2.2.4 Release Note

Because I’m not a native english speaker, it is difficult to express something in English. After some discussions (many thanks to John), I realized again that simple and straightforward is always the best emoji .

New feature: Auto configuration of .htaccess

Previously, you should configure your .htaccess in your plugins and themes directories to prevent malicious accesses against the PHP files in those directories. But now you can just turn on the checkboxes “Force to load WP core”.

Force to load WP core by .htaccess

Unfortunately, I’m not familiar with nginx. So currently this feature is available only for apache but both should be supported in the future.

New feature: Export / Import settings

Export settings” button exports setting parameters which are displayed on the your browser to the json file. And “Import settings” button imports from the json file.

Export / Import settings

The content in json file looks something like this:

{
    "ip_geo_block_settings[version]": "2.2.4",
    "ip_geo_block_settings[matching_rule]": "0",
    "ip_geo_block_settings[white_list]": "JP",
    "ip_geo_block_settings[black_list]": "ZZ",
    "ip_geo_block_settings[extra_ips][white_list]": "",
    "ip_geo_block_settings[extra_ips][black_list]": "",
    "ip_geo_block_settings[response_code]": "403",
    "ip_geo_block_settings[login_fails]": "5",
    ...
    "ip_geo_block_settings[clean_uninstall]": ""
}

These data will be validated on the server side to prevent XSS. I think this feature is useful for your multisite.

Bug fix for multisite

Some links on the “Networks admin dashboard” would be blocked when you enabled “Prevent zero-day exploit” for “Admin area” or “Admin ajax/post”.

Sorry but even with this fixation, IP Geo Block is not ready for multisite with full of its requirements. I hope I can release it in the next version emoji .

Better audit of locking self out

When you selected “Whitelist” as “Matching rule” but your country code was not in the “Country code for matching rule”, the following admin notice appeared:

Admin notice

It was too bad not only about its expression but also its functionality, because it persistently appeared even in case the your IP address was in the “Whitelist of extra IP addresses prior to country code”.

Now no more admin notice appears when you assign “Validation rule settings” like this:

Validation rule settings

Note:

For the performance point of view, I think the following wp-admin/.htaccess is much better than the above if you know the range of your IP addresses.

order deny,allow
allow from 203.216.247.0/24
deny from all
<FilesMatch "admin-(ajax|post).php$">
    Satisfy Any
    Order allow,deny
    Allow from all
    Deny from none
</FilesMatch>