you'd consider using some of our other, paid API services, or if you for some reason need to process a larger number of lookup requests you'd consider one of our paid tiers. There's no necessity for either though, and no real catch at all!
We've made every effort to ensure that this doesn't happen, but if for some reason it does, simply log in to your websites FTP repository and rename /wp-content/plugins/admin-country-allowlist to /wp-content/plugins/disabled-admin-country-allowlist and Wordpress will automatically disable this plugin from firing. If you're still having trouble, please do get in touch and we'll work with you to resolve.
Thanks! You can support us for free by leaving a review and/or telling other people about this plugin or our API services. Or if you'd like to support us financially, simply upgrade your API key to a paid tier as this will give you more daily requests in return. You can also donate to me, Ric, through Ko-fi where I'm currently maintaining a devlog for an MMO game, Argentauria.