Plugin Directory

Tor Blocker

Tor Blocker stands for limiting actions to the users that came from Tor nodes, countries or cloud/hosting/vpn providers.

FIX: Google crawlers aren't blocked any more.

IMPORTANT: Development of this PoC plugin is over ( there are performance and security issues with it ). Please use https://wordpress.org/plugins/pike-firewall instead!

IMPORTANT: On update always deactivate plugin, update the code then activate again e.g. all plugin settings will be lost. This will be the case until we add all of the planned features and when we turn to UI/UX development this won't be the case.

Most of the time Tor exit nodes and another .onion web proxies are used to enumerate vulnerabilities of our online product, to perform attack or to be used as a spam source. This plugin allow us to limit the actions that coud be performed by the users that are coming from a Tor nodes using http://pike.hqpeak.com free service. Could be upgraded to premium (from September) or could be set up any url to service that will give you response in the described json format. Premium list is updated on real time, free on 10 minutes and has its own caching mechanism so isn't affect the speed of the WP instance. In case you need the realtime Tor blocking service feel free to contact us at contact [at] hqpeak [d0t] com

With this plugin you can apply following constraints to the Tor visitors:

  • Filter human from bots visits from Tor network
  • Visits (Tor users can read only public content on the site)
  • Comments (Tor users can post comments)
  • Registration (Tor users can register for the site)
  • Subscription (Tor users can subscribe)
  • Administration (Tor users can access administration panel)
  • Request (Tor users can send POST requests)

Or to ban any action by its name / key e.g. not allow accessing resources defined by some GET or POST key. Un checking all of the boxes will block all of the requests to your wordpress.

Update: Now you can show user friendly message to the Tor visitor and/or you can log all of their actions.

Update: Captcha challenge for stoping bot scripts and fallback service solution.

Update: Country based GeoIP blocking and user friendly customizable block page.

Update: ASN number based ip range blocking. Adding ASN you can block any hosting/cloud provider automated requests. Every cloud/hosting provider as Amazon. DigitalOcean, Hetzner,... have their own ASN.

Update: Security update - XSS, DB tables column types update

Requires: 3.8.1 or higher
Compatible up to: 4.5.4
Last Updated: 5 months ago
Active Installs: 100+


5 out of 5 stars


Got something to say? Need help?


Not enough data

0 people say it works.
0 people say it's broken.

100,2,2 100,1,1 50,2,1 100,1,1 100,1,1