| 开发者 |
fernandot
ayudawp |
|---|---|
| 更新时间 | 2026年7月3日 14:49 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 7.0 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
192.168.1.1192.168.1.0/24 or 10.0.0.0/8192.168.* or 10.*.*.*gozer folder to /wp-content/plugins/The plugin is designed with safe defaults. Critical functionality like REST API, WP-Cron, and AJAX are allowed by default to prevent breaking the block editor or scheduled tasks.
Yes, if you enable the "Search engine bots" option. Major search engine bots (Google, Bing, etc.) will be able to access and index your content.
If "Search engine bots" is enabled (the default), yes: bots are recognized by their user agent, which any visitor can set freely, so a curl request claiming to be Googlebot gets through. If your site must stay private to everyone except real search engines, enable "Verify bots by reverse DNS": Gozer then confirms the claim with a forward-confirmed reverse DNS lookup against the engine's official domains (Google, Bing, Yahoo, Yandex, Baidu, and Apple) and blocks impostors, as well as bots that cannot be verified this way (such as social network preview fetchers). If the site should be completely hermetic, disable the "Search engine bots" exception altogether.
Since 2.1.0 Gozer reads the visitor IP from the direct connection by default, because trusting proxy headers on sites not behind a proxy allowed anyone to impersonate an allowed IP by forging a header. Behind Cloudflare or a reverse proxy, the direct connection is the proxy itself, so go to Settings > Gozer > "Visitor IP detection" and select the header your infrastructure sets (CF-Connecting-IP for Cloudflare, X-Real-IP or X-Forwarded-For for other proxies). Your IP whitelist will work as before.
Go to Settings > Gozer and add paths to the "Allowed paths" field. Enter one path per line, like /contact/ or /about/.
Use CIDR notation (e.g., 192.168.1.0/24 for a /24 subnet) or wildcards (e.g., 192.168.* for all IPs starting with 192.168).
Generate a token in Settings > Gozer, then share the generated URL. Anyone with that link can access the site without logging in until the token expires.
Yes, the plugin works on multisite installations. Each site can have its own configuration.
Gozer the Gozerian is the supernatural entity from Ghostbusters (1984) who asked "Are you a god?" before denying access to mere mortals. Just like our plugin does with your site visitors.
If you set a "Minimum access level" higher than the user's role, logged-in users below that level are treated like logged-out visitors and shown a 403 page. This front-end restriction is independent from the WordPress dashboard: a Subscriber can still reach their profile screen but will not see the front-end. Set the access level back to "Any logged-in user" to allow every logged-in user through.
A page cache (a caching plugin, your host, or a CDN) can serve pre-generated HTML without running WordPress, so Gozer never sees those requests. Gozer purges the major caching plugins automatically when you activate the plugin, toggle private mode, or save settings, but if your host or CDN caches HTML you may need to purge it once after enabling Gozer.