This is a maintenance release including 3 of bug fixes and 3 of improvements. Every user of this plugin should update to make it work properly.
In the last release 2.1.1, I added
block by country (register, lost password)
which enables to login from anywhere but disables other actions such as new
user registration or lost password. But “login-fail-counter” didn’t work
correctly only in this setting.
And now, it works properly to block brute force attack to the
Admin area and
Admin ajax/post at “Validation settings” on
“Settings” tab should be able to perform individual behavior. But
previously it wasn’t.
Prevent zero-day exploit for
Admin area protects a site
against attacks even from your own country, and
Block by country for
Admin ajax/post protects against attacks from outside your country but
always accepts ajax requested from your country.
Prevent zero-day exploitfor
Admin ajax/postcan also accept ajax requested from outside your own country if a plugin defines same handler for privileged users and non privileged users. So its behavior depeneds on the plugin's implementation.
Jetpack is a super popular plugin and has a lot of awesome features. But some of them were blocked by WP-ZEP. For example, “Site Stats” using Sparkline did not appear on the admin bar which issue was reported on the support forum (thanks H).
The solution is not perfect, but tentatively fixed. In the future release, compatibility with Jetpack should be more advanced.
From release 2.0.8, the diagnosis for validation logs had been
implemented because of issue #1. In this release, the diagnosis is
hidden behind the definition of symbol
IP_GEO_BLOCK_DEBUG. To revive this
functionality, add the following code in your
With the above definition, additional functions will appear on “Plugin settings” at “Setting” tab as follows:
The IP2Location™ PHP Module can handle both IPv4 and IPv6 using local database. But for the IPv6 it needs GMP Functions in the server. So I provide the alternatives using BC Math Functions in case there is no GMP in the server.
An advantage of using local database is getting detail information. You can download the Free IP2Location LITE Databases after you register your email address and sign up a free account.
Here’s a sample and a result using the DB5.LITE which is uploaded into this plugin’s database directory.
At the activation process just after you had installed, this plugin uses RESTful API to get and put your country code into the whitelist. After that, MaxMind GeoLite Legacy Database was downloaded and used for the main source of validating the country code of IP addresses.
It meant that the database was different between before and after activation. This had a possibility to block yourself by means of accuracy of those DBs.
From this release, MaxMind database will be also used at the activation to keep consistency of validation. (Of course, a fallback process in case that the service of MaxMind is unavailable is still there.)
Unfortunately when you are locked out yourself, download the
emergent version of
ip-geo-block.php and upload it instead of the
original one via FTP so that you can update your settings and this plugin itself.
(See also this topic.)
I hope you enjoy this release !!