WordPress.org

فارسی

دریافت وردپرس
WordPress.org

Plugin Directory

GranTech IP Firewall for AbuseIPDB

GranTech IP Firewall for AbuseIPDB

توسط Marc Gran
دانلود

توضیحات

GranTech IP Firewall for AbuseIPDB connects your WordPress installation to the community-driven AbuseIPDB database to automatically detect, block, and report abusive IP addresses before they can cause damage.

Key Features

  • Real-time IP checks — Queries the AbuseIPDB API on sensitive endpoints (login, XML-RPC, comments).
  • Automatic blocking — IPs exceeding the configured abuse score threshold are blocked instantly.
  • Brute-force protection — Detects brute-force attacks on wp-login.php and XML-RPC and blocks the offending IP after N failed attempts.
  • Automatic reporting — Reports aggressive IPs to AbuseIPDB (Brute-Force category) to contribute back to the community database.
  • Smart caching — Caches API responses to minimise daily quota consumption.
  • Whitelist support — Exempt individual IPs or CIDR ranges from checks.
  • Admin dashboard — 30-day statistics, activity chart, and top offending IPs at a glance.
  • Event log — Full history of all events, filterable by IP and event type.
  • Manual blocklist — Block and unblock IPs manually from the admin panel.
  • Automatic cleanup — Hourly cron job purges expired blocks and logs older than 90 days.
  • Cloudflare support — Automatically reads the CF-Connecting-IP header to get the real visitor IP.

How It Works

  1. When an IP accesses a sensitive endpoint (login, XML-RPC, comment submission), the plugin queries the AbuseIPDB API.
  2. If the abuse confidence score meets or exceeds the configured threshold (default 50/100), the IP is blocked automatically.
  3. If multiple failed login attempts are detected from the same IP, it is blocked and reported to AbuseIPDB as a brute-force attack.
  4. All events are recorded in the admin dashboard.

API Requirements

A free account at abuseipdb.com is required.
The free plan includes 1,000 checks per day, which is sufficient for most sites when combined with the built-in caching system.

External Services

This plugin connects to the AbuseIPDB API (https://api.abuseipdb.com/api/v2/) to check and report IP addresses.

What is AbuseIPDB?
AbuseIPDB is a community-driven project that maintains a database of IP addresses reported for abusive behavior (spam, hacking, brute-force attacks, etc.). This plugin uses their public API to protect your WordPress site.

What data is sent and when?

  • IP address check: When a visitor accesses a sensitive endpoint (wp-login.php, xmlrpc.php, comment submission), the visitor’s IP address is sent to AbuseIPDB to retrieve its abuse confidence score. This only happens when the endpoint is accessed — not on regular page visits.
  • IP address report: When a brute-force attack is detected (configurable number of failed login attempts), the offending IP address is reported to AbuseIPDB along with a description of the attack and your site’s URL. Reporting can be disabled in the plugin settings.

No personal data other than IP addresses is ever transmitted to AbuseIPDB.

  • AbuseIPDB Terms of Service and Privacy Policy: https://www.abuseipdb.com/legal

Privacy Policy

This plugin stores visitor IP addresses in the local WordPress database for the purpose of security logging and blocking. IP addresses are personal data under GDPR.

  • What is stored: IP addresses, associated ISP, country, and event type (e.g. blocked, failed login).
  • Why: To protect the site from malicious activity and brute-force attacks.
  • How long: Log entries are automatically deleted after 90 days. Block entries expire based on the configured duration.
  • Third parties: IP addresses may be sent to AbuseIPDB (https://www.abuseipdb.com) for reputation checks and reporting. See the External Services section for details.
  • User rights: Site administrators can view and delete all stored data from the plugin’s admin panel or by uninstalling the plugin.

نصب

  1. Upload the grantech-ip-firewall-for-abuseipdb folder to the /wp-content/plugins/ directory.
  2. Activate the plugin through the Plugins menu in WordPress.
  3. Go to GranTech IP Firewall Settings and paste your AbuseIPDB API key.
  4. Adjust the score threshold and brute-force parameters to suit your needs.
  5. Done — your site is now protected.

Recommended Settings

  • Block threshold: 50 (blocks IPs with >50% abuse probability)
  • Block duration: 24 hours
  • Attempts before block: 5
  • Time window: 10 minutes
  • API cache: 60 minutes
  • Report brute-force: Enabled

سوالات متداول

Do I need a paid AbuseIPDB account?

No. The free plan includes 1,000 checks per day, which is more than enough for most sites when the caching system is enabled.

Will it block legitimate users?

The plugin only queries the API on sensitive endpoints (login, XML-RPC, comments), not on every page visit. You can also add your own IP or CIDR ranges to the whitelist to prevent accidental blocks. It is recommended to add your IP before activating the plugin.

What if my IP gets blocked?

You can log into the admin panel and remove the IP from GranTech IP Firewall Blocklist. If you cannot access the admin panel, add your IP to the whitelist directly in the database: UPDATE wp_options SET option_value = 'a:1:{i:0;s:X:"YOUR.IP.HERE";}' WHERE option_name = 'granipfi_whitelist';

Is it compatible with Cloudflare?

Yes. The plugin automatically detects the CF-Connecting-IP header from Cloudflare to obtain the real visitor IP.

Does it work with WooCommerce?

Yes. The plugin does not interfere with the checkout process. It only acts on authentication endpoints and comment submissions.

Can I block IPs manually?

Yes. From GranTech IP Firewall Blocklist you can add any IP with a custom reason. Manual blocks are permanent by default.

How do I uninstall cleanly?

Deactivate and delete the plugin from the WordPress admin panel. All database tables (wp_abuseipdb_log and wp_abuseipdb_blocklist) and options are removed automatically via uninstall.php.

نقد و بررسی‌ها

نقد و بررسی‌ای برای این افزونه یافت نشد.

توسعه دهندگان و همکاران

“GranTech IP Firewall for AbuseIPDB” نرم افزار متن باز است. افراد زیر در این افزونه مشارکت کرده‌اند.

مشارکت کنندگان

ترجمه “GranTech IP Firewall for AbuseIPDB” به زبان شما.

علاقه‌ مند به توسعه هستید؟

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

گزارش تغییرات

1.0.1

  • Fix: Blocklist page showing empty despite IPs being blocked — fixed by adding automatic DB table creation/repair on every plugin load.
  • Fix: Added DB version check (granipfi_db_version) to ensure tables are always present and up to date after updates or migrations.
  • Improvement: Added database repair tool in Settings page for manual recovery.
  • Fix: Admin panel title text color now correctly displays white on dark background.
  • Accessibility: Added aria-hidden=”true” to all decorative dashicons.
  • Accessibility: Added scope=”col” to all table header cells (17 instances).
  • Accessibility: Added aria-label to all data tables.
  • Accessibility: Added aria-live=”polite” and aria-atomic to AJAX result region.
  • Accessibility: Added role=”status” to success notices and role=”alert” to error notices.
  • Accessibility: Added aria-busy state to Verify IP button during async requests.
  • Accessibility: Replaced with on IP check input field.
  • Accessibility: Added for= attribute to filter labels in event log.
  • Accessibility: Added aria-describedby to all settings form fields.
  • Accessibility: All font sizes increased to minimum 12px (previously 10-11px).
  • Accessibility: Removed outline:none from focus states — now shows visible 2px blue outline.
  • Accessibility: Fixed focus-visible selector pointing to non-existent .shield-field class.
  • Accessibility: Added focus and focus-visible styles for all interactive elements.
  • Accessibility: Added border to score badges and event chips (non-color visual cue, WCAG 1.4.1).
  • Accessibility: Added text-decoration:underline to pagination links (WCAG 1.4.1).
  • Accessibility: Improved color contrast ratio of muted text: #8b949e #a0aab8 (~5.2:1).
  • Accessibility: Added prefers-reduced-motion support — disables transitions/animations.
  • Accessibility: Added forced-colors (Windows High Contrast) support with borders and forced-color-adjust.
  • Accessibility: Added minimum touch target size 44x44px to buttons and pagination links (WCAG 2.5.8).
  • Accessibility: Added screen-reader-text utility class (WordPress standard).

1.0.0

  • Initial release.
  • Real-time IP checks against the AbuseIPDB v2 API.
  • Automatic blocking based on configurable score threshold.
  • Brute-force protection for wp-login.php and XML-RPC.
  • Automatic reporting of aggressive IPs to AbuseIPDB.
  • Admin dashboard with statistics and activity chart.
  • Event log with filters.
  • Manual blocklist with configurable expiry.
  • Whitelist with CIDR range support.
  • API response caching via WordPress transients.
  • Cloudflare and reverse proxy support.
  • Spanish (es_ES) translation included.

اطلاعات

امتیازها

هنوز هیچ نقدی ارسال نشده است.

Your review

مشاهده همه بررسی‌ها

مشارکت کنندگان

پشتیبانی

چیزی برای گفتن دارید؟ نیاز به کمک دارید؟

مشاهده انجمن پشتیبانی