Because I’m not a native english speaker, it is difficult to express something in English. After some discussions (many thanks to John), I realized again that simple and straightforward is always the best .
Previously, you should configure your
.htaccess in your
themes directories to prevent malicious accesses against the PHP files in those directories. But now you can just turn on the checkboxes
“Force to load WP core”.
Unfortunately, I’m not familiar with nginx. So currently this feature is available only for apache but both should be supported in the future.
“Export settings” button exports setting parameters which are displayed on the your browser to the json file. And “Import settings” button imports from the json file.
The content in json file looks something like this:
These data will be validated on the server side to prevent XSS. I think this feature is useful for your multisite.
Some links on the “Networks admin dashboard” would be blocked when you enabled “Prevent zero-day exploit” for “Admin area” or “Admin ajax/post”.
Sorry but even with this fixation, IP Geo Block is not ready for multisite with full of its requirements. I hope I can release it in the next version .
When you selected “Whitelist” as “Matching rule” but your country code was not in the “Country code for matching rule”, the following admin notice appeared:
It was too bad not only about its expression but also its functionality, because it persistently appeared even in case the your IP address was in the “Whitelist of extra IP addresses prior to country code”.
Now no more admin notice appears when you assign “Validation rule settings” like this:
For the performance point of view, I think the following
is much better than the above if you know the range of your IP addresses.