IP Geo Block wordpress plugin resources analysis

Download This Plugin
Download Elegant Themes
Name	IP Geo Block
Version	2.0.2
Author	tokkonopapa
Rating	70
Last updated	2015-02-27 03:35:00
Downloads	2014
Download Plugins Speed Test plugin for Wordpress

Home page

Delta: 0%

Post page

Delta: 0%

IP Geo Block plugin has no negative impact on PageSpeed score.

Home page PageSpeed score has been degraded by 0%, while Post page PageSpeed score has been degraded by 0%

IP Geo Block plugin added 2 bytes of resources to the Home page and 5 bytes of resources to the sample Post page.

IP Geo Block plugin added 0 new host(s) to the Home page and 0 new host(s) to the sample Post page.

Great! IP Geo Block plugin ads no tables to your Wordpress blog database.

Resources Added (Post page)

Description

There are some cases that your site is infected. The first one is the case that contaminated files are uploaded via FTP or some kind of uploaders. In this case, scaning and verifing integrity of files on your site is useful to detect the infection.

The second one is the cracking of the login password. In this case, the rule of right is to strengthen the password.

The third one is caused by malicious access to the core files. The major issue in this case is that a plugin or theme in your site has vulnerability such as XSS, CSRF, SQLi, LFI and so on. If a plugin has vulnerability of Local File Inclusion (LFI), the attackers can easily download the wp-config.php without knowing the username and the password by simply hitting http://example.com/wp-admin/admin-ajax.php?action=something_vulnerable&file=../wp-config.php on their browser.

For these cases, the protection based on the IP address is not a perfect solution for everyone. But for some site owners or some certain cases such as 'zero-day-attack', it can still reduce the risk of infection against the specific attacks.

This is the reason why this plugin is here.

Features

This plugin will examine a country code based on the IP address. If a comment, pingback or trackback comes from specific country, it will be blocked before Akismet validate it.

With the same mechanism, it will fight against burst access of brute-force and reverse-brute-force attacks to the login form, XML-RPC and admin area.

Access to the basic and important entrances such as wp-comments-post.php, xmlrpc.php, wp-login.php, wp-admin/admin.php, wp-admin/admin-ajax.php, wp-admin/admin-post.php will be validated by means of a country code based on IP address.
Free IP Geolocation database and REST APIs are installed into this plugin to get a country code from an IP address. There are two types of API which support only IPv4 or both IPv4 and IPv6. This plugin will automatically select an appropriate API.
In order to prevent the invasion through the login form and XML-RPC against the brute-force and the reverse-brute-force attacks, the number of login attempts will be limited per IP address.
A cache mechanism with transient API for the fetched IP addresses has been equipped to reduce load on the server against the burst accesses with a short period of time.
Validation logs will be recorded into MySQL data table to analyze posting pattern under the specified condition.
Custom validation function can be added via add_filter() with pre-defined filter hook. See various use cases in sample.php bundled within this package.
MaxMind GeoLite free database for IPv4 and IPv6 will be downloaded and updated (once a month) automatically. And if you have correctly installed one of the IP2Location plugins ( IP2Location Tags, IP2Location Variables, IP2Location Country Blocker ), this plugin uses its local database prior to the REST APIs.
This plugin is simple and lite enough to be able to cooperate with other full spec security plugin such as Wordfence Security (because the function of country bloking is available only for premium users).

Attribution

This package includes GeoLite data created by MaxMind, available from MaxMind, and also includes IP2Location open source libraries available from IP2Location.

Also thanks for providing the following great services and REST APIs for free.