[WordPress] 外掛分享: Predax Security (formerly IPSentry)

首頁外掛目錄 › Predax Security (formerly IPSentry)
WordPress 外掛 Predax Security (formerly IPSentry) 的封面圖片
全新外掛
安裝啟用
尚無評分
4 天前
最後更新
問題解決
WordPress 5.8+ PHP 7.4+ v1.10.0 上架:2026-05-24

外掛標籤

開發者團隊

⬇ 下載最新版 (v1.10.0) 或搜尋安裝

① 下載 ZIP → 後台「外掛 › 安裝外掛 › 上傳外掛」
② 後台搜尋「Predax Security (formerly IPSentry)」→ 直接安裝(推薦)
📦 歷史版本下載

原文外掛簡介

Block VPNs, Tor users, proxies, bots, and high-risk visitors before they can attack your WordPress site.
Most WordPress attacks — brute-force logins, fake registrations, comment spam, vulnerability scans — come from anonymised connections: VPNs, open proxies, Tor exit nodes, and rented datacenter servers. Predax Security identifies those visitors the moment they arrive and stops the risky ones at the door, before they can log in, register, comment, or even load a page.
Every visitor IP is checked in real time against a continuously-updated threat intelligence database of known VPN providers, open proxies, Tor exit nodes, datacenter ranges, and web crawlers, and given a 0–100 risk score. You choose exactly what gets blocked — by category, by country, or by risk score threshold.
Privacy-first by design: on a fresh install the plugin is off by default — no visitor data is sent anywhere until you explicitly enable a protection preset via the setup wizard or the Settings → Protection tab.
Key Features

Security Dashboard — real-time overview with blocking activity chart, threat breakdown, top targeted paths, protection status, and country analysis
Real-time VPN/Proxy/Tor/Datacenter detection — checks every visitor against live threat intelligence
Risk score thresholds — block IPs above a configurable risk score (0–100)
Country geo-blocking — block or allow specific countries and regions
Login protection — block high-risk IPs from attempting to log in
Registration protection — stop fraudulent account creation
Comment protection — block spam and bot comments at source
Visitor protection — optionally check all page visitors (with 1-hour caching to minimise API calls)
XML-RPC & REST API protection — extend blocking to XML-RPC calls and REST API requests
Disposable email blocking — reject registrations using throwaway email services
Custom block page — show a branded 403 page instead of the default WordPress error
Whitelist/blacklist — override decisions for individual IPs or CIDR ranges
Threat log — view and export all blocked events with IP, reason, and timestamp
Event tracking — log successful checks for audit and analytics
Settings import/export — back up and restore your configuration as a JSON file
WP-CLI commands — manage whitelists, blacklists, and run IP tests from the command line

Free Tier
Sign up at predax.io for a free API key. The free plan includes:

1,000 IP checks per day
5,000 IP checks per month
VPN, proxy, Tor, and datacenter detection
Country and region data

No credit card required.
More Power With Paid Plans
The free tier is plenty for small sites, but busier sites use up the included checks faster. Paid plans raise the monthly limit from 5,000 up to 25,000–25,000,000 IP checks, with higher request rates and bulk lookups. The dashboard shows your live usage each month, so you can see exactly when it’s time to upgrade — same plugin, same settings, just a bigger allowance on your existing API key.
How It Works

You install the plugin, enter an API key, and pick a protection preset during the Setup Wizard (or enable individual protections from Settings → Protection). This is the explicit opt-in — no data leaves the site until you do this.
A visitor makes a request to your site.
Predax checks their IP against the threat intelligence API (results cached for 1 hour per IP).
If the risk score exceeds your threshold, the visitor is blocked with a configurable message.
All block events are logged in the WordPress database for review.

WP-CLI Commands
wp ipsentry status — show current configuration and threat counts
wp ipsentry test-ip — run a live API check on any IP
wp ipsentry whitelist add — add an IP or CIDR to the whitelist
wp ipsentry whitelist remove — remove from whitelist
wp ipsentry blacklist add — add an IP or CIDR to the blacklist
wp ipsentry log --limit=20 — view recent threat log entries

Third Party Services
This plugin connects to external services. By installing and activating this plugin you agree to the terms of each service you enable.
Predax API
This plugin transmits visitor IP addresses to the Predax API (https://predax.io) for real-time threat detection and risk scoring.
What is sent: The visitor’s IP address, and optionally their timezone (when timezone mismatch detection is enabled and visitor protection is active).
When it is sent: On each page load, login attempt, registration, or comment submission, subject to your configured protection settings. Results are cached for 1 hour so repeat visits by the same IP do not generate additional API calls.
Who operates the service: Predax (predax.io)
Terms of Service: https://predax.io/terms
Privacy Policy: https://predax.io/privacy
Account Usage Lookup (admin pages only)
Used to show the “API Usage” meter on the plugin dashboard, and only when an API key is saved.
What is sent: your Predax API key (as the authentication header). No visitor data is sent.
When it is sent: when an administrator views the Predax Security dashboard. The result is cached for 1 hour, so at most one lookup per hour regardless of admin page views.
Endpoint: GET https://predax.io/api/v1/auth/usage
Privacy Policy: https://predax.io/privacy
Community Threat Network (opt-in, disabled by default)
The Community Threat Network is opt-in and disabled by default. No block or monitor events are sent to the community network unless you enable it yourself in Settings → Predax Security → Advanced.
When — and only when — you explicitly enable it, anonymised block and monitor events (containing: IP address, action taken, block reason, country code, and risk score) are sent to the Predax API at predax.io. This data is used to build a shared threat database that improves detection accuracy for all sites in the network. You can turn community reporting back off at any time in the same settings screen.
Google reCAPTCHA
When reCAPTCHA v3 is enabled (Settings → Protection → reCAPTCHA), this plugin loads the reCAPTCHA script from google.com and sends form submission tokens to google.com/recaptcha for verification. Google may collect data according to their privacy policy. You must provide your own reCAPTCHA site key and secret key.
Google Privacy Policy: https://policies.google.com/privacy
reCAPTCHA Terms: https://policies.google.com/terms
Browser Fingerprinting
When browser fingerprint scoring is enabled (Settings → Protection → Fingerprint Scoring), this plugin collects screen resolution, timezone, platform string, WebGL renderer, and plugin count from the visitor’s browser on the login page. Fingerprint data is used locally to score bot likelihood and is stored in WordPress only while the login form is being submitted, then discarded. The visitor’s timezone may be included in the API request to detect timezone mismatch when that feature is enabled.
Cookies set by this plugin
All cookies set by this plugin are functional service cookies, not tracking cookies, and are only written when the relevant feature is explicitly enabled by the site administrator:

ipsentry_tz — carries the visitor’s browser timezone to the Predax API when timezone-mismatch detection is active. Written from ipsentry-tz.js on the front-end. Expires after 24 hours. SameSite=Lax. Only set when an API key is configured AND visitor or login protection is enabled.
ips_jsc — JavaScript challenge solve token. Written from js-challenge.js when a visitor passes the challenge. Expires after 24 hours. SameSite=Lax. Only set when the JavaScript Challenge feature is enabled.

No tracking or advertising cookies are written by this plugin.
By activating this plugin and entering an API key, you agree to the Predax Terms of Service and Privacy Policy. You are responsible for ensuring your use of visitor IP data complies with applicable privacy laws (GDPR, CCPA, etc.) and your own site’s privacy policy.

延伸相關外掛

文章
Filter
Apply Filters
Mastodon