WordPress.org

Plugin Directory

IP Geo Block

A WordPress plugin that will block any spams, login attempts and malicious access to the admin area posted from outside your nation.

I was locked down. What shall I do?

Add the following codes to functions.php in your theme and upload it via FTP.

function my_emergency( $validate ) {
    $validate['result'] = 'passed';
    return $validate;
}
add_filter( 'ip-geo-block-login', 'my_emergency' );
add_filter( 'ip-geo-block-admin', 'my_emergency' );

Then Clear statistics at Statistics tab on your dashborad. After that, you can remove above codes.

How can I protect my `wp-config.php` against malicious access?

function my_protectives( $validate ) {
    if ( ! is_user_logged_in() ) {
        $protectives = array(
            'wp-config.php',
            'passwd',
        );

        $req = strtolower( urldecode( serialize( $_GET + $_POST ) ) );

        foreach ( $protectives as $item ) {
            if ( strpos( $req, $item ) !== FALSE ) {
                $validate['result'] = 'blocked';
                break;
            }
        }
    }

    return $validate; // should not set 'passed' to validate by country code
}
add_filter( 'ip-geo-block-admin', 'my_protectives' );

Are there any other filter hooks?

Yes, here is the list of all hooks.

  • ip-geo-block-ip-addr : IP address of accessor.
  • ip-geo-block-headers : compose http request headers.
  • ip-geo-block-comment : validate IP address at wp-comments-post.php.
  • ip-geo-block-xmlrpc : validate IP address at xmlrpc.php.
  • ip-geo-block-login : validate IP address at wp-login.php.
  • ip-geo-block-admin : validate IP address at wp-admin/*.php.
  • ip-geo-block-admin-actions : array of actions for wp-admin/admin-(ajax|post).php.
  • ip-geo-block-backup-dir : absolute path where log files should be saved.
  • ip-geo-block-maxmind-dir : absolute path where Maxmind GeoLite DB files should be saved.
  • ip-geo-block-maxmind-zip-ipv4 : url to Maxmind GeoLite DB zip file for IPv4.
  • ip-geo-block-maxmind-zip-ipv6 : url to Maxmind GeoLite DB zip file for IPv6.
  • ip-geo-block-ip2location-path : absolute path to IP2Location LITE DB file.

For more details, see samples.php bundled within this package.

How does WP-ZEP prevent zero-day attack?

After reading the Sucuri Blog widely, I found that a considerable number of vulnerable plugins are lacking in validating either the nonce and privilege or both. WP-ZEP will make up both of them embedding a nonce into the link, form and ajax request from jQuery on every admin screen.

This simple system will validate both of them on behalf of vulnerable plugins in your site and will block a request with a query parameter action through wp-admin/admin.php and wp-admin/admin-(ajax|post).php if it has no nonce and privilege. Moreover, it doesn't affects a request from non-logged-in user.

On the other hand, the details of above process are slightly delicate. For example, it's incapable of preventing Privilege Escalation (PE) because it can't be decided which capabilities does the request need.

Some admin function doesn't work when WP-ZEP is on.

There are a few cases that WP-ZEP would not work. One is redirection at server side (by PHP or .htaccess) and client side (by JavaScript location object or meta tag for refresh).

Another is a restriction related to the content type. This plugin will only support application/x-www-form-urlencoded and multipart/form-data.

The other is the case that a ajax/post request comes from not jQuery but flash or something.

In those cases, this plugin should bypass WP-ZEP. So please find the action in the requested queries and add its value into the safe action list via the filter hook ip-geo-block-admin-actions.

If you can not figure out your troubles, please let me know about the plugin you are using at the support forum.

I want to use only WP-ZEP.

Uncheck the Comment post, XML-RPC and Login form in Validation settings on Setting tab. And select Prevent zero-day exploit for Admin area and Admin ajax/post

At last empty the textfield of White list or Black list according to the Matching rule.

Requires: 3.7 or higher
Compatible up to: 4.1.1
Last Updated: 2015-3-23
Active Installs: 800+

Ratings

3.5 out of 5 stars

Support

6 of 6 support threads in the last two months have been resolved.

Got something to say? Need help?

Compatibility

+
=
Not enough data

0 people say it works.
0 people say it's broken.