Validation rules and behavior

In addition to blocking based on IP address geolocation information, this plugin blocks malicious requests by validating based on some additional rules. In this section, such validation rules and behavior at blocking are described.

Your IP address / Country

The information shown here is your IP address and country code recognized by this plugin. The “Scan country code” button derives the country code based on the IP address from multiple geolocation databases. In rare cases, some databases may indicate different country codes. If you found an inconsistent country code, it’s good to select only applicable databases at “Geolocation API settings”.

Also, if your country code is shown as XX (Private), it means that your server is placed behind a reverse proxy server / a load balancer or inside a LAN. In such a case, please put an appropriate key, corresponding to the HTTP header field wihch is acquired by PHP such as HTTP_X_FOWARDED_FOR, into “$_SERVER keys to retrieve extra IP addresses” described later so that a public IP address can be retrieved.

Matching rule

Select either Whitelist or Blacklist. With this selection, the titles and text boxe in the next section are changed.

[Whitelist|Blacklist] of country code

Specify the country code according to the selection of “Matching rule” with two letters of the alphabet defined by ISO 3166-1 alpha-2.

Use Autonomous System Number

ASN is the number assigned to the group of IP addresses. For example, Facebook has many IP addresses, and AS32934 is assigned. Activating this will allow you to specify a group of IP addresses all in one piece for a specific organization.

[Whitelist|Blacklist] of extra IP addresses prior to country code

Specify IP addresses or AS number to be blocked or passed, prior to validating the country code. “CIDR calculator forIPv4 / IPv6” can help you to get the range of IP addresses that can be expressed simply as CIDR notation.

CIDR calculator for IPv4/IPv6

$_SERVER keys to retrieve extra IP addresses

In the case of a request via a proxy server, the IP addresses of multiple servers may be passed through in some specific HTTP fields. In order to validate all such IP addresses, you can set up some keys acquired by PHP such as HTTP_X_FORWARDED_FOR, HTTP_CLIENT_IP and so on.

Bad signatures in query

Specify malicious strings to be scanned from the requested query in order to block a malicious request. This validation excludes the contents of comments and articles.

Prevent malicious file uploading

This configures some rules to prevent uploading of malicious files targeted at plugins and theme vulnerabilities.

Response code

Specify the HTTP status code for response on blocking. Set the followings according to your selection.

Validation timing

Specify when this plugin will perform the validation.

Normally, the timing when the plugin can safely be initialized may be init action hook. But since it is after loading the theme and all the activated plugins, it takes unnecessary server load in case of blocking. In order to avoid such waste, you can select it as muplugins_loaded.

Simulation mode

This option enables to simulate validation without deployment of blocking on both back-end and front-end. The results can be found on “Logs” tag so that you can check in advance which pages would be blocked or passed.

Logs for public faicing pages

See also