It makes admin screens strictly private with more flexible way than specifying IP addresses. You can also get the extension IP Geo Allow by Dragan. See various use cases in samples.php bundled within this package. You can customize the behavior of this plugin via add_filter() with pre-defined filter hook. See this report about page speed performance. This plugin is lite enough to be able to cooperate with other full spec security plugin such as Wordfence Security. Validation logs for useful information to audit attack patterns can be manageable.Ĭooperation with full spec security plugin: You can also have a human friendly page (like 404.php) in your parent/child theme template directory to fit your site design. HTTP response code can be selectable as 403 Forbidden to deny access pages, 404 Not Found to hide pages or even 200 OK to redirect to the top page. Also free Geolocation REST APIs and whois information can be available for audit purposes.įather more, dedicated API class libraries can be installed for CloudFlare and CloudFront as a reverse proxy service. Multiple source of IP Geolocation databases:īesides the Native Geo-Location provider, this plugin supports MaxMind GeoLite2 free databases and IP2Location LITE databases. When you click an external hyperlink on admin screens, http referrer will be eliminated to hide a footprint of your site. It is suitable for BuddyPress and bbPress to help reducing spams. You can configure this plugin so that a registered user can login as a membership from anywhere, while a request such as a new user registration, lost password, creating a new topic and subscribing comment can be blocked by country. It can massively reduce the load on server.Ī malicious request such as exposing wp-config.php or uploading malwares via vulnerable plugins/themes can be blocked.Ī simple logic may help to reduce the number of rogue bots and crawlers scraping your site. You can configure this plugin as a Must Use Plugins so that this plugin can be loaded prior to regular plugins. Minimize server load against brute-force attacks: In order to prevent hacking through the login form and XML-RPC by brute-force and the reverse-brute-force attacks, the number of login attempts will be limited per IP address even from the permitted countries. It will protect your site against certain types of attack such as CSRF, LFI, SQLi, XSS and so on, even if you have some vulnerable plugins and themes in your site. It is simple but still smart and strong enough to block any malicious accesses to wp-admin/*.php, plugins/*.php and themes/*.php even from the permitted countries. Unlike other security firewalls based on attack patterns (vectors), the original feature “ Word Press Zero-day Exploit Prevention” (WP-ZEP) is focused on patterns of vulnerability. It allows you to configure either whitelist or blacklist to specify the countires, CIDR notation for a range of IP addresses and AS number for a group of IP networks. Moreover, it can be anonymized and restricted on sending to the 3rd parties such as geolocation APIs or whois service.Īccess to the basic and important entrances into back-end such as wp-comments-post.php, xmlrpc.php, wp-login.php, wp-signup.php, wp-admin/admin.php, wp-admin/admin-ajax.php, wp-admin/admin-post.php will be validated by means of a country code based on IP address. IP address is always encrypted on recording in logs/cache. IP Location Block provides Native Geo-Location Provider that is faster, more secure and provides the needed precision for matching CITY and STATE besides the standard COUNTRY matching. I fixed various issues and improved the overall codebase. Note: This plugin is based on the now abandoned “IP Geo Block” plugin by tokkonopapa. The plugin brings a smart and powerful protection methods named as “ WP Zero-day Exploit Prevention” and “ WP Metadata Exploit Protection“.Ĭombined with those methods and IP address geolocation, you’ll be surprised to find a bunch of malicious or undesirable access blocked in the logs of this plugin after several days of installation. IP Location Block plugin that allows you to block access to your site based on the visitor location while also keeping your site safe from malicious attacks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |