Advanced IP Blocker -- WordPress 插件

开发者	inilerm
更新时间	2025年7月17日 21:13
捐献地址:	去捐款
PHP版本:	7.4 及以上
WordPress版本:	6.8.2
版权:	GPLv2 or later
版权网址:	版权信息

Advanced IP Blocker is your all-in-one security solution to safeguard your WordPress website from a wide range of threats. This plugin provides a comprehensive suite of tools to automatically detect and block malicious activity, including brute-force attacks, vulnerability scanning, and spam bots. With its intuitive and newly redesigned interface, you can easily manage whitelists, blocklists, and view detailed security logs to understand exactly how your site is being protected. Whether you're a beginner or an experienced administrator, Advanced IP Blocker gives you the control you need to secure your digital presence. Key Features:

Intelligent Web Application Firewall (WAF): Proactively block malicious requests based on patterns (SQLi, XSS, LFI) before they can harm your site.
Request Rate Limiting: Automatically prevent DoS attacks, brute-force attempts, and aggressive crawlers by temporarily blocking IPs that make too many requests.
Block by ASN: Block entire networks by blacklisting the Autonomous System Numbers (ASN) of known malicious hosting providers, proxies, or VPNs.
Country Blocking (Geoblocking): Easily block traffic from entire countries with a user-friendly selector and real-time API key verification.
Threshold-Based Blocking: Automatically block IPs and CIDR ranges based on configurable thresholds for 404 errors, 403 errors, and failed login attempts.
Advanced Login Protection: Secure your login page by disabling XML-RPC, preventing user enumeration, and restricting wp-login.php access to whitelisted IPs.
Google reCAPTCHA Integration: Shield your login and registration forms from bots by integrating Google reCAPTCHA (v2 & v3).
Honeypot & User-Agent Traps: Instantly ban bots and scanners that access decoy URLs or use malicious User-Agent strings.
Active User Session Management: View all logged-in users in real-time, see their location, and terminate their sessions remotely.
Full WP-CLI Support: Manage every aspect of the plugin via the command line, ideal for developers and system administrators.
Configuration Management: Easily back up and migrate your complete plugin configuration with the Import/Export feature.
Detailed Event Logging: Keep track of all security events with detailed, sortable, and filterable logs for each protection module.

This plugin gives you the power to see who is trying to access your site and to stop threats before they become a problem.

Upload the advanced-ip-blocker folder to the /wp-content/plugins/ directory.
Activate the plugin through the 'Plugins' menu in WordPress.
A new "Security" menu item with a shield icon will appear in your admin sidebar. All settings are located there.
It is highly recommended to visit the Settings > Status & Debug tab to ensure your IP and your server's IP are whitelisted.

8.4.1 - The Sentinel Update: WAF, Rate Limiting & ASN Blocking

NEW MAJOR FEATURE: Web Application Firewall (WAF). A new proactive security layer has been added! You can now create custom rules (using regular expressions) to inspect and block malicious requests (SQLi, XSS, LFI) before they hit WordPress. A comprehensive list of recommended rules is provided.
NEW MAJOR FEATURE: Request Rate Limiting. Automatically detect and temporarily block IPs that send an excessive number of requests, providing robust protection against application-level DoS attacks, brute-force attempts, and aggressive scrapers.
NEW MAJOR FEATURE: ASN Blocking. You can now block entire networks by blacklisting their Autonomous System Number (ASN). This is a powerful tool to stop traffic from known malicious hosting providers, proxies, and VPN services.
MAJOR UX/UI OVERHAUL: Redesigned Admin Navigation. The entire plugin navigation has been re-architected into a modern, two-level tab system ("Settings", "Blocking Rules", "IP Management", "Logs & Sessions"). This new structure is more intuitive, scalable, and fully responsive, using a horizontally scrollable menu on mobile devices.
Enhancement: Floating "Save Changes" Bar. The main settings page now features a smart, floating save bar that appears only when changes have been made, preventing users from accidentally leaving the page without saving. It includes a "Discard" option with a custom confirmation modal.
Enhancement: "Duration" Column. The "Blocked IPs" table now includes a "Duration" column, clearly showing how long each temporary block will last (e.g., "5 minutes", "24 hours") or if it's "Permanent".
Enhancement: Default Geolocation Provider. The default provider for new installations is now ip-api.com to ensure out-of-the-box support for ASN blocking without requiring an API key.
Fix: Resolved a critical bug that could prevent the plugin from being reactivated due to how the activation hook was called.
Fix: Addressed multiple logic flaws that could cause double-blocking scenarios (e.g., an IP blocked by Rate Limit being re-blocked for 403 errors).
Fix: Corrected all links in the Admin Menu and Admin Bar to work with the new navigation structure.
Fix: Ensured all new features (WAF, Rate Limiting, ASN) are fully integrated with the Import/Export, uninstall.php, logging, and WP-CLI systems.
Fix: Corrected HTML escaping issue that prevented links from rendering correctly in setting descriptions.
Tweak: Updated all help text, feature lists, and WP-CLI documentation to reflect the new capabilities.
Tested up to WordPress 6.8.2

8.4.0 - Major Feature & Stability Update

New Feature: Admin Bar Menu & Block Counter! Added a quick-access "Security" menu to the WordPress admin bar, featuring a live counter of currently blocked IPs. This provides immediate visibility of the plugin's activity. The counter is also displayed in the admin side menu and on the "Blocked IPs" tab for enhanced consistency.
New Feature: Smart XML-RPC Dependency Detection. Added a new diagnostic tool in the "Status & Debug" tab that automatically detects active plugins (like Jetpack or WPML) that may rely on XML-RPC, helping users make an informed decision before disabling it.
New Feature: Advanced Login Log. The "Login Failure Log" table has been enhanced with new "Method" and "URL" columns, providing crucial insights into the vector of brute-force attacks (e.g., wp-login.php vs. xmlrpc.php).
Enhancement: Professional Admin Dropdown Menus. The main admin tabs and the top bar menu now use nested submenus for better organization and a cleaner, less cluttered interface.
Enhancement: UI/UX Polish. Improved various UI elements, including the "per page" selector in tables (now reloads instantly without an extra button click) and the styling of notification counters.
Fix: Resolved a major bug where updating the plugin could cause active IP blocks to be cleared prematurely, especially on sites with persistent object caching. A new resync_block_transients function now runs on activation to ensure block integrity.
Fix: Corrected a logic error that caused the "Clear Log" button to not work for the new WP-Cron log tab.
Fix: Addressed several UI redirection bugs, including an issue where exporting settings would fail and redirect to an incorrect page.
Tweak: Default geolocation provider for new installations is now geoiplookup.net for enhanced security (HTTPS by default).
Tweak: All code has been reviewed for stability and adherence to WordPress coding standards.

8.3.9

New Feature: Full configuration Import/Export for easy backups and migration.
New Feature: Real-time AJAX verification for Geolocation API keys.
Enhancement: Added full support for blocking and whitelisting CIDR and IP ranges.
Enhancement: All log tables now display parsed device and OS information for easier identification.
Enhancement: Greatly improved WP-CLI command documentation and added a new provider command for Geolocation APIs.
Enhancement: Optimized admin performance by using a "just-in-time" cleanup for expired IPs.
Fix: Resolved a critical bug where incorrect details were saved for threshold-based blocks.
Fix: Fixed multiple bugs in WP-CLI related to Geoblocking and option handling.
Fix: Corrected an issue where settings were not being saved correctly due to a form conflict.
Fix: Resolved data not being fully removed on uninstall when the option was selected.

8.3.8

New: Added Google reCAPTCHA (v2 & v3) protection for the WordPress login form.
Tweak: All settings are now fully manageable via WP-CLI.
Tweak: Added detailed audit logs for any changes made to reCAPTCHA settings.

8.3.7

NEW SECURITY FEATURE: Whitelist-Only Login. Added a highly-secure option to restrict wp-login.php access to whitelisted IPs.
NEW SECURITY FEATURE: User Enumeration Protection. Added options to prevent username discovery via REST API and author scans.
ENHANCEMENT: All email notifications now use a professional HTML template.

8.3.6

FIX: Buttons to save changes in the configuration tab
Tweak: Updated Spanish translations.
Tweak: Updated internal image assets for a refreshed look.

8.3.5

Tweak: Updated internal image assets for a refreshed look.

8.3.4

NEW FEATURE: Login Failure Log Tab. A new dedicated "Login Log" tab has been added to the admin panel, allowing administrators to easily view all failed login attempts, including the IP address and the username that was attempted. This completes the set of security logs, providing full visibility into all types of automated attacks.
ENHANCEMENT: Interactive Admin Notices. The contextual warnings (e.g., when blocking the server's country) now include an "Add to Whitelist" button, allowing administrators to immediately resolve potential issues with a single click.
ENHANCEMENT: Improved Email Templates. All email notifications, including those for threshold-based blocks (404, 403, login), now use a professional HTML template with the plugin logo and a clear, easy-to-read layout. A "View Blocked IPs" button has also been added for quick access.
ENHANCEMENT: Full Admin Logging for WP-CLI. All actions performed via WP-CLI that modify data (blocking, whitelisting, changing settings, etc.) are now correctly recorded in the "General Log", ensuring a complete audit trail.
TWEAK: Flexible Logo Display. The plugin's header and email templates now correctly handle both square and rectangular logos without distortion, improving brand customization.
FIX: Addressed a bug where the WP-CLI command geoblock remove could fail if the data was not in the expected format.
FIX: Solved a critical error in WP-CLI when running whitelist add due to a missing internal function.
FIX: Corrected minor visual bugs in tables and controls on mobile devices, ensuring full interface consistency.

8.3.3

MAJOR UX/UI OVERHAUL: The entire admin interface has been redesigned for a more professional, modern, and user-friendly experience.
ENHANCEMENT: New Plugin Header & Card-Style Layout. The settings pages now feature a custom header and a clean, organized card-style layout, making navigation clearer and more intuitive.
ENHANCEMENT: Responsive & Mobile-Friendly Interface. All plugin pages are now fully responsive. The tab navigation switches to a user-friendly dropdown menu on mobile devices, and tables can be scrolled horizontally, ensuring all features are accessible on any screen.
ENHANCEMENT: Improved Table Controls. All data tables now include larger, clearer pagination controls and a new dropdown selector to choose the number of items to display per page.
ENHANCEMENT: Searchable General Log. The General Log tab now includes a search box, making it much easier to find specific events.
TWEAK: Improved Email Templates. Instant notifications and the welcome/setup guide email now use a professional HTML template with the plugin's logo and direct links.
TWEAK: Admin Action Logging. All manual actions performed by an administrator (blocking, whitelisting, clearing logs, etc.) are now recorded in the General Log with the corresponding username for better auditing.
FIX: Addressed an issue where admin notices from other plugins could interfere with the plugin's interface.

8.3.2

ENHANCEMENT: Major Upgrade to Status & Debug Tab. The diagnostic tab is now a professional-grade tool. It uses an advanced detection system to accurately identify visitor IPs even behind complex networks like Cloudflare, other CDNs, and proxies. It clearly displays the detection method, the proxy chain, and CDN-specific information (like Ray ID and country), making it an invaluable tool for troubleshooting.
ENHANCEMENT: Cleaner Admin Interface. The plugin's admin pages now hide distracting notices from other plugins and WordPress core, providing a much cleaner, focused, and more professional user experience.
FIX: Removed UI "Flicker". A visual "flicker" or "jump" of the admin notices that occurred on page load has been completely eliminated, resulting in a smoother and more polished interface.
TWEAK: Improved Server IP Detection. The mechanism for auto-detecting the server's own IP address (used for auto-whitelisting) has been made more robust to work reliably across a wider variety of hosting environments.

8.3.1

UX ENHANCEMENT: Improved Admin Tables. All data tables (Blocked IPs, Whitelist, Logs, etc.) are now more user-friendly. Pagination controls are larger and clearer, and you can now select the number of items to display per page (20, 50, 100, or 200).
UX ENHANCEMENT: Responsive Admin Interface. The entire plugin settings area is now fully responsive. The main tab navigation switches to a user-friendly dropdown menu on mobile devices, and tables can be scrolled horizontally, ensuring a great experience on any screen.
UX ENHANCEMENT: Searchable General Log. The General Log tab now includes a search box, making it much easier to find specific events or audit the activity of a particular IP address.
TWEAK: Added Helper Descriptions. Added descriptive helper texts below the threshold and duration settings to better explain what each option does.
TWEAK: UI Polish. Minor visual adjustments to the admin panel header and layout for a cleaner and more professional look.
FIX: Fixed an issue where admin notices from other plugins could appear within the plugin's header. The interface is now cleaner and only shows relevant notices.

8.3.0

NEW FEATURE: Country Blocking (Geoblocking)! A highly requested feature is here! You can now easily block or allow access from entire countries via a user-friendly selector in the Settings tab. The plugin also includes smart warnings to prevent you from accidentally blocking your own server or admin IP address.
NEW FEATURE: Status & Debug Tab. A new diagnostic tab has been added to help you and your hosting support troubleshoot IP detection issues, especially on sites behind a CDN or proxy. It shows you exactly what IP the plugin detects for your server and your session.
NEW FEATURE: Test Email Button. A new button in the Email Notifications settings allows you to instantly send a test email, helping you verify that your WordPress site's email configuration is working correctly.
UI ENHANCEMENT: Redesigned Admin Panel. The entire plugin interface has been updated with a more professional and modern look, including a new header, cleaner tabs, and a "card-style" layout for better organization.
UX ENHANCEMENT: Improved Table Controls. All data tables (Blocked IPs, Whitelist, Logs) now feature improved, larger pagination controls and a new dropdown selector to let you choose how many items to display per page (20, 50, 100, or 200).
UX ENHANCEMENT: Searchable General Log. The General Log tab now includes a search box, making it much easier to find specific events or audit the activity of a particular IP address.
UX ENHANCEMENT: Responsive & Mobile-Friendly. The plugin's admin pages are now fully responsive. The tab navigation switches to a user-friendly dropdown menu on mobile devices, and tables can be scrolled horizontally, ensuring a great experience on any screen size.
ENHANCEMENT: Whitelist Details. The whitelist table now includes a "Details" column to explain why an IP was added (e.g., "Server IP (auto-added)", "Manually added"), giving you more context.
ENHANCEMENT: Robust IP Detection. The logic for detecting both the server's and the visitor's IP address has been significantly improved to be more reliable on complex hosting environments, especially those using CDNs like Cloudflare.
FIX: A bug where filtering the "Blocked IPs" list by "404 Error" would not return any results has been resolved.
FIX: A critical error in WP-CLI that occurred when adding an IP to the whitelist has been fixed. The CLI is now fully autonomous and synchronized with the admin panel.
TWEAK: Added common false-positive URLs (like /.well-known/traffic-advice from Google) to the default exclusion list to improve out-of-the-box compatibility.

8.2.1

**Credit tab info update.
**New Spanish translations.

8.2.0

NEW FEATURE: Country Blocking (Geoblocking)! You can now block access from entire countries via a user-friendly selector in the settings.
NEW FEATURE: Test Email Button. A new button in the settings allows you to instantly verify if your WordPress site's email configuration is working correctly.
ENHANCEMENT: Smart Geoblock Warnings. The plugin now detects the country of your server and your own admin IP, providing contextual warnings to prevent you from accidentally blocking yourself or your server.
ENHANCEMENT: Whitelist Details. The whitelist table now includes a "Details" column to explain why an IP was added (e.g., "Server IP (auto-added)", "Manually added").
ENHANCEMENT: WP-CLI. Added new WP-CLI commands to manage the geoblocking feature (wp advaipbl geoblock). The CLI help has been improved for all commands.
FIX: Resolved a bug where a filter in the "Blocked IPs" table was not working correctly.
FIX: Solved a critical error in WP-CLI when adding an IP to the whitelist. The CLI is now fully autonomous and synchronized.
TWEAK: Added /.well-known/traffic-advice to the default URL exclusion list to prevent false positives from Google Chrome's prefetch proxy.

8.1.0

TWEAK: Performed a full-code refactoring to unify all internal function, class, and option names to the standard advaipbl prefix, as requested by the WordPress.org review team.
TWEAK: Hardened the plugin to meet WordPress.org guidelines by fixing all reported security (sanitization, escaping, nonces) and internationalization issues.
FIX: Resolved a critical bug where WP-CLI commands were not synchronized with the admin dashboard due to inconsistent option names.
FIX: Fixed a bug that prevented the "Delete all data on uninstall" feature from working correctly.
FIX: Corrected JavaScript errors related to AJAX actions in the User Sessions panel.

8.0.2

Fix: Resolved a bug that could cause a critical error page when a previously blocked user triggered a new type of block (e.g., 404 errors).
Fix: Ensured all text strings throughout the plugin are correctly internationalized and updated the translation template (.pot) file.
Fix: Corrected all ERROR and major WARNING level issues reported by the WordPress.org Plugin Check tool.
Tweak: Improved security by hardening data sanitization and output escaping across all admin pages.
Tweak: Refined WP-CLI command handling to meet strict WordPress coding standards.

8.0.0

Initial public release on the WordPress.org repository.

Advanced IP Blocker

标签

下载

详情介绍:

安装:

屏幕截图:

升级注意事项:

常见问题:

更新日志: