Tornevall Networks DNSBL Implementation

Tornevall Networks DNSBL and FraudBL protection for WordPress. The plugin helps block comment activity, account registrations and other unwanted submissions from addresses flagged by Tornevall Networks DNSBL and FraudBL. FraudBL is part of the protection layer used by the plugin and is available at fraudbl.org. For general discovery, broader search terms like fraud, blacklist, comment spam and user registration are usually easier to find than niche technical acronyms alone. The plugin is intended to provide a lightweight anti-spam and anti-abuse layer for WordPress, with support for local caching to reduce repeated lookups and unnecessary load against blacklist services. Current admin features include manual DNS lookup tools, self-check tools, visitor statistics, safe IP whitelisting, frontend dry-run support for administrators, Cloudflare Turnstile for comments, and DNSBL plus Turnstile protection for new WordPress account registrations. WooCommerce-oriented protection is a planned next step rather than part of the current release. Report issues and feedback: GitHub issues Plugin URL: WordPress.org plugin page Documentation: DNSBL API documentation Support and feedback Bug reports and feedback can currently be submitted via GitHub issues. Full Documentation: DNSBL API documentation Translations can be contributed via translate.wordpress.org.

1. Upload the plugin archive to the /wp-content/plugins/ directory
2. 通过 WordPress 的的“Plugins”菜单激活插件
3. Configure the plugin via admin control panel

The installation creates a cache table in the WordPress database. This reduces repeated DNS lookups and helps avoid unnecessary load against blacklist services. Both blacklisted and non-listed lookups are cached. The default cache lifetime is 600 seconds and the cleanup interval is 300 seconds. The plugin also supports a safe IP whitelist. Whitelisted IP addresses are still checked and can appear in statistics, but they are not blocked, redirected or marked as spam. When possible, the activating visitor IP is seeded into that whitelist automatically during first-time setup. If the database schema becomes out of sync after an upgrade or a manual source-based install, deactivate and reactivate the plugin to recreate the required tables.

3.0.3

• Fixed frontend dry-run availability so the public banner and toggle only appear when DNSBL dev mode is enabled and Tools environment mode is set to dev.

3.0.2

• Repackaged the release so updated screenshots and other WordPress.org assets can be picked up properly.
• Restored Markdown-style links in the readme after the previous plain-URL formatting pass.

3.0.1

• Simplified and aligned the public plugin name so it better matches the WordPress.org slug.
• Corrected the author metadata spelling to Thomas Tornevall.
• Reduced the WordPress.org tags to five broader discovery terms with better general search value.
• Refreshed the readme wording for FraudBL/fraud discovery and noted planned WooCommerce-oriented follow-up work.

3.0.0

• Refactored the plugin around WordPress-native DNS lookups, admin AJAX tooling and a namespaced internal structure while keeping the historical main plugin file name and compatibility entry points.
• Added asynchronous admin lookup and self-check tools that run without reloading the page.
• Added visitor statistics for resolved checks, blacklist hits, blocked requests, unique visitor addresses and cached blacklist activity.
• Added configurable cache TTL, configurable cleanup intervals and automatic expiry cleanup for both listed and non-listed DNSBL lookups.
• Added a safe IP whitelist, protected-admin notices and a one-click current-visitor whitelist action.
• Added public documentation links, changelog links and source-history links in the admin help flow.
• Added Cloudflare Turnstile protection for frontend WordPress comments.
• Added DNSBL/FraudBL checks for new WordPress account registrations.
• Added Cloudflare Turnstile protection for new WordPress account registrations.
• Added IP_FRAUDCOMMERCE to the default trigger-flag profile.
• Tightened comment blocking so hidden comment forms also reject direct submissions.
• Restricted dry-run simulation to the public site for logged-in administrators.
• Switched Tools integration default mode to production.
• Updated removal and delisting references to the removal page.

2.1.9

• 2.1.9 is the latest historical tag visible in the repository before the current 3.x cleanup and refactor work.