前言介紹
- 這款 WordPress 外掛「IP Location Block」是 2021-05-16 上架。
- 目前有 10000 個安裝啟用數。
- 上一次更新是 2025-03-07,距離現在已有 57 天。
- 外掛最低要求 WordPress 3.7 以上版本才可以安裝。
- 有 29 人給過評分。
- 論壇上目前有 1 個提問,問題解答率 0%
外掛協作開發者
darkog |
外掛標籤
block | country | ip address | geolocation | ip geo block |
內容簡介
ip位置封鎖外掛能夠根據訪問者的位置封鎖訪問,同時保護你的網站免於惡意攻擊。該外掛提供智能而強大的保護方法,稱為「WP零日漏洞預防」和「WP元數據漏洞保護」。
結合這些方法和IP地址地理位置,你會驚訝地發現在安裝後幾天,這個外掛的日誌中會被阻止許多惡意或不需要的訪問。
注意:本外掛基於現已被遺棄的"IP Geo Block"外掛開發,並修復和改進了整個代碼庫中的各種問題。
功能
設計隱私:
IP地址在記錄日誌/緩存時始終加密。此外,它可匿名化並限制發送到第三方,例如地理位置API或whois服務。
移民控制:
根據IP地址的國家代碼驗證對後端的基本入口和重要入口,例如wp-comments-post.php xmlrpc.php wp-login.php wp-signup.php wp-admin/admin.php wp-admin/admin-ajax.php wp-admin/admin-post.php。它允許您配置白名單或黑名單來指定國家、CIDR表示法用於一個IP地址範圍和AS號用於一個IP網絡組。
零日漏洞預防:
與基於攻擊模式(向量)的其他安全防火墻不同,原版功能"WordPress零日漏洞預防(WP-ZEP)"專注於漏洞模式。它簡單但智能而強大,可阻止來自許可國家的wp-admin/*.php plugins/*.php和themes/*.php的任何惡意訪問。即使您的網站中有一些有漏洞的插件和主題,它也能保護您的網站免受某些攻擊,如CSRF、LFI、SQLi、XSS等。
防止登錄嘗試:
為了防止通過登錄表單和XML-RPC的破解和反向破解攻擊,每個IP地址的登錄嘗試次數將受到限制,包括來自允許的國家。
減少暴力攻擊對服務器的負載:
您可以將此外掛配置為"必須使用插件",以便在常規插件之前加載此外掛。它可以大量減少服務器的負載。
防止惡意下載/上傳:
可以封鎖類似於通過易受攻擊的插件/主題暴露wp-config.php或上傳惡意軟件的惡意請求。
阻止行為不良的機器人和爬蟲程序:
一個簡單的邏輯可能有助於減少留下垃圾爬取您的網站的機器人和爬蟲程序的數量。
支持BuddyPress和bbPress:
您可以將此外掛配置為註冊用戶可以作為成員登錄。
原文外掛簡介
IP Location Block plugin that allows you to block access to your site based on the visitor location while also keeping your site safe from malicious attacks. The plugin brings a smart and powerful protection methods named as “WP Zero-day Exploit Prevention” and “WP Metadata Exploit Protection“.
Combined with those methods and IP address geolocation, you’ll be surprised to find a bunch of malicious or undesirable access blocked in the logs of this plugin after several days of installation.
Note: This plugin is based on the now abandoned “IP Geo Block” plugin by tokkonopapa. I fixed various issues and improved the overall codebase.
Features
Native Geo-Location Provider
IP Location Block provides Native Geo-Location Provider that is faster, more secure and provides the needed precision for matching CITY and STATE besides the standard COUNTRY matching.
Privacy by design:
IP address is always encrypted on recording in logs/cache. Moreover, it can be anonymized and restricted on sending to the 3rd parties such as geolocation APIs or whois service.
Immigration control:
Access to the basic and important entrances into back-end such as wp-comments-post.php, xmlrpc.php, wp-login.php, wp-signup.php, wp-admin/admin.php, wp-admin/admin-ajax.php, wp-admin/admin-post.php will be validated by means of a country code based on IP address. It allows you to configure either whitelist or blacklist to specify the countires, CIDR notation for a range of IP addresses and AS number for a group of IP networks.
Zero-day Exploit Prevention:
Unlike other security firewalls based on attack patterns (vectors), the original feature “WordPress Zero-day Exploit Prevention” (WP-ZEP) is focused on patterns of vulnerability. It is simple but still smart and strong enough to block any malicious accesses to wp-admin/*.php, plugins/*.php and themes/*.php even from the permitted countries. It will protect your site against certain types of attack such as CSRF, LFI, SQLi, XSS and so on, even if you have some vulnerable plugins and themes in your site.
Guard against login attempts:
In order to prevent hacking through the login form and XML-RPC by brute-force and the reverse-brute-force attacks, the number of login attempts will be limited per IP address even from the permitted countries.
Minimize server load against brute-force attacks:
You can configure this plugin as a Must Use Plugins so that this plugin can be loaded prior to regular plugins. It can massively reduce the load on server.
Prevent malicious down/uploading:
A malicious request such as exposing wp-config.php or uploading malwares via vulnerable plugins/themes can be blocked.
Block badly-behaved bots and crawlers:
A simple logic may help to reduce the number of rogue bots and crawlers scraping your site.
Support of BuddyPress and bbPress:
You can configure this plugin so that a registered user can login as a membership from anywhere, while a request such as a new user registration, lost password, creating a new topic and subscribing comment can be blocked by country. It is suitable for BuddyPress and bbPress to help reducing spams.
Referrer suppressor for external links:
When you click an external hyperlink on admin screens, http referrer will be eliminated to hide a footprint of your site.
Multiple source of IP Geolocation databases:
Besides the Native Geo-Location provider, this plugin supports MaxMind GeoLite2 free databases and IP2Location LITE databases. Also free Geolocation REST APIs and whois information can be available for audit purposes.
Father more, dedicated API class libraries can be installed for CloudFlare and CloudFront as a reverse proxy service.
Customizing response:
HTTP response code can be selectable as 403 Forbidden to deny access pages, 404 Not Found to hide pages or even 200 OK to redirect to the top page.
You can also have a human friendly page (like 404.php) in your parent/child theme template directory to fit your site design.
Validation logs:
Validation logs for useful information to audit attack patterns can be manageable.
Cooperation with full spec security plugin:
This plugin is lite enough to be able to cooperate with other full spec security plugin such as Wordfence Security. See this report about page speed performance.
Extendability:
You can customize the behavior of this plugin via add_filter() with pre-defined filter hook. See various use cases in samples.php bundled within this package.
You can also get the extension IP Geo Allow by Dragan. It makes admin screens strictly private with more flexible way than specifying IP addresses.
Self blocking prevention and easy rescue:
Website owners do not prefer themselves to be blocked. This plugin prevents such a sad thing unless you force it. And futhermore, if such a situation occurs, you can rescue yourself easily.
Clean uninstallation:
Nothing is left in your precious mySQL database after uninstallation. So you can feel free to install and activate to make a trial of this plugin’s functionality.
Documentation
Documentation and more information can always be found on our plugin website.
Attribution
This package includes GeoLite2 library distributed by MaxMind, available from MaxMind, and also includes IP2Location open source libraries available from IP2Location.
Also thanks for providing the following services and REST APIs for free.
http://geoiplookup.net/ (IPv4, IPv6 / free)
https://ipinfo.io/ (IPv4, IPv6 / free)
https://ipapi.com/ (IPv4, IPv6 / free, need API key)
https://ipstack.com/ (IPv4, IPv6 / free, need API key)
https://ipinfodb.com/ (IPv4, IPv6 / free, need API key)
Development
Development of this plugin happens at IP Location Block – GitHub
All contributions will always be welcome.
Known issues
From WordPress 4.5, rel=nofollow had no longer be attached to the links in comment_content. This change prevents to block “Server Side Request Forgeries” (not Cross Site but a malicious internal link in the comment field).
WordPress.com Mobile App can’t execute image uploading because of its own authentication system via XMLRPC.
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「IP Location Block」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
1.0.0 | 1.0.1 | 1.0.2 | 1.0.3 | 1.0.4 | 1.0.5 | 1.0.6 | 1.0.7 | 1.1.0 | 1.1.1 | 1.1.2 | 1.1.3 | 1.1.5 | 1.2.0 | 1.2.1 | 1.2.2 | 1.2.3 | 1.3.0 | 1.3.1 | 1.3.2 | 1.3.3 | 1.3.4 | trunk |
延伸相關外掛(你可能也想知道)
Country Based Payments for WooCommerce 》這款外掛可以讓您選擇哪些付款閘道應該在特定國家或多個國家中提供。, 如果您需要將某些付款閘道提供給所有國家,請不要設置相關選項。, 此 WooCommerce 外掛...。
Admin Block Country 》這是一個易於使用的外掛程序,可通過國家地區屏蔽您的 WordPress 管理區。它使用 geoip-api-php 作為庫,以確定訪問者的國家。。
SVG Flags – Beautiful Scalable Flags For All Countries! 》SVG Flags of the world 可以讓您在幾秒內在WordPress網站上添加高質量的美麗旗幟。您可以以任何比例顯示一個或多個旗幟,而不會失去品質並且具有固定的長寬...。
Product Visibility by Country for WooCommerce 》「Product Visibility by Country for WooCommerce」外掛可讓你依據客戶的國家,決定是否顯示/隱藏 WooCommerce 的商品。外掛會自動透過 IP偵測客戶所在地。,...。
Polylang – Country Detection 》Polylang 多語言外掛是一個完美的 WordPress 插件。使用 Polylang 擴展可以根據訪問者國家來偵測其首選語言。, 如果您的網站使用相同語言但不同區域 (例如德...。
IP Locator 》定位器是 WordPress 的國家和語言檢測工具。它快速、可靠且即插即用。, 它可以檢測和呈現每位訪客的國家、主要語言和國旗。它提供:, , 強大、準確和超快速的...。
country-redirect 》這個外掛對於像 Alfa Romeo、Bosch、Biir 和 Siemens 這樣的公司和擁有不同網站的部落格(針對來自不同國家的非登入訪客)非常有用。, 它在 WordPress 的管理...。
Advanced Country Blocker 》總結:Advanced Country Blocker 外掛能夠透過依據訪客的地理位置(國家)或IP位址來限制存取,進而幫助您加強 WordPress 網站的安全性。提供多項功能,包括自...。
WooCommerce Sales by Country 》WooCommerce Sales by Country 是一個外掛,可以添加一個報告頁面,顯示特定國家的產品銷售報告。這個外掛還帶有一個額外的報告頁面,讓您可以按國家顯示銷售...。
WooCommerce Country Based Bank Accounts 》這是一個 WooCommerce 擴充套件,允許您將 BACS(直接銀行轉帳)銀行帳戶分配給不同的國家。根據選擇的帳單國家,只有相應的銀行帳戶才會顯示在「感謝您」頁...。
Country Caching For WP Super Cache 》由於個人情況,我無法再開發或支援此外掛。如果您有興趣接手此外掛,請參閱 https://developer.wordpress.org/plugins/wordpress-org/take-over-an-existing-...。
Category Country Aware WordPress 》由於個人原因,我不能再繼續開發或支援此外掛。如果您有興趣接手此外掛,請參閱 https://developer.wordpress.org/plugins/wordpress-org/take-over-an-exist...。
ACF City Selector 》ACF城市選擇器是進階自訂欄位外掛Advanced Custom Fields的擴充套件,它會新增一個欄位,讓你可以選擇城市,依據所在的國家和省份/州。, 新增欄位, 3個下拉式...。
WP Country 》使用 WP Country 外掛程式在你的佈景主題或插件中,請在你的佈景主題或插件 PHP 檔中添加 global $wp_country;,, 然後:, , , $wp_country->countries_li...。
World Flag 》World Flag 是一個 WordPress 國旗外掛程式,可以讓作者透過 shortcode 方便地在文章或頁面中加入國旗。, 此外掛已新增了 Tinymce 編輯器按鈕,讓使用者只需...。