Advanced IP Blocker
Advanced IP Blocker is your all-in-one security solution to safeguard your WordPress website from a wide range of threats. This plugin provides a comprehensive suite of tools to automatically detect and block malicious activity, including brute-force attacks, vulnerability scanning, and spam bots. With its intuitive interface, you can easily manage whitelists, blocklists, and view detailed security logs to understand exactly how your site is being protected.
Important Note on PHP Version: To ensure maximum security and access to all features, we strongly recommend using PHP 8.1 or higher. Some advanced features (like the local MaxMind database or full 2FA management via WP-CLI) require PHP 8.1.
Key Features:
* NEW: Server IP Reputation Check. Instantly audit your web server’s IP address against major blacklists (Spamhaus, AbuseIPDB) to diagnose SEO and email delivery issues.
* **NEW: HTTP Security Headers. Easily configure essential security headers like HSTS, X-Frame-Options, and Permissions-Policy to harden your site against clickjacking, sniffing, and other browser-based attacks. Includes a “Report-Only” mode for CSP.
* NEW: Site Health & Vulnerability Scanner. Audit your WordPress environment instantly. Detects outdated plugins, insecure PHP versions, and checks your installed plugins against a database of 30,000+ known vulnerabilities.
* **PERFORMANCE BOOST: High-Speed Community Database. Migrated the “Community Defense Network” blocklist to a dedicated, indexed database table. This allows checking thousands of malicious IPs in microseconds with zero impact on site memory usage.
* **WordPress 6.9 Ready. Fully tested and compatible with the latest WordPress core update.
* **NEW: Community Defense Network. Join forces with other WordPress admins. The plugin now shares anonymous attack data to build a global, real-time blocklist of verified threats. Protect your site with community-powered intelligence.
* **NEW: Auto-Cleaning Logic. Smart expiration handling ensures your blocklists stay fresh and performant, automatically removing stale IPs from both the database and external firewalls (Cloudflare/.htaccess).
* **NEW: Cloud Edge Defense (Cloudflare). Connect your site directly to Cloudflare’s global network. Automatically sync your blocklists to the cloud to stop attackers before they reach your server. Zero server load protection.
* **NEW: Server-Level Firewall (.htaccess). Extreme performance upgrade. Write blocking rules and file hardening protections directly to your .htaccess file. Blocks threats instantly without loading PHP or WordPress.
* **NEW: IMPROVED: Smart Bot Verification. Enhanced logic to correctly identify legitimate traffic from iOS devices (iCloud Private Relay) and social media previews, eliminating false positives while keeping impostors out.
* **NEW: File Hardening. Protect your most sensitive files (wp-config.php, readme.html, .git) at the server level with a single click.
* NEW: AbuseIPDB Integration. Proactively block attackers before they strike. The plugin can now check visitor IPs against AbuseIPDB’s real-time, crowdsourced database of malicious IPs and block those with a high abuse score on their very first request.
* Edge Firewall Mode! Protect any PHP file or standalone application within your WordPress directory (even if it’s not part of WordPress). Ideal for securing custom scripts, legacy applications, or folders like /scan/. (Requires manual configuration).
* Advanced Rules Engine! Create powerful, custom security rules with multiple conditions (IP, Country, ASN, URI, User-Agent) and actions (Block, Challenge, or add Threat Score).
* Known Bot Verification. A powerful new security layer that uses reverse DNS lookups to verify legitimate crawlers like Googlebot and Bingbot. This completely neutralizes attackers who try to bypass security rules by faking their User-Agent, assigning high threat scores to impostors.
* Onboarding Setup Wizard. A brand new step-by-step wizard that guides new users through the essential security configurations (IP whitelisting, WAF, and bot traps) in under a minute, ensuring a strong security posture from day one.
* Major Refactor: Codebase Modernization. The entire plugin architecture has been refactored into a modern, modular structure. Logic for admin pages, AJAX, actions, and settings is now handled by dedicated classes, making the plugin more stable, performant, and easier to maintain and extend in the future.
* Advanced IP Spoofing Protection. A zero-trust “Trusted Proxies” system ensures the plugin always identifies the true visitor IP, even behind complex setups like Cloudflare or a custom reverse proxy. It neutralizes attacks that attempt to fake their IP, preventing block evasion and the framing of innocent users.
* Geo-Challenge. A smarter way to handle traffic from high-risk countries. Instead of a hard block, it presents a quick, invisible JavaScript challenge that stops bots but is seamless for human visitors. This reduces unwanted traffic without affecting potential legitimate users.
* ENHANCEMENT: Full Bulk-Action Support. IP management is now faster than ever. Both the Whitelist and the Blocked IPs list now support full bulk actions, allowing you to select and remove multiple entries at once, or unblock all IPs with a single click.
* Endpoint Lockdown Mode: Automatically shields wp-login.php and xmlrpc.php with a JavaScript challenge during sustained distributed attacks, preventing server overload.
* Two-Factor Authentication (2FA): Secure user accounts with industry-standard TOTP authentication, backup codes, role enforcement, and a central admin management dashboard.
* IP Trust & Threat Scoring System: An intelligent defense that assigns “threat points” to IPs for malicious actions, blocking them only when they reach a configurable score. More accurate and context-aware than simple rules.
* Attack Signature Engine (Beta): Proactively stops distributed botnet attacks by identifying and blocking the attacker’s “fingerprint” (signature) instead of just individual IPs.
* Web Application Firewall (WAF): Block malicious requests (SQLi, XSS, etc.) with a customizable ruleset.
* And much more: Rate Limiting, Country & ASN Blocking (with Spamhaus support), ASN Whitelisting, Push Notifications, Google reCAPTCHA, Honeypots, Active User Session Management, and Full WP-CLI Support.