ES Football Bypass for Cloudflare -- WordPress 插件

开发者	dcarrero
更新时间	2026年4月18日 16:46
PHP版本:	7.4 及以上
WordPress版本:	6.9
版权:	GPLv2 or later
版权网址:	版权信息

ES Football Bypass for Cloudflare is a WordPress plugin created by David Carrero Fernandez-Baillo to help Spanish website owners protect their legitimate sites from collateral damage caused by mass IP blocks ordered during football matches. The project is open source (GPLv2) and available on GitHub: https://github.com/dcarrero/cf-football-bypass The plugin automatically monitors football events in Spain by querying hayahora.futbol and, based on the result, manages Cloudflare DNS records to toggle between Proxied and DNS Only modes. This prevents legitimate visitors from being affected by judicial blocks targeting pirate football streaming. The Problem In Spain, during football matches, mass IP blocks are enforced by judicial orders to combat pirate streaming. These blocks also affect legitimate websites that have nothing to do with football, causing traffic and revenue losses. The Solution When football is detected:

Automatically disables the Cloudflare proxy for selected DNS records
Your website switches to DNS Only mode, avoiding potentially blocked Cloudflare IPs
After the configured cooldown period, automatically re-enables the Cloudflare proxy

Two interface modes: Simple and Advanced Since version 1.9.6 the plugin ships with two interface modes that you can switch from Settings → Interface mode:

Simple (default on new installs, recommended for agency/client sites): shows only the essentials. Block status, manual proxy ON/OFF buttons, basic email notifications on state changes, Cloudflare credentials, bypass behavior and uninstall options. Logs, feed diagnostics panel, staleness threshold, log retention and external cron token are hidden to reduce noise for non-technical users. Logs are still written to disk — you can always switch to Advanced if you need to diagnose something.
Advanced (default on upgrades from earlier versions): shows everything, including the full feed diagnostics panel, the logs tab, the technical console and the advanced options. Ideal for developers, power users, or when you need to diagnose behavior or configure a server-side cron.

There is also a standalone subpage "Is there football now?" that simply answers YES or NO based on the public feed, with a short note about the data source. Perfect to share the link with a final client that just wants to know if there are active blocks right now. Key Features Full Automation

Automatic monitoring every X minutes (configurable 5-60 min)
Automatic bypass activation/deactivation
Integrated WordPress cron system Dual Cloudflare Authentication Support
Global API Key (traditional)
API Token with specific permissions (more secure) Granular Control
Specific DNS record selection (A, AAAA, and CNAME)
Configurable bypass duration (60-600 minutes)
Customizable cooldown interval after disabling Cloudflare
Manual control for special cases Informative Dashboard
Real-time football status
Last check performed
Bypass status (active/inactive) Additional Tools
Cloudflare connection test button
Manual football status check
Manual activation/deactivation buttons
Detailed logging for debugging and auditing
Protected endpoint for external cron

Download and Install
Download the plugin zip file
Extract (or upload the resulting folder) to wp-content/plugins/es-football-bypass-for-cloudflare/
Go to your WordPress dashboard > Plugins > ES Football Bypass for Cloudflare > Activate
Cloudflare Configuration
Go to Settings > ES Football Bypass for Cloudflare
Select your authentication type (Global API Key or API Token)
Enter your Cloudflare credentials
Add your domain's Zone ID
Plugin Configuration
Set the check interval (recommended: 15 minutes)
Adjust the cooldown interval after disabling Cloudflare (default: 60 minutes)
Click "Test connection and load DNS"
Select the DNS records you want to manage
Save the configuration

Getting Cloudflare Credentials For Global API Key:

Go to Cloudflare > My Profile > API Tokens
In "API Keys", copy your "Global API Key"
You will also need your account email For API Token (recommended):
Go to Cloudflare > My Profile > API Tokens
Click "Create Token"
Use the "Custom" template
Required permissions:
Zone:Read (to read zone information)
DNS:Read (to list DNS records)
DNS:Edit (to modify proxy status)

1.9.6

NEW: "Is there football now?" subpage under Operation — a plain YES/NO status panel based on the hayahora.futbol feed, with a short note about the data source. Designed for non-technical users to check at a glance whether there are active La Liga IP blocks
NEW: Optional "Notifications recipient" email field — leave empty to use the site administrator (default), or set a different address to route notifications to a support mailbox or to the final client
UX: Settings page reorganized into clearer sections: Interface mode, Cloudflare Credentials, Bypass behavior (with "Force Proxy OFF during football" now at the top), Email notifications, Uninstall, and Advanced options (only visible in Advanced mode)
UX: Technical options (Staleness threshold, Action logging, Log retention, External cron token) are now grouped under "Advanced options" and hidden in Simple mode to reduce noise for client sites
UX: "Advanced" mode label now explicitly mentions cron settings so users know where to find them
I18N: Plugin now calls load_plugin_textdomain() so the bundled .mo files in /languages/ are picked up when installing from the release zip (previously only translations published on translate.wordpress.org were applied)
I18N: All five bundled languages (es_ES, ca, eu, fr_FR, gl_ES) are now at 100% translation coverage — machine-assisted translations for ca/eu/fr_FR/gl_ES will be refined by the GlotPress community over time

1.9.5

NEW: Feed diagnostics panel on the Operation page (local data.json age and size, last remote fetch status, active blocked IPs count)
NEW: "Clear local cache (data.json)" button to force a clean re-fetch on the next check
NEW: Staleness threshold setting (1-72h, default 6h) — "blocked" states whose last stateChange is older than this are treated as unblocked, preventing orphan entries from keeping the bypass active indefinitely. Overridable via cfbcolorvivo_stale_threshold_seconds filter
NEW: Minimum-ISPs-with-blocks setting (1-20, default 2) — general bypass only triggers when at least N distinct ISPs report blocks simultaneously, reducing false positives from isolated single-ISP outages. Falls back to classic behavior if the feed has no per-ISP information. Overridable via cfbcolorvivo_min_isps_blocked filter
NEW: Feed diagnostics panel now lists the ISPs with active blocks and whether they meet the minimum-ISPs gate
NEW: Optional email notifications to the site admin when the bypass turns on/off automatically, with a 2-minute throttle to prevent bursts. Off by default. Overridable via cfbcolorvivo_email_throttle_seconds filter
NEW: Interface mode setting — "Simple" hides the diagnostics panel, the logs tab and the technical console for non-technical users, leaving only the block status and the manual proxy ON/OFF buttons. "Advanced" shows everything as before. New installs default to Simple; upgrades from 1.9.x and earlier keep the Advanced experience automatically
NEW: External cron settings now show the full request URL and a ready-to-paste crontab example using your current check interval
NEW: "Delete data on uninstall" setting — uncheck it to keep settings, credentials and logs across reinstalls. Cron hook and ephemeral transients are always cleaned up regardless of this setting
SECURITY: Update URI header added to lock updates to WordPress.org (prevents slug hijacking by external sources)
PERF: get_settings() memoized per request, avoiding repeated normalization on the same page load
FIX: Explicit logging when dns_get_record() fails for the site domain
FIX: DateTime parse errors when comparing lastUpdate are now logged instead of silenced
FIX: Warning logged when hayahora.futbol JSON has unexpected structure (no lastUpdate nor known IP keys)
CODE: stateChanges parsing deduplicated across three call sites into a single latest_state_from_changes() helper
UI: "Reset settings" option removed — uninstalling the plugin (with "Delete data on uninstall" checked, which is the default) gives the same clean slate and avoids duplicating the destructive action

1.9.2

I18N: Source language refactored to English (was Spanish), aligning with the WordPress.org translation convention
I18N: New es_ES.po with 100% Spanish translations bundled (no functionality change for Spanish users)
I18N: ca, eu, fr_FR and gl_ES translations completed to 100% (23 new strings added)
I18N: en_US.po removed (source IS English now, no longer needed)
I18N: .pot regenerated from current code with English msgids and accurate line references
DOCS: Plugin header Description rewritten in English to match the new source language

1.9.1

FIX: Text domain changed to match new WP.org slug (es-football-bypass-for-cloudflare)
FIX: All file paths now use wp_upload_dir() instead of hardcoded WP_CONTENT_DIR
FIX: File operations migrated to WP_Filesystem API (no more file_put_contents)
FIX: register_setting() uses proper array format with sanitize_callback
FIX: Stricter sanitization for selected_records, bypass_blocked_ips and state fields
FIX: Inline JavaScript no longer uses PHP interpolation, uses wp_localize_script data
FIX: Plugin data directory renamed to es-football-bypass-for-cloudflare in uploads
FIX: Contributors field corrected in readme.txt
DOCS: External services section updated with hayahora.futbol information links

1.9.0

RENAME: Plugin renamed from "CF Football Bypass" to "ES Football Bypass for Cloudflare" (WordPress.org trademark compliance)
DOCS: External services section expanded with server IP detection services documentation
DOCS: Enhanced privacy and data transmission details for all external services

1.8.6

CODE: Full WordPress Coding Standards compliance (PHPCS): tabs, spacing, Yoda conditions, snake_case variables, PHPDoc comments
UX: Plugin version now displayed on all plugin pages (Operation, Settings, Logs)
I18N: All remaining hardcoded Spanish strings wrapped in __() for consistent translations
CODE: Short ternary operators replaced with full ternary for WP standards
CODE: in_array() calls now use strict mode
CODE: Assignment-in-condition patterns refactored

1.8.5

NEW: Support for Cloudflare Account-owned API Tokens (in addition to User API Tokens and Global API Key)
NEW: Account ID field shown when Account Token is selected
UX: Auth type selector now offers three options: Global API Key, User Token, Account Token
UX: Email and Account ID fields show/hide dynamically based on selected auth type

1.8.2

NEW: Server outgoing IP detection shown in Settings to help restrict Cloudflare API Token by IP
UX: IP is cached for 1 hour and detected from multiple sources for reliability

1.8.1

SECURITY: External cron token comparison now uses hash_equals() to prevent timing attacks
PERFORMANCE: Log pruning throttled to once per day instead of on every log event
UX: Confirmation dialogs before destructive actions (Force OFF, Force ON, Reset)
UX: Action buttons are disabled during AJAX operations to prevent double-click
UX: Local environment detection with friendly warning on Operation page
CODE: Added uninstall.php for complete cleanup on plugin removal (WP_Filesystem)
CODE: Replaced deprecated current_time('timestamp') with time() (WP 5.3+)

1.8.0

IMPROVEMENT: Changed all prefixes from cfb_ to cfbcolorvivo_ to avoid conflicts with other plugins
IMPROVEMENT: Changed all CSS/JS identifiers from cfb- to cfbcolorvivo- for uniqueness
CODE: Settings option renamed to cfbcolorvivo_settings
CODE: Cron hook renamed to cfbcolorvivo_check_football_status
CODE: Log directory renamed to cfbcolorvivo-logs
CODE: All AJAX actions, transients, and filters updated with new prefix

1.7.1

FIX: Fixed critical bug in configuration checkboxes that prevented unchecking options once activated
FIX: "Force Proxy OFF during football" option can now be properly disabled
FIX: "Action logging" option can now be properly disabled
FIX: Improved code compliance with WordPress.org plugin guidelines

1.7.0

IMPROVEMENT: JavaScript now uses wp_enqueue_script() and wp_add_inline_script() per WordPress.org directory guidelines
IMPROVEMENT: Removed all inline script blocks from PHP code
IMPROVEMENT: Dynamic data passed via wp_localize_script() for better code separation
IMPROVEMENT: admin_enqueue_scripts hook properly implemented with page filtering
CODE: Complete refactoring of admin assets system

1.6.0

SECURITY: Log file moved to wp-content/uploads/cfbcolorvivo-logs/ with .htaccess protection
SECURITY: IP anonymization in logs for GDPR compliance
SECURITY: Removed error suppression operators (@) with explicit checks
SECURITY: Added index.php files to prevent directory listing
IMPROVEMENT: Full internationalization (i18n) support with cf-football-bypass text domain
IMPROVEMENT: Plugin header updated with all fields required by WordPress.org
IMPROVEMENT: Automatic log directory creation with protection
IMPROVEMENT: Better error handling for file writing
FIX: Version sync between plugin header and readme.txt

1.0.1

Added Cloudflare API Token support
Improved manual control button with confirmation
Sidebar with recommended links
Minor bug fixes
Better error handling and logging

1.0.0

Initial version
Automatic hayahora.futbol monitoring
Automatic Cloudflare DNS record management
Global API Key support
Admin dashboard
Integrated cron system

ES Football Bypass for Cloudflare

标签

下载

详情介绍:

安装:

屏幕截图:

升级注意事项:

常见问题:

更新日志: