Linux 软件免费装
Banner图

Predax Security (formerly IPSentry)

开发者 ipsentry
更新时间 2026年7月14日 00:33
PHP版本: 7.4 及以上
WordPress版本: 7.0
版权: GPLv2 or later
版权网址: 版权信息

标签

security firewall brute force ip blocking vpn

下载

1.10.0 1.9.4

详情介绍:

Block VPNs, Tor users, proxies, bots, and high-risk visitors before they can attack your WordPress site. Most WordPress attacks — brute-force logins, fake registrations, comment spam, vulnerability scans — come from anonymised connections: VPNs, open proxies, Tor exit nodes, and rented datacenter servers. Predax Security identifies those visitors the moment they arrive and stops the risky ones at the door, before they can log in, register, comment, or even load a page. Every visitor IP is checked in real time against a continuously-updated threat intelligence database of known VPN providers, open proxies, Tor exit nodes, datacenter ranges, and web crawlers, and given a 0–100 risk score. You choose exactly what gets blocked — by category, by country, or by risk score threshold. Privacy-first by design: on a fresh install the plugin is off by default — no visitor data is sent anywhere until you explicitly enable a protection preset via the setup wizard or the Settings → Protection tab. Key Features Free Tier Sign up at predax.io for a free API key. The free plan includes: No credit card required. More Power With Paid Plans The free tier is plenty for small sites, but busier sites use up the included checks faster. Paid plans raise the monthly limit from 5,000 up to 25,000–25,000,000 IP checks, with higher request rates and bulk lookups. The dashboard shows your live usage each month, so you can see exactly when it's time to upgrade — same plugin, same settings, just a bigger allowance on your existing API key. How It Works
  1. You install the plugin, enter an API key, and pick a protection preset during the Setup Wizard (or enable individual protections from Settings → Protection). This is the explicit opt-in — no data leaves the site until you do this.
  2. A visitor makes a request to your site.
  3. Predax checks their IP against the threat intelligence API (results cached for 1 hour per IP).
  4. If the risk score exceeds your threshold, the visitor is blocked with a configurable message.
  5. All block events are logged in the WordPress database for review.
WP-CLI Commands wp ipsentry status — show current configuration and threat counts wp ipsentry test-ip <ip> — run a live API check on any IP wp ipsentry whitelist add <ip> — add an IP or CIDR to the whitelist wp ipsentry whitelist remove <ip> — remove from whitelist wp ipsentry blacklist add <ip> — add an IP or CIDR to the blacklist wp ipsentry log --limit=20 — view recent threat log entries

安装:

From your WordPress dashboard (recommended)
  1. Go to Plugins → Add New Plugin in your WordPress admin
  2. Search for "Predax Security"
  3. Click Install Now, then Activate
  4. The setup wizard launches automatically and guides you through connecting your free Predax API key and choosing a protection level
  5. Go to Predax Security in the admin sidebar to view the security dashboard, and Settings to fine-tune protection types, risk thresholds, and advanced features
Manual installation
  1. Download the plugin ZIP from this page and upload it via Plugins → Add New Plugin → Upload Plugin (or extract the ipsentry-security folder to /wp-content/plugins/)
  2. Activate the plugin through the Plugins menu and follow the setup wizard

屏幕截图:

  • Settings page — configure API key, risk threshold, and protection types
  • Threat log — view all blocked events with IP, reason, risk score, and timestamp
  • Dashboard widget — at-a-glance threat stats on the WordPress dashboard
  • Country blocking — select countries and regions to allow or deny

升级注意事项:

1.10.0 Adds user/author enumeration blocking, XML-RPC amplification hardening (pingback + system.multicall), firewall repeat-offender auto-ban, and an API circuit-breaker that keeps your site fast if the Predax API is ever slow — plus an autoload performance migration. Your existing "Disable XML-RPC" setting is migrated automatically. Safe to upgrade. 1.9.4 WordPress 7.0 + PHP 8.2 compatibility tested. Setup wizard branding refreshed and a fix for an OAuth-redirect edge case that could show a blank "0" page. No settings changes. Safe to upgrade. 1.9.1 Privacy + security polish. Fresh installs: visitor and login protection now default OFF (enabled by picking a Setup Wizard preset). Community Threat Network opt-in toggle. IP/CIDR validation on blacklists. uninstall.php cleanup. Existing sites keep their settings. Safe to upgrade. 1.9.0 Adds a full security dashboard as the plugin's landing page. Settings and setup wizard redesigned. No configuration changes required. Safe to upgrade. 1.8.0 Major feature release — HTTP Security Headers, Google reCAPTCHA v3, Honeypot URL Traps, User-Agent Blocking, 404 Threshold Blocking, JavaScript Challenge, Browser Fingerprint Scoring, and more. All new features are off by default. Safe to upgrade. 1.7.0 Adds one-click OAuth connect via the setup wizard — link your site to Predax without copying an API key. Manual key entry remains available as a fallback. 1.6.0 Adds a 3-step setup wizard that runs on first activation. No configuration changes to existing installs. Safe to upgrade. 1.5.5 Recommended update — VPN detection improved (NordVPN and other major providers now reliably detected). Block messages updated to always mention Predax. 1.5.3 Recommended update — smarter login protection (hackers get permanently blocked, legitimate users get a temporary lockout). Test Connection button fixed. 1.5.2 Bug fix: VPN/proxy users in Monitor mode no longer get blocked by the risk threshold. Recommended update for anyone using VPN detection. 1.5.1 Settings page UX improvements — tabbed layout, inline save/test buttons, help tooltips. No configuration changes required. 1.5.0 Adds the Web Application Firewall (WAF, on by default) and the opt-in Community Threat Network (off by default; enable in Settings → Predax Security → Advanced to contribute block events to the shared feed). Safe to upgrade — no configuration changes required. 1.4.0 Adds custom block page, XML-RPC/REST API protection, disposable email blocking, WP-CLI commands, and settings import/export. All new features default to off — no behaviour changes on upgrade.

常见问题:

How is this different from Wordfence or other security plugins?

It solves a different problem — and runs happily alongside them. Scanner-based plugins like Wordfence or Solid Security focus on malware scanning and firewall rules: they look at what a request does once it reaches your site. Predax Security looks at who is connecting: it identifies anonymised and high-risk IPs (VPNs, proxies, Tor, datacenter ranges) in real time using a commercial IP intelligence database, and blocks them before they attempt anything. Many sites run Predax Security alongside a scanner-based plugin — Predax filters out the anonymous, high-risk traffic; the scanner watches what gets through.

Will this slow down my site?

No. API results are cached in the WordPress database for 1 hour per IP. After the first check, returning visitors are served from cache with no API call. The cache TTL is configurable.

Does this block all VPN users?

Only if you enable VPN blocking. By default the plugin is set to monitor VPN traffic (log it but not block it). You control exactly which threat types trigger a block.

What happens to blocked visitors?

By default they see a standard WordPress error page with a 403 status code. You can enable the Custom Block Page option to show a branded page with your own message and a support link.

Does it work with Cloudflare?

Yes. The plugin reads the CF-Connecting-IP header automatically when Cloudflare is detected, so the real visitor IP is used rather than the Cloudflare proxy IP.

Is the free plan enough for a small site?

For most small sites, yes. The free plan provides 1,000 checks per day. With 1-hour caching, this covers approximately 1,000 unique visitors per day. Returning visitors within the hour use cached results and don't count against your quota.

Can I whitelist my own IP?

Yes. Go to Settings → Predax Security → Whitelist / Blacklist and add your IP or CIDR range. Whitelisted IPs bypass all checks.

Does it protect the WooCommerce checkout?

The base security plugin protects logins and registrations. For WooCommerce checkout protection (fraud scoring, country mismatch, order velocity, auto hold), use the companion Predax Fraud Guard for WooCommerce plugin (also on WordPress.org).

What data is sent to the API?

The visitor's IP address, and optionally their timezone when timezone mismatch detection is enabled. A temporary cookie is used to pass the timezone from the browser to the server. No page content or personal user data is transmitted. See the Third Party Services section below for full details.

更新日志:

1.10.0 1.9.4 1.9.3 1.9.1 1.9.0 1.8.0 1.7.0 1.6.0 1.5.5 1.5.4 1.5.3 1.5.2 1.5.1 1.5.0 1.4.0 1.3.0 1.2.0 1.1.0 1.0.0