3.0.2 Release Note

I know IP Geo Block still has some compatibility issues between 2.2.9.1 and 3.0.0. So I’ve dedicated my time and energy in solving them. In this release note, I’d introduce some of them that have been solved along with some new features.

New feature: Exceptions for Admin ajax/post

The most frequent claim I’ve received in support forum is undesired blocking against some admin jobs on dashboard especially when you enable “Prevent Zero-day Exploit” named “WP-ZEP”.

Undesired blocking

Most of the cases can be solved by applying custom filter hook ip-geo-block-bypass-admins to bypass WP-ZEP. But you have to find the blocked pages or actions on “Logs” tab. Then you also have to put some awkward code snippet into the functions.php.

Blocked request in logs

From this release, you can just pick up actions in “Exceptions” at “Admin ajax/post” in order to avoid undesired blocking instead of tweaking your functions.php.

Exceptions for Admin ajax/post

Note that if you check an action that has only locked icon emoji, “Prevent Zero-day Exploit” will be bypassed while “Block by country” will be still in effective. And in case you check an action that has unlocked icon emoji, “Block by country” will be bypassed.

Even both cases, the validation of “Bad signature” is still in effective.

Improvement: Disabling limit login attempts

In the previous version, when you enabled “Block by country” for “Login form”, limiting the number of login attempts was also enabled, and the lock out period would be the same as of the cache of IP address (1 hour by default). So you could not configure the expiry period individually.

Now, you can disable “limit login attempts” of this plugin so that you can use other preferred plugin.

Max number of failed login attempts

There were also issues related to the failure of downloading geolocation DBs. For your convenience against such cases, the links to the download pages are added so that you can manually download them easily by your self.

Download link of geolocation database

Trial feature: Action hook ip-geo-block-send-sesponse

Action hook ip-geo-block-send-sesponse will be called just before sending HTTP status code and message when blocking happens.

/**
 * @param string $hook        "comment", "login", "xmlrpc", "admin", "public"
 * @param int    $status_code HTTP status code
 * @param array  $validation  "ip": IP address, "code": country code, "result": blocking reason
 */
do_action( 'ip-geo-block-send-response', $hook, $status_code, $validation );

This can be used to send message via syslog so that it can be notified by fail2ban to add rules into the system firewall like iptables.

function my_send_response( $hook, $status_code, $validation ) {
    syslog( LOG_NOTICE, ... );
}
add_action( 'ip-geo-block-send-response', 'my_send_response' );

As with WP fail2ban, this feature has a huge potential for expansion so as to massively reduce the load on your server. So I’ll provide an official support in the future!

Need your cooperation

Please feel free to post your issues at support forum what ever those are. Your contribution would give me a chance to improve this plugin.

Thanks for reading to the end emoji .