Normally, a plugin will be loaded at a certain phase during WordPress boot
process and will typically do its jobs after init
action hook. It means
that a plugin will be kept waiting until almost all plugins have finished to
be loaded.
But it’s wasteful to give spams and attackers those resources of your server.
The “Validation timing” at “Validation rule settings” can help to drastically reduce load on server especially against brute-force attacks.
When you select this mode as “Validation timing”, this plugin will install
ip-geo-block-mu.php
into your /wp-content/mu-plugins/
which is for
must-use plugins. It means that this plugin will be loaded and
execute validation prior to other typical plugins.
Note that in case of multisite, ip-geo-block-mu.php
will be called on every
site but doesn’t affect a site where IP Geo Block is not activated.
As you can find the order of execution in action reference, mu-plugins are processed prior to theme setup. Consequently, the following two restrictions would be raised.
Custom filter hooks in functions.php
does not work
It is bacause the functions.php
in the theme folder would not have been
parsed when this plugin do its jobs. In this case, you must put your own
code into drop-in.php
which should be placed in the geolocation database
folder. You can find drop-in-sample.php
as a sample in this plugin’s
folder, i.e. /wp-content/plugins/ip-geo-block/wp-content/ip-geo-api/
.
Please rename it to drop-in.php
and put it into your
Geolocation API folder when you use it.
Human friendly error page is unavailable
It is because the theme setup would not have finished when this plugin do
its jobs. It means that when you select 404 Not Found
as Response code,
404.php
in your theme folder might not work. In this case, you must
save your human friendly error page as a static file. If you want to show a
human friendly page for blocked visitors, you must configure as follows:
http://example.com/wp-content/themes/your-theme/404.php
)404.php
using your browser
(e.g. “View page source” with right click). It means that the file consists
of not PHP codes but static HTML codes.403 Forbidden
, it’s almost the same but just save the page as
403.php
and change the message as you like.The more plugins you have, the lower site speed you get.
You may be interested in the benchmark of the two “Validation timing”. As with the previous report, the test environment and sample plugins are showen blow:
Category | Description |
---|---|
Hardware | MacBook Pro / 2.8GHz Core i7 / Memory 16GB |
Software | OS X 10.9.5 / MAMP 3.5.2 (Apache 2.2.29, PHP 5.6.10) |
WordPress | 4.6-ja / Site Language: English |
The following tables show comparisons between the two mode of “Validation
timing” against the each target using ApacheBench for 60 seconds. As you
can see, the number of requests have become to be handled more than twice with
"mu-plugins" (ip-geo-block-mu.php)
.
init action hook | mu-plugins | |
---|---|---|
Complete Reqs | 271 | 595 |
Reqs/sec [#/sec] | 4.51 | 9.89 |
Time/req [msec] | 221.877 | 101.093 |
init action hook | mu-plugins | |
---|---|---|
Complete Reqs | 273 | 593 |
Reqs/sec [#/sec] | 4.53 | 9.87 |
Time/req [msec] | 220.988 | 101.315 |
init action hook | mu-plugins | |
---|---|---|
Complete Reqs | 280 | 619 |
Reqs/sec [#/sec] | 4.66 | 10.28 |
Time/req [msec] | 214.395 | 97.247 |
init action hook | mu-plugins | |
---|---|---|
Complete Reqs | 229 | 551 |
Reqs/sec [#/sec] | 3.81 | 9.17 |
Time/req [msec] | 262.588 | 109.039 |