Advanced IP Blocker
| 开发者 | inilerm |
|---|---|
| 更新时间 | 2025年6月27日 06:35 |
| 捐献地址: | 去捐款 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 6.8 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
详情介绍:
- Behavioral IP Blocking: Automatically blocks IPs that generate too many 404 (Page Not Found) or 403 (Forbidden) errors.
- Login Protection: Thwarts brute-force attacks by blocking IPs after multiple failed login attempts.
- Honeypot System: Instantly blocks bots that scan for common vulnerabilities by trapping them in "honeypot" URLs.
- User-Agent Filtering: Block known malicious User-Agents from bots, scrapers, and vulnerability scanners.
- Whitelist Control: Easily create whitelists for IPs and User-Agents (like search engine bots) to ensure they are never blocked.
- Active Session Management: View all logged-in user sessions, see their location, and terminate them remotely if needed.
- Detailed Logging: Keep a clear audit trail of all blocks, unblocks, and security events.
- WP-CLI Ready: Manage every aspect of the plugin directly from the command line, perfect for developers and system administrators.
- Lightweight and Performant: Designed to have a minimal impact on your site's performance.
安装:
- Upload the
advanced-ip-blockerfolder to the/wp-content/plugins/directory. - Activate the plugin through the 'Plugins' menu in WordPress.
- Go to
Settings > Advanced IP Blockerto configure the options. Your administrator IP will be automatically whitelisted on activation.
屏幕截图:
常见问题:
Does this plugin slow down my website?
No. The plugin is designed to be extremely lightweight. Most of the intensive operations happen in the WordPress admin area. For regular visitors, the checks are based on highly efficient WordPress transients (cached data), resulting in a negligible impact on page load times.
What is a "Honeypot"?
A honeypot is a trap for bots. Bots often scan for specific files or URLs that are known vulnerabilities (e.g., wp-config.php). By adding these to the Honeypot list, you can instantly block any bot that tries to access them, as no legitimate user would ever request those URLs.
Which Geolocation Provider should I use?
For most users, geoiplookup.net is the recommended choice as it's free and uses a secure (HTTPS) connection without requiring an API key. If you need higher request limits, consider getting a free or paid key for one of the other supported services.
Can I manage the plugin without logging into WordPress?
Yes! The plugin has full WP-CLI support. You can block/unblock IPs, manage whitelists, view logs, and change settings directly from your server's command line. Run wp help advaipbl for a full list of commands.
更新日志:
- TWEAK: Performed a full-code refactoring to unify all internal function, class, and option names to the standard
advaipblprefix, as requested by the WordPress.org review team. - TWEAK: Hardened the plugin to meet WordPress.org guidelines by fixing all reported security (sanitization, escaping, nonces) and internationalization issues.
- FIX: Resolved a critical bug where WP-CLI commands were not synchronized with the admin dashboard due to inconsistent option names.
- FIX: Fixed a bug that prevented the "Delete all data on uninstall" feature from working correctly.
- FIX: Corrected JavaScript errors related to AJAX actions in the User Sessions panel.
- Fix: Resolved a bug that could cause a critical error page when a previously blocked user triggered a new type of block (e.g., 404 errors).
- Fix: Ensured all text strings throughout the plugin are correctly internationalized and updated the translation template (
.pot) file. - Fix: Corrected all
ERRORand majorWARNINGlevel issues reported by the WordPress.org Plugin Check tool. - Tweak: Improved security by hardening data sanitization and output escaping across all admin pages.
- Tweak: Refined WP-CLI command handling to meet strict WordPress coding standards.
- Initial public release on the WordPress.org repository.