It blocks any spams, login attempts and malicious access to the admin area posted from the specific countries, and also prevents zero-day exploit.
X-Robots-TagHTTP header with
noindex, nofollowfor login page. (@)
wp_get_raw_referer()error that happened under certain condition. See the issue at forum.
ip-geo-block-record-logto control over the conditions of recording in more detail.
Sorry for frequent updating.
admin ajax/postwas enabled.
.htaccessfor the plugins/themes area.
wp-signup.phpto the list of validation target.
wp-content/in case of being unable to obtain proper permission. (@, @)
Sorry for frequent update again but the following obvious bugs should be fixed.
Sorry for frequent update.
wp_options. It caused the uncertainty of recording especially in case of burst attacks. Now the data will be recorded in an independent table to improve this issue.
Sorry for frequent update.
ZZ. It means that you can put
ZZinto the white list and black list.
passwdcan be blocked.
rewrite.phpfor the advanced use case.
This is a maintenance release.
block by country (register, lost password). In this release, the login-fail-counter works correctly.
Admin ajax/postwere influential with each other. Now each of those works individually.
IP_GEO_BLOCK_DEBUGto reduce 1 query on admin screen.
PHP Fatal error: Call to undefined functionin
IP2Location.phpwhen IPv6 is specified.
Block by country (register, lost password)at
Settingstab in order to accept the registered users as membership from anywhere but block the request of new user ragistration and lost password by the country code. Is't suitable for BuddyPress and bbPress.
403.phpin the theme template directory or in the child theme directory is used if it exists. And new filter hooks
ip-geo-block-(comment|xmlrpc|login|admin)-(status|reason)are available to customize the response code and reason for human.
ip-geo-block-(admin-actions|admin-pages|wp-content). Alternatively new filter hooks
ip-geo-block-bypass-(admins|plugins|themes)are added to bypass WP-ZEP.
ip-geo-block-backup-dirdid not work correctly because the order of argument was mismatched.
init) than this plugin (previously
get_geolocation()method at a time of when the cache of IP address is cleared.
ip-geo-block-admin-actionsfor safe actions on back-end.
wp-admin/admin-post.phpas a validation target in the
Admin area. This feature is to protect against a vulnerability such as Analysis of the Fancybox-For-WordPress Vulnerability on Sucuri Blog.
*(masked password) which is logged into the database.
xmlrpc.phpand admin area. This is an experimental function and can be enabled on
Settingstab. Malicious access can try to login only 5 times per IP address. This retry counter can be reset to zero by
$_SERVER keys for extra IPsinto options to validate additional IP addresses.
xmlrpc.phpand new option to validate all the IP addresses in HTTP_X_FORWARDED_FOR.
login.phpand admin area will be also validated for security purpose.
Save statisticsis enabled.
ip-geo-block-validatewas discontinued. Instead of it, the new filter hook
WordPress/3.9.2; http://example.com/) becomes to its own (
WordPress/3.9.2; ip-geo-block 1.1.0).
apply_filters()to be able to change headers.
Requires: 3.7 or higher
Compatible up to: 4.6.1
Last Updated: 3 weeks ago
Active Installs: 10,000+
7 of 12 support threads in the last two months have been marked resolved.
Got something to say? Need help?