GranTech IP Firewall for AbuseIPDB

GranTech IP Firewall for AbuseIPDB connects your WordPress installation to the community-driven AbuseIPDB database to automatically detect, block, and report abusive IP addresses before they can cause damage.

Key Features

• Real-time IP checks — Queries the AbuseIPDB API on sensitive endpoints (login, XML-RPC, comments).
• Automatic blocking — IPs exceeding the configured abuse score threshold are blocked instantly.
• Brute-force protection — Detects brute-force attacks on wp-login.php and XML-RPC and blocks the offending IP after N failed attempts.
• Automatic reporting — Reports aggressive IPs to AbuseIPDB (Brute-Force category) to contribute back to the community database.
• Smart caching — Caches API responses to minimise daily quota consumption.
• Whitelist support — Exempt individual IPs or CIDR ranges from checks.
• Admin dashboard — 30-day statistics, activity chart, and top offending IPs at a glance.
• Event log — Full history of all events, filterable by IP and event type.
• Manual blocklist — Block and unblock IPs manually from the admin panel.
• Automatic cleanup — Hourly cron job purges expired blocks and logs older than 90 days.
• Cloudflare support — Automatically reads the CF-Connecting-IP header to get the real visitor IP.

How It Works

1. When an IP accesses a sensitive endpoint (login, XML-RPC, comment submission), the plugin queries the AbuseIPDB API.
2. If the abuse confidence score meets or exceeds the configured threshold (default 50/100), the IP is blocked automatically.
3. If multiple failed login attempts are detected from the same IP, it is blocked and reported to AbuseIPDB as a brute-force attack.
4. All events are recorded in the admin dashboard.

API Requirements

A free account at abuseipdb.com is required. The free plan includes 1,000 checks per day, which is sufficient for most sites when combined with the built-in caching system.

External Services

This plugin connects to the AbuseIPDB API (https://api.abuseipdb.com/api/v2/) to check and report IP addresses.

What is AbuseIPDB? AbuseIPDB is a community-driven project that maintains a database of IP addresses reported for abusive behavior (spam, hacking, brute-force attacks, etc.). This plugin uses their public API to protect your WordPress site.

What data is sent and when?

• IP address check: When a visitor accesses a sensitive endpoint (wp-login.php, xmlrpc.php, comment submission), the visitor’s IP address is sent to AbuseIPDB to retrieve its abuse confidence score. This only happens when the endpoint is accessed — not on regular page visits.
• IP address report: When a brute-force attack is detected (configurable number of failed login attempts), the offending IP address is reported to AbuseIPDB along with a description of the attack and your site’s URL. Reporting can be disabled in the plugin settings.

No personal data other than IP addresses is ever transmitted to AbuseIPDB.

• AbuseIPDB Terms of Service and Privacy Policy: https://www.abuseipdb.com/legal

Privacy Policy

This plugin stores visitor IP addresses in the local WordPress database for the purpose of security logging and blocking. IP addresses are personal data under GDPR.

• What is stored: IP addresses, associated ISP, country, and event type (e.g. blocked, failed login).
• Why: To protect the site from malicious activity and brute-force attacks.
• How long: Log entries are automatically deleted after 90 days. Block entries expire based on the configured duration.
• Third parties: IP addresses may be sent to AbuseIPDB (https://www.abuseipdb.com) for reputation checks and reporting. See the External Services section for details.
• User rights: Site administrators can view and delete all stored data from the plugin’s admin panel or by uninstalling the plugin.