| 开发者 | ipsentry |
|---|---|
| 更新时间 | 2026年7月14日 00:33 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 7.0 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
wp ipsentry status — show current configuration and threat counts
wp ipsentry test-ip <ip> — run a live API check on any IP
wp ipsentry whitelist add <ip> — add an IP or CIDR to the whitelist
wp ipsentry whitelist remove <ip> — remove from whitelist
wp ipsentry blacklist add <ip> — add an IP or CIDR to the blacklist
wp ipsentry log --limit=20 — view recent threat log entries
ipsentry-security folder to /wp-content/plugins/)It solves a different problem — and runs happily alongside them. Scanner-based plugins like Wordfence or Solid Security focus on malware scanning and firewall rules: they look at what a request does once it reaches your site. Predax Security looks at who is connecting: it identifies anonymised and high-risk IPs (VPNs, proxies, Tor, datacenter ranges) in real time using a commercial IP intelligence database, and blocks them before they attempt anything. Many sites run Predax Security alongside a scanner-based plugin — Predax filters out the anonymous, high-risk traffic; the scanner watches what gets through.
No. API results are cached in the WordPress database for 1 hour per IP. After the first check, returning visitors are served from cache with no API call. The cache TTL is configurable.
Only if you enable VPN blocking. By default the plugin is set to monitor VPN traffic (log it but not block it). You control exactly which threat types trigger a block.
By default they see a standard WordPress error page with a 403 status code. You can enable the Custom Block Page option to show a branded page with your own message and a support link.
Yes. The plugin reads the CF-Connecting-IP header automatically when Cloudflare is detected, so the real visitor IP is used rather than the Cloudflare proxy IP.
For most small sites, yes. The free plan provides 1,000 checks per day. With 1-hour caching, this covers approximately 1,000 unique visitors per day. Returning visitors within the hour use cached results and don't count against your quota.
Yes. Go to Settings → Predax Security → Whitelist / Blacklist and add your IP or CIDR range. Whitelisted IPs bypass all checks.
The base security plugin protects logins and registrations. For WooCommerce checkout protection (fraud scoring, country mismatch, order velocity, auto hold), use the companion Predax Fraud Guard for WooCommerce plugin (also on WordPress.org).
The visitor's IP address, and optionally their timezone when timezone mismatch detection is enabled. A temporary cookie is used to pass the timezone from the browser to the server. No page content or personal user data is transmitted. See the Third Party Services section below for full details.
?author=N probes and the REST users endpoint from leaking usernames to logged-out visitors (Settings → Advanced → WordPress Hardening). On by default in the Recommended and Strict presets.system.multicall brute-force amplification while keeping normal XML-RPC working, e.g. the WordPress mobile app) or "Disable all". Replaces the old on/off "Disable XML-RPC" toggle; your existing choice is migrated automatically.WP_DEBUG.prdx_live_… placeholder. Existing ipsent_* keys continue to authenticate normally.predax.io instead of ipsentry.io. The legacy ipsentry.io URL still redirects, so older bookmarks continue to work.ipsent_* API keys created before the rebrand continue to authenticate normally. New keys generated at https://predax.io/dashboard/api-keys start with prdx_. Both work.add_option() respects existing values, so if you already had these on, they stay on.uninstall.php that cleans up all plugin options and drops both custom tables when the plugin is deleted.wp_add_privacy_policy_content integration so administrators can pull suggested Privacy Policy text from Tools → Privacy.onclick handler from the [ipsentry_lookup] shortcode.wp ipsentry)