Advanced IP Blocker
Advanced IP Blocker is your all-in-one security solution to safeguard your WordPress website from a wide range of threats. This plugin provides a comprehensive suite of tools to automatically detect and block malicious activity, including brute-force attacks, vulnerability scanning, and spam bots. With its intuitive interface, you can easily manage whitelists, blocklists, and view detailed security logs to understand exactly how your site is being protected. Important Note on PHP Version: To ensure maximum security and access to all features, we strongly recommend using PHP 8.1 or higher. Some advanced features (like the local MaxMind database or full 2FA management via WP-CLI) require PHP 8.1. Key Features: * (NEW) Distributed Attack Protection (Auto-Panic): Automatically shields your entire site with a global JS challenge during massive traffic spikes, keeping your server online while intelligently bypassing trusted bots and excluded routes. * (NEW) IP & ASN Diagnostics Tool: A complete Inspector tool integrated directly into the admin bar. Quickly audit any IP or ASN against your Geolocation database, Threat Scoring system, Spamhaus drops, and manual blocking rules in real-time. * Advanced Rules Import/Export: Seamlessly migrate or backup your complex custom security rules across multiple WordPress websites. With full JSON validation, structural deduplication, and “cost-zero” client-side file generation, agency users can clone their perfect firewall setups in seconds. * Granular JS Challenge Modes: You can now choose exactly how the security challenge behaves. Select “Managed” for ultimate security requiring human interaction (a checkbox), or “Automatic” for an invisible, transparent Proof-of-Work execution that stops bots silently. Apply different modes per module! * Country Selector Copy/Paste: Say goodbye to manually selecting 50+ countries. You can now instantly copy and paste a raw list of 2-letter country codes directly into Geoblocking, Geo-Challenge, and Whitelist Login fields. * AIB Cloud Network V3: Upgrade to the next-generation distributed threat intelligence network. The new API V3 provides secure, individual API Keys per site, drastically improving synchronization reliability, threat telemetry, and global network stability. * Whitelist Login Countries: Take absolute control over administrative access. Easily restrict your WordPress login page and XML-RPC to only allow connections from specific, whitelisted countries, instantly blocking unauthorized foreign login attempts. * (IMPROVED) Bulk Import/Export for Blocked IPs & Whitelist: Seamlessly import massive lists of IPs via CSV or manual entry. The system now features a bulletproof “Bulk Import” type, strict duration inheritance, and intelligent conflict resolution. * Internal Security & Forensics: A complete audit suite solely for WordPress. Track every sensitive event (plugin installs, settings changes, user logins) and monitor your critical files for unauthorized modifications with the integrated File Integrity Monitor. * Activity Audit Log: Gain complete visibility into what’s happening on your site. Who deactivated a plugin? Who changed a setting? The Audit Log answers these questions with timestamped, immutable records. * Deep Scan Email Reports: Get a weekly security summary delivered to your inbox, detailing pending updates, vulnerability status, and recent attack trends. * Username Blocking & Rules: Gain granular control over login security. Creating Advanced Rules to block, challenge, or score specific usernames (e.g., “admin”, “test”). * Enhanced Lockdown Notifications: Distributed Lockdowns (404/403) now fully support Email and Push notifications, ensuring you never miss a critical security event. * Improved Logging: New “Endpoint Challenge” event type provides deeper visibility into challenges served during automated lockdowns. * Server IP Reputation Check. Instantly audit your web server’s IP address against major blacklists (Spamhaus, AbuseIPDB) to diagnose SEO and email delivery issues. * **HTTP Security Headers. Easily configure essential security headers like HSTS, X-Frame-Options, and Permissions-Policy to harden your site against clickjacking, sniffing, and other browser-based attacks. Includes a “Report-Only” mode for CSP. * Site Health & Vulnerability Scanner. Audit your WordPress environment instantly. Detects outdated plugins, insecure PHP versions, and checks your installed plugins against a database of 30,000+ known vulnerabilities. * **PERFORMANCE BOOST: High-Speed Community Database. Migrated the “Community Defense Network” blocklist to a dedicated, indexed database table. This allows checking thousands of malicious IPs in microseconds with zero impact on site memory usage. * **Community Defense Network. Join forces with other WordPress admins. The plugin now shares anonymous attack data to build a global, real-time blocklist of verified threats. Protect your site with community-powered intelligence. * **Auto-Cleaning Logic. Smart expiration handling ensures your blocklists stay fresh and performant, automatically removing stale IPs from both the database and external firewalls (Cloudflare/.htaccess). * **Cloud Edge Defense (Cloudflare). Connect your site directly to Cloudflare’s global network. Automatically sync your blocklists to the cloud to stop attackers before they reach your server. Zero server load protection. * **Server-Level Firewall (.htaccess). Extreme performance upgrade. Write blocking rules and file hardening protections directly to your .htaccess file. Blocks threats instantly without loading PHP or WordPress. * **IMPROVED: Smart Bot Verification. Enhanced logic to correctly identify legitimate traffic from iOS devices (iCloud Private Relay) and social media previews, eliminating false positives while keeping impostors out. * **File Hardening. Protect your most sensitive files (wp-config.php, readme.html, .git) at the server level with a single click. * AbuseIPDB Integration. Proactively block attackers before they strike. The plugin can now check visitor IPs against AbuseIPDB’s real-time, crowdsourced database of malicious IPs and block those with a high abuse score on their very first request. * Edge Firewall Mode! Protect any PHP file or standalone application within your WordPress directory (even if it’s not part of WordPress). Ideal for securing custom scripts, legacy applications, or folders like /scan/. (Requires manual configuration). * Advanced Rules Engine! Create powerful, custom security rules with multiple conditions (IP, Country, ASN, URI, User-Agent) and actions (Block, Challenge, or add Threat Score). * Known Bot Verification. A powerful new security layer that uses reverse DNS lookups to verify legitimate crawlers like Googlebot and Bingbot. This completely neutralizes attackers who try to bypass security rules by faking their User-Agent, assigning high threat scores to impostors. * Verify Monitoring Bots (IP List). A brand new feature that downloads and caches official IP lists from popular uptime monitoring services (like UptimeRobot and Pingdom) to ensure they are never incorrectly blocked or challenged. * Onboarding Setup Wizard. A brand new step-by-step wizard that guides new users through the essential security configurations (IP whitelisting, WAF, and bot traps) in under a minute, ensuring a strong security posture from day one. * Major Refactor: Codebase Modernization. The entire plugin architecture has been refactored into a modern, modular structure. Logic for admin pages, AJAX, actions, and settings is now handled by dedicated classes, making the plugin more stable, performant, and easier to maintain and extend in the future. * Advanced IP Spoofing Protection. A zero-trust “Trusted Proxies” system ensures the plugin always identifies the true visitor IP, even behind complex setups like Cloudflare or a custom reverse proxy. It neutralizes attacks that attempt to fake their IP, preventing block evasion and the framing of innocent users. * Geo-Challenge. A smarter way to handle traffic from high-risk countries. Instead of a hard block, it presents a quick, invisible JavaScript challenge that stops bots but is seamless for human visitors. This reduces unwanted traffic without affecting potential legitimate users. * ENHANCEMENT: Full Bulk-Action Support. IP management is now faster than ever. Both the Whitelist and the Blocked IPs list now support full bulk actions, allowing you to select and remove multiple entries at once, or unblock all IPs with a single click. * Endpoint Lockdown Mode: Automatically shields wp-login.php and xmlrpc.php with a JavaScript challenge during sustained distributed attacks, preventing server overload. * Two-Factor Authentication (2FA): Secure user accounts with industry-standard TOTP authentication, backup codes, role enforcement, and a central admin management dashboard. * IP Trust & Threat Scoring System: An intelligent defense that assigns “threat points” to IPs for malicious actions, blocking them only when they reach a configurable score. More accurate and context-aware than simple rules. * Attack Signature Engine: Proactively stops distributed botnet attacks by identifying and blocking the attacker’s “fingerprint” (signature) instead of just individual IPs. * Web Application Firewall (WAF): Block malicious requests (SQLi, XSS, etc.) with a customizable ruleset. * And much more: Rate Limiting, Country & ASN Blocking (with Spamhaus support), ASN Whitelisting, Push Notifications, Google reCAPTCHA, Honeypots, Active User Session Management, and Full WP-CLI Support.
Top keywords
- security17×1.28%
- ip14×1.05%
- ips10×0.75%
- rules10×0.75%
- now9×0.68%
- php9×0.68%
- site9×0.68%
- wordpress9×0.68%
- block8×0.60%
- challenge8×0.60%
- blocking7×0.53%
- database7×0.53%
Kadence Security – Password, Two Factor Authentication, and Brute Force Protection
Reduce your WordPress website’s risk to nearly zero with Kadence Security Formerly iThemes Security. Looking for iThemes? Learn more here. On average, 30,000 websites are hacked every day.* Cyberattacks in the US increased by 57% in 2022.** Bad actors who want to hack your site, steal your data, and cripple your business are a 24/7/365 threat. You need a proactive, strategic approach to WordPress website security that protects your site from brute force attacks, malware infections, and other cyber threats. Kadence Security shields your site from cyberattacks and prevents security vulnerabilities. It automatically locks out bad users identified by our Brute Force Protection Network that is nearly 1 million sites strong and leverages your own blacklist. It secures and protects your most commonly attacked part of your WordPress website – user login authentication. With Patchstack integration (Pro) protects your site before you even have a chance to address vulnerabilities and before a plugin or theme vendor or developer can even issue a patch. That’s 24/7/365 always-on truly Kadence Security. 🌐 Secure your Website in Minutes The Kadence Security setup and onboarding experience allows anyone to secure their WordPress website in under 10 minutes, regardless of technical acumen. Knowing that you have enabled all the right security settings for your website will leave you feeling like your site has never been more secure. 📚 Security Site Templates to Fit Your Type of Site Enabling the correct security settings based on the type of website you are building or maintaining is essential for proper security. An eCommerce site requires a different level of security than a basic blog. Kadence Security Site Templates make it quick and easy to apply the right security settings for your website. Choose from six different site templates to apply the type of security your site needs: Ecommerce – websites that sell products or services Network – websites that connect people or communities Non-Profit – websites that promote your cause and collect donations Blog – websites that share your thoughts or start a conversation Portfolio – websites that showcase your craft Brochure – simple websites that promote your business ⌚ Real-Time Website Security Dashboard Every day, lots of activity is happening on your website that you can’t see. Many of these activities can be related to your site’s security, so monitoring these events is vital to keeping your site secure. The Kadence Security Pro plugin provides a real-time WordPress security dashboard that monitors security-related events on your site around the clock. The Kadence Security Dashboard is a dynamic dashboard with all your WordPress website’s security activity stats in one place, including brute force attacks, banned users, active lockouts, site scan results, and user security stats (Pro). 🗝️ WordPress Login Security Setting up and maintaining proper WordPress configurations and managing user account access are essential aspects of hardening your site against threats and vulnerabilities. Basic and Pro include features that address both of these factors. Two Factor Authentication (2FA) – Make your WordPress login nearly impenetrable to attack by requiring users to enter a security code along with a password to login. The Kadence Security plugin allows you to add two-factor authentication to your WordPress login with several authentication methods, including mobile apps like Authy and Google Authenticator, email, and backup codes. Password Requirements – Create and enforce a password policy for your users in less than a minute. reCAPTCHA (Pro) – Stop bad bots from engaging in abusive activities on your website, such as attempting to break into your website using compromised passwords, posting spam, or even scraping your content. Passwordless Logins (Pro) – WordPress security made easy. Secure your user accounts with 2fa & strong passwords while allowing real users login with a click of a mouse. Trusted Devices (Pro) – Identify the devices you and other users use to block session hijacking attacks and limit Administrator privileges to Trusted Devices. Automated Vulnerability Patching (Pro) – Kadence Security Pro includes Patchstack which patches vulnerabilities before you have a chance to and applies fixes even before a plugin developer or vendor has issued a patch. Learn more about how passwordless login is the future and how Kadence Security can help you implement it today. 👨👩👧👦 The Right Amount of Security for Every User Level Different types of user levels require different levels of security. During the Kadence Security setup process, you can identify your website’s key user groups. Once the different types of users are identified, you can apply the level of security that is just right for each user group. Here are a couple of examples of how User Groups are useful for securing your site: For Clients – Let’s say you are configuring Kadence Security on a client’s website. You will decide whether or not they are required to use two-factor authentication and if they should have access to the Kadence Security settings. For Customers – If you have an eCommerce website, you will decide whether or not you want to protect customer accounts with a password policy. Privilege Escalation (Pro) also adds a safe, secure way to grant temporary admin-level access to your website. 🤖 Block Bad Bots & Ban User Agents with Lockouts Ban Users (Basic and Pro) – Permanently block repeat offenders from accessing your site. Local Brute Force Protection – Automatically identify and stop the most common method of attack on WordPress sites. Local Brute Force Protection (Basic and Pro) – Automatically identify and stop the most common method of attack on WordPress sites. Network Brute Force Protection (Basic and Pro) – The network is the Kadence Security community and is nearly one million websites strong. If someone tries to break into websites in the Kadence Security community, Kadence Security will block them across the network. Magic Links (Pro) – Security shouldn’t get in your way. Magic Links allow you to log in to your WordPress site while your username is locked out by the Kadence Security Local Brute Force Protection feature. 🔍 Monitor Your Site’s Security Health File Change Detection (Basic and Pro) – Kadence Security logs changes made to your website that can help detect malicious activity on your website. Site Scanner (Basic and Pro) – Schedule checks to run four times per day (Basic) or hourly (Pro) for known vulnerabilities of WordPress core file, plugins and themes. Using the Google Safe Browsing API, the Site Scan also checks your Google’s blocklist status and will alert you if Google has found any malware on your website. Patchstack integration (Pro) – Automated virtual patching of some vulnerabilities before you even have a chance to address them yourself, and before a plugin or theme vendor or developer can even issue a patch. Site Scanner (Pro) – Unlock Version Management to automatically apply a patch to vulnerable software detected by the Site Scan when one is available. User Logging (Pro) – Keep a record of user activity in your WordPress security logs, including login/logout, user registration, adding/removing plugins, switching themes, changes to posts and pages, and more. Version Management (Pro) – The Version Management feature in Kadence Security Pro allows you to auto-update WordPress, plugins, and themes. Beyond that, Version Management also has options to harden your website when you are running outdated software and scan for old websites. 🧠 Smarter, More Actionable Vulnerability Prioritization Not all vulnerabilities pose the same level of risk, and the traditional Common Vulnerability Scoring System (CVSS) score doesn’t always reflect the realities of running a WordPress site. Kadence Security now uses the Patchstack Priority score, which goes beyond CVSS to provide a real-world risk assessment tailored to WordPress. It factors in how likely a vulnerability is to be exploited and its actual impact on your site. With Patchstack Priority, you get a clearer picture of what really matters, helping you focus on the vulnerabilities that pose the greatest risk, and worry less about noise from low-impact issues. 🛠️ Website Security Utilities Enforce SSL – Force all connections to the website to be made over SSL/TLS. Database Backups – Create backups of your WordPress database. (Not a complete backup.) Geolocation (Pro) – Improve Trusted Devices by connecting to an external location or mapping API. 🚀 Advanced Security Tools Identify Server IPs – Prevent issues caused by inadvertently locking out your server IPs. Change User ID 1 – Change the user ID for the first WordPress user, potentially preventing attacks that assume the user with ID1 exists and is an administrator. Change Database Prefix – Change the database prefix that WordPress uses, potentially preventing attacks that assume the database prefix is “wp_”. Check File Permission – See the file and directory permissions of key areas of your site. Server Config Rules – View or flush the server security rules generated by Kadence Security. wp-config.php Rules – View or flush the wp-config.php security rules generated by Kadence Security. Change WordPress Salts – Secure your site after a successful attack by changing the WordPress salts used to secure cookies and security tokens. Hide Login URL – change the login URL of your site, making it harder for bots to find your login page and attack it. 🛟 Need Help? Free support may be available with the community’s help in the WordPress.org support forums. Our Kadence Security support team provides top-notch technical support to all our Kadence Security Basic users there. Our Help Center will help you become an iThemes Security expert. Get additional peace of mind with professional support from our expert team and pro features to take your site’s security to the next level with Kadence Security Pro. Recover From a Hacked Site Kadence Security makes regular backups of your WordPress database, allowing you to get back online quickly in the event of a hack or security breach. Use Kadence Security to create and email database backups on a customizable schedule. For complete site backups and the ability to restore or move WordPress to a new host or domain, check out Solid Backups. Solid Central Integration Manage more than one WordPress site? Release lockouts and keep your themes, plugins, and WordPress core up to date from one dashboard with Solid Central. *Zippia. “30 Crucial Cybersecurity Statistics [2023]: Data, Trends And More” Zippia.com. Jun. 15, 2023, https://www.zippia.com/advice/cybersecurity-statistics/ **https://blog.checkpoint.com/2023/01/05/38-increase-in-2022-global-cyberattacks/ License Released under the terms of the GNU General Public License.