You may want to test the blocking behavior of this plugin. This document shows you how to use WordPress Post Simulator which simulate various attacks to the WordPress site through the comment spam, trackback, pingback, ajax and so on.

Preparation

The simulator is composed by JavaScript. So it should be uploaded to the same domain with the target WordPress site because of the limitation of Same-origin policy.

Please download the ZIP file of IP Geo Block master, unzip it, then upload css, js and index.html in the test folder to the appropriate directory on your server.

To prevent abuse by someone, the name of the uploaded directory should be secret which can be made up by referring WordPress Secret Key API for example, but only choosing unreserved characters in RFC3986.

WordPress Post Simulator

When you access to the uploaded index.html, you can see the following page.

Page Settings

The first step is to set up the WordPress related URL and proxy IP address.

1. WordPress Home
   Home URL of your WordPress site. Push Validate to check the page.
2. Single Page
   URL of a single page which has a comment form. Push Validate to check the page.
3. Proxy IP address
   When you push Generate, a random IP address is generated. It will be set as the HTTP_X_FORWARDED_FOR header in order to simulate the attacks from outside of your country. If empty, no header will be sent.

Submission Settings

Currently, you can test 13 methods for submission. In each method, you can set the attack vectors as follows:

Submission

The last thing you should do is to submit the requests. Then you can get the responses against each request in the text area.

See also

• The best practice of target settings
• Prevent exposure of wp-config.php