[WordPress] 外掛分享: Advanced IP Blocker

WordPress 外掛 Advanced IP Blocker 的封面圖片。

前言介紹

  • 這款 WordPress 外掛「Advanced IP Blocker」是 2025-06-25 上架。
  • 目前有 900 個安裝啟用數。
  • 上一次更新是 2026-02-25,不久前才剛更新。
  • 外掛最低要求 WordPress 6.7 以上版本才可以安裝。
  • 外掛要求網站主機運作至少需要 PHP 版本 8.1 以上。
  • 有 13 人給過評分。
  • 論壇上目前有 26 個提問,問題解答率 88% ,不低,算是個很有心解決問題的開發者團隊了!

外掛協作開發者

inilerm |

外掛標籤

WAF | firewall | security | ip blocker | country block |

內容簡介

總結: Advanced IP Blocker是對抗自動機器人和惡意行為者的第一道防線。這個外掛根據用戶在網站上的即時活動智能地阻擋IP,而不是依靠龐大的預先製作的封鎖列表。提供了一個輕量級、高效且極其有效的安全層。

問答:
1. 這個外掛的主要功能有哪些?
- 行為IP封鎖:自動封鎖生成過多404(找不到頁面)或403(禁止)錯誤的IP。
- 登入保護:通過在多次登入失敗後封鎖IP來阻止暴力攻擊。
- 蜜罐系統:通過將它們困在“蜜罐” URL中來瞬間封鎖掃描常見漏洞的機器人。
- 用戶代理篩選:從機器人、刮板和漏洞掃描器中封鎖已知惡意用戶代理。
- 白名單控制:輕鬆創建IP和用戶代理(如搜索引擎機器人)的白名單,以確保它們永遠不會被封鎖。
- 活動會話管理:查看所有已登錄用戶會話,查看其位置,並在需要時遠程終止它們。
- 詳細的日誌記錄:保持所有封鎖、解除封鎖和安全事件的清晰審計軌跡。
- WP-CLI就緒:直接從命令行管理插件的每個方面,非常適合開發人員和系統管理員。
- 輕量級和高性能:設計為對您的網站性能產生最小的影響。

2. 如何推薦進行初始設置以獲得最佳體驗?
- 在“設置”選項卡中啟用核心功能。
- 確認啟用記錄功能並配置電子郵件通知。
- 檢查和調整預設的404、403和登入錯誤閾值。
- 啟用用戶代理阻擋,複製建議列表並儲存。
- 啟用蜜罐陷阱,複製建議列表並儲存,這樣外掛就可以主動配置以封鎖各種常見的自動攻擊。

3. 這個外掛使用了哪些外部服務?它們如何幫助鏈接訪問者的來源?
- 使用第三方服務提供IP地理位置數據,顯示在“用戶會話”和“封鎖的IP”表中。
- 透過IP地理位置數據識別訪問者的來源,這些信息可以在插件設置中配置。

以上總結和問答均可幫助您快速了解Advanced IP Blocker外掛的關鍵內容。

原文外掛簡介

Advanced IP Blocker is your all-in-one security solution to safeguard your WordPress website from a wide range of threats. This plugin provides a comprehensive suite of tools to automatically detect and block malicious activity, including brute-force attacks, vulnerability scanning, and spam bots. With its intuitive interface, you can easily manage whitelists, blocklists, and view detailed security logs to understand exactly how your site is being protected.

Important Note on PHP Version:
To ensure maximum security and access to all features, we strongly recommend using PHP 8.1 or higher. Some advanced features (like the local MaxMind database or full 2FA management via WP-CLI) require PHP 8.1.

Key Features:
* (NEW) Internal Security & Forensics: A complete audit suite solely for WordPress. Track every sensitive event (plugin installs, settings changes, user logins) and monitor your critical files for unauthorized modifications with the integrated File Integrity Monitor.
* (NEW) Activity Audit Log: Gain complete visibility into what’s happening on your site. Who deactivated a plugin? Who changed a setting? The Audit Log answers these questions with timestamped, immutable records.
* (NEW) Deep Scan Email Reports: Get a weekly security summary delivered to your inbox, detailing pending updates, vulnerability status, and recent attack trends.
* Username Blocking & Rules: Gain granular control over login security. Creating Advanced Rules to block, challenge, or score specific usernames (e.g., “admin”, “test”).
* Enhanced Lockdown Notifications: Distributed Lockdowns (404/403) now fully support Email and Push notifications, ensuring you never miss a critical security event.
* Improved Logging: New “Endpoint Challenge” event type provides deeper visibility into challenges served during automated lockdowns.
* Server IP Reputation Check. Instantly audit your web server’s IP address against major blacklists (Spamhaus, AbuseIPDB) to diagnose SEO and email delivery issues.
* **HTTP Security Headers. Easily configure essential security headers like HSTS, X-Frame-Options, and Permissions-Policy to harden your site against clickjacking, sniffing, and other browser-based attacks. Includes a “Report-Only” mode for CSP.
* Site Health & Vulnerability Scanner. Audit your WordPress environment instantly. Detects outdated plugins, insecure PHP versions, and checks your installed plugins against a database of 30,000+ known vulnerabilities.
* **PERFORMANCE BOOST: High-Speed Community Database. Migrated the “Community Defense Network” blocklist to a dedicated, indexed database table. This allows checking thousands of malicious IPs in microseconds with zero impact on site memory usage.
* **WordPress 6.9 Ready. Fully tested and compatible with the latest WordPress core update.
* **Community Defense Network. Join forces with other WordPress admins. The plugin now shares anonymous attack data to build a global, real-time blocklist of verified threats. Protect your site with community-powered intelligence.
* **Auto-Cleaning Logic. Smart expiration handling ensures your blocklists stay fresh and performant, automatically removing stale IPs from both the database and external firewalls (Cloudflare/.htaccess).
* **Cloud Edge Defense (Cloudflare). Connect your site directly to Cloudflare’s global network. Automatically sync your blocklists to the cloud to stop attackers before they reach your server. Zero server load protection.
* **Server-Level Firewall (.htaccess). Extreme performance upgrade. Write blocking rules and file hardening protections directly to your .htaccess file. Blocks threats instantly without loading PHP or WordPress.
* **IMPROVED: Smart Bot Verification. Enhanced logic to correctly identify legitimate traffic from iOS devices (iCloud Private Relay) and social media previews, eliminating false positives while keeping impostors out.
* **File Hardening. Protect your most sensitive files (wp-config.php, readme.html, .git) at the server level with a single click.
* AbuseIPDB Integration. Proactively block attackers before they strike. The plugin can now check visitor IPs against AbuseIPDB’s real-time, crowdsourced database of malicious IPs and block those with a high abuse score on their very first request.
* Edge Firewall Mode! Protect any PHP file or standalone application within your WordPress directory (even if it’s not part of WordPress). Ideal for securing custom scripts, legacy applications, or folders like /scan/. (Requires manual configuration).
* Advanced Rules Engine! Create powerful, custom security rules with multiple conditions (IP, Country, ASN, URI, User-Agent) and actions (Block, Challenge, or add Threat Score).
* Known Bot Verification. A powerful new security layer that uses reverse DNS lookups to verify legitimate crawlers like Googlebot and Bingbot. This completely neutralizes attackers who try to bypass security rules by faking their User-Agent, assigning high threat scores to impostors.
* Onboarding Setup Wizard. A brand new step-by-step wizard that guides new users through the essential security configurations (IP whitelisting, WAF, and bot traps) in under a minute, ensuring a strong security posture from day one.
* Major Refactor: Codebase Modernization. The entire plugin architecture has been refactored into a modern, modular structure. Logic for admin pages, AJAX, actions, and settings is now handled by dedicated classes, making the plugin more stable, performant, and easier to maintain and extend in the future.
* Advanced IP Spoofing Protection. A zero-trust “Trusted Proxies” system ensures the plugin always identifies the true visitor IP, even behind complex setups like Cloudflare or a custom reverse proxy. It neutralizes attacks that attempt to fake their IP, preventing block evasion and the framing of innocent users.
* Geo-Challenge. A smarter way to handle traffic from high-risk countries. Instead of a hard block, it presents a quick, invisible JavaScript challenge that stops bots but is seamless for human visitors. This reduces unwanted traffic without affecting potential legitimate users.
* ENHANCEMENT: Full Bulk-Action Support. IP management is now faster than ever. Both the Whitelist and the Blocked IPs list now support full bulk actions, allowing you to select and remove multiple entries at once, or unblock all IPs with a single click.
* Endpoint Lockdown Mode: Automatically shields wp-login.php and xmlrpc.php with a JavaScript challenge during sustained distributed attacks, preventing server overload.
* Two-Factor Authentication (2FA): Secure user accounts with industry-standard TOTP authentication, backup codes, role enforcement, and a central admin management dashboard.
* IP Trust & Threat Scoring System: An intelligent defense that assigns “threat points” to IPs for malicious actions, blocking them only when they reach a configurable score. More accurate and context-aware than simple rules.
* Attack Signature Engine (Beta): Proactively stops distributed botnet attacks by identifying and blocking the attacker’s “fingerprint” (signature) instead of just individual IPs.
* Web Application Firewall (WAF): Block malicious requests (SQLi, XSS, etc.) with a customizable ruleset.
* And much more: Rate Limiting, Country & ASN Blocking (with Spamhaus support), ASN Whitelisting, Push Notifications, Google reCAPTCHA, Honeypots, Active User Session Management, and Full WP-CLI Support.

各版本下載點

  • 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
  • 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「Advanced IP Blocker」來進行安裝。

(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。

8.6 | 8.7 | 8.1.0 | 8.2.0 | 8.2.1 | 8.3.0 | 8.3.1 | 8.3.2 | 8.3.3 | 8.3.4 | 8.3.5 | 8.3.6 | 8.3.7 | 8.3.8 | 8.3.9 | 8.4.0 | 8.4.1 | 8.4.2 | 8.4.3 | 8.4.4 | 8.4.5 | 8.5.0 | 8.5.1 | 8.5.2 | 8.5.3 | 8.5.4 | 8.5.5 | 8.5.6 | 8.5.7 | 8.5.8 | 8.5.9 | 8.6.1 | 8.6.2 | 8.6.3 | 8.6.4 | 8.6.5 | 8.6.6 | 8.6.7 | 8.6.8 | 8.6.9 | 8.7.1 | 8.7.2 | 8.7.3 | 8.7.4 | 8.7.5 | 8.8.0 | 8.8.1 | 8.8.2 | 8.8.3 | 8.8.4 | 8.8.5 | 8.8.6 | trunk | 8.5.10 | 8.5.11 | 8.5.12 | 8.5.13 | 8.5.14 | 8.5.15 | 8.6.10 | 8.6.11 | 8.4.3.1 | 8.4.4.1 | 8.4.4.2 | 8.4.4.3 | 8.4.4.4 | 8.4.4.5 | 8.4.5.1 | 8.5.3.1 | 8.5.8.1 |

延伸相關外掛(你可能也想知道)

  • CrowdSec 》注意:您必須先在伺服器上安裝 CrowdSec。安裝非常簡單。, CrowdSec 由行為偵測引擎組成,能夠阻擋傳統攻擊如憑證暴力破解、端口掃描、網站掃描等。, 基於被...。
  • LionScripts: IP Blocker Lite 》LionScripts IP Blocker for WordPress 可以讓您阻擋惡意IP位址、垃圾郵件和駭客。您可以使用手動阻擋或大量IP阻擋功能來阻止IP位址。, 通過阻擋不需要的或垃...。
  • Geo Blocker – Control Site Access by Region and IP 》總結:Geo Blocker 是一個強大的 WordPress 外掛,讓您可以根據訪客的國家和 IP 來控制訪問權限、追蹤訪問嘗試和查看分析報告,輕鬆保持控制。, , 問題與答案...。
  • Country Access Blocker 》**總結:**, Country Access Blocker 外掛讓您基於訪客國家限制或允許 WordPress 網站的訪問。, , **問題與答案:**, 1. 這個外掛提供了哪些功能?, - 可...。
  • Anti Fake Orders & IP Blocker 》總結:Anti Fake Orders & IP Blocker 這個外掛協助 WooCommerce 店家預防欺詐訂單,透過監控結帳行為模式並自動封鎖可疑活動。, , 1. 這個外掛的主要功...。
  • IP & Country Blocker Lite 》總結文案:, IP&Country Blocker Lite 是一個功能強大的 WordPress 外掛,旨在通過根據 IP 地址、國家來封鎖不需要的訪客,增強您網站的安全性。這個外掛具有...。
  • Polar Mass Advanced IP Blocker 》總結:這個 WordPress 外掛可以自動封鎖惡意 IP 地址,保護你的網站免受駭客和暴力攻擊,並與 Cloudflare 整合以提供即時安全保護。該插件提供許多方便且高效...。
  • IP Address Approval 》IP地址批准系统提供了一种简单的方式,让你允许或阻止访问你的网站,以保护你的网站不受不必要的访问者干扰。你可以在公网网站和私人网络网站上都使用IP地址...。
  • HTACCESS IP Blocker 》此外掛會將嘗試攻擊的 IP 地址加入 .htaccess 拒絕清單中。
  • Addon Submission Blocker for Gravityforms 》總結:「Addon Submission Blocker for Gravityforms」外掛可以阻擋特定的電子郵件地址、域名和IP地址來提交表單,對減少垃圾郵件和不必要的提交特別有用。, ...。
  • ClarifyIP Geo Blocking 》<!DOCTYPE html>, <html>, <head>, <title>繁體中文WP外掛介紹</title>, </head>, <body>, , <h2>總結:...。
  • Tor Blocker by Inazo 》[ZH] Tor屏蔽器, 只要您啟用它,它就會封鎖任何Tor網絡用戶對您的網站的連接。, 請僅在沒有需要從Tor網絡知道流量的商業網站上使用此外掛程式。請勿封鎖教程...。
  • Mr Blocker 》你的網站可能會收到來自特定國家的可疑流量,而這款外掛非常易於使用,只需阻擋不需要的流量,以保護你的網站安全。這是一個非常簡單的工具,只需要勾選方框...。
  • IP Blocker WP par JM Créa 》這個外掛可以在您的網站(後台和前台)封鎖任何IP地址,當一個被列入黑名單的IP地址嘗試訪問您的網站時,您可以通過電子郵件和短信(只限Free Mobile用戶)接...。
  • AIS: IP Blocker 》IP Blocker for WordPress 可以讓您封鎖惡意 IP 地址,垃圾郵件發送者和黑客。現在,您可以根據自己的條件封鎖 IP 地址。, 通過封鎖不需要的或垃圾 IP 地址,...。

文章
Filter
Mastodon