Since the last update of IP Geo Block, two plugins were notified of having serious privilege escalation vulnerability. One was WP GDPR Compliance Plugin and another was AMP for WP – Accelerated Mobile Pages.
In this release, IP Geo Block has been enhanced to prevent security attacks against this type of vulnerability, based on the principle of “Security by Design”.
This release mainly includes one new feature for multi-site and two improvements related to the compatibility.
It was a big challenge for me to make my plugin complied with this regulation, because this plugin records IP address which is considered as personal data into its logs and cache on the database.
The main topic of this release note is to describe how this plugin was changed to meet the GDPR compliance.
On release 3.0.7, this plugin had been equipped with WordPress-IP-Geo-API for GeoLite2 free databases becase Maxmind announced that GeoLite Legacy Downloadable Databases will be stopped updating on April 1, 2018.
But the new databases seemed not to have enough entries compared to the legacy
one. And also 3.0.7 had an serious bug which made descendent scanning stopped
when the API claimed that a country code was unknown, i.e.
After releasing 3.0.8 to fix the above issue on , I have observed how many
times GeoLite2 databases claimed
ZZ. It still occurred but I decided to
change the priority of scanning order because the day will come on next month.
On December in 2017, the number of users of IP Geo Block have grown over 30,000. While being proud of this fact, I feel that this plugin should be improved much more because it is not ready to out-of-the-box. The fact that the questions on the forum related to the blocking behavior of this plugin have been increasing is telling about that.
I hope a new feature in this release can help to resolve the blocking issues when you have some experiences of unexpected blocking.