Advanced IP Blocker
Advanced IP Blocker is your all-in-one security solution to safeguard your WordPress website from a wide range of threats. This plugin provides a comprehensive suite of tools to automatically detect and block malicious activity, including brute-force attacks, vulnerability scanning, and spam bots. With its intuitive interface, you can easily manage whitelists, blocklists, and view detailed security logs to understand exactly how your site is being protected. Important Note on PHP Version: To ensure maximum security and access to all features, we strongly recommend using PHP 8.1 or higher. Some advanced features (like the local MaxMind database or full 2FA management via WP-CLI) require PHP 8.1. Key Features: * (NEW) Distributed Attack Protection (Auto-Panic): Automatically shields your entire site with a global JS challenge during massive traffic spikes, keeping your server online while intelligently bypassing trusted bots and excluded routes. * (NEW) IP & ASN Diagnostics Tool: A complete Inspector tool integrated directly into the admin bar. Quickly audit any IP or ASN against your Geolocation database, Threat Scoring system, Spamhaus drops, and manual blocking rules in real-time. * Advanced Rules Import/Export: Seamlessly migrate or backup your complex custom security rules across multiple WordPress websites. With full JSON validation, structural deduplication, and “cost-zero” client-side file generation, agency users can clone their perfect firewall setups in seconds. * Granular JS Challenge Modes: You can now choose exactly how the security challenge behaves. Select “Managed” for ultimate security requiring human interaction (a checkbox), or “Automatic” for an invisible, transparent Proof-of-Work execution that stops bots silently. Apply different modes per module! * Country Selector Copy/Paste: Say goodbye to manually selecting 50+ countries. You can now instantly copy and paste a raw list of 2-letter country codes directly into Geoblocking, Geo-Challenge, and Whitelist Login fields. * AIB Cloud Network V3: Upgrade to the next-generation distributed threat intelligence network. The new API V3 provides secure, individual API Keys per site, drastically improving synchronization reliability, threat telemetry, and global network stability. * Whitelist Login Countries: Take absolute control over administrative access. Easily restrict your WordPress login page and XML-RPC to only allow connections from specific, whitelisted countries, instantly blocking unauthorized foreign login attempts. * (IMPROVED) Bulk Import/Export for Blocked IPs & Whitelist: Seamlessly import massive lists of IPs via CSV or manual entry. The system now features a bulletproof “Bulk Import” type, strict duration inheritance, and intelligent conflict resolution. * Internal Security & Forensics: A complete audit suite solely for WordPress. Track every sensitive event (plugin installs, settings changes, user logins) and monitor your critical files for unauthorized modifications with the integrated File Integrity Monitor. * Activity Audit Log: Gain complete visibility into what’s happening on your site. Who deactivated a plugin? Who changed a setting? The Audit Log answers these questions with timestamped, immutable records. * Deep Scan Email Reports: Get a weekly security summary delivered to your inbox, detailing pending updates, vulnerability status, and recent attack trends. * Username Blocking & Rules: Gain granular control over login security. Creating Advanced Rules to block, challenge, or score specific usernames (e.g., “admin”, “test”). * Enhanced Lockdown Notifications: Distributed Lockdowns (404/403) now fully support Email and Push notifications, ensuring you never miss a critical security event. * Improved Logging: New “Endpoint Challenge” event type provides deeper visibility into challenges served during automated lockdowns. * Server IP Reputation Check. Instantly audit your web server’s IP address against major blacklists (Spamhaus, AbuseIPDB) to diagnose SEO and email delivery issues. * **HTTP Security Headers. Easily configure essential security headers like HSTS, X-Frame-Options, and Permissions-Policy to harden your site against clickjacking, sniffing, and other browser-based attacks. Includes a “Report-Only” mode for CSP. * Site Health & Vulnerability Scanner. Audit your WordPress environment instantly. Detects outdated plugins, insecure PHP versions, and checks your installed plugins against a database of 30,000+ known vulnerabilities. * **PERFORMANCE BOOST: High-Speed Community Database. Migrated the “Community Defense Network” blocklist to a dedicated, indexed database table. This allows checking thousands of malicious IPs in microseconds with zero impact on site memory usage. * **Community Defense Network. Join forces with other WordPress admins. The plugin now shares anonymous attack data to build a global, real-time blocklist of verified threats. Protect your site with community-powered intelligence. * **Auto-Cleaning Logic. Smart expiration handling ensures your blocklists stay fresh and performant, automatically removing stale IPs from both the database and external firewalls (Cloudflare/.htaccess). * **Cloud Edge Defense (Cloudflare). Connect your site directly to Cloudflare’s global network. Automatically sync your blocklists to the cloud to stop attackers before they reach your server. Zero server load protection. * **Server-Level Firewall (.htaccess). Extreme performance upgrade. Write blocking rules and file hardening protections directly to your .htaccess file. Blocks threats instantly without loading PHP or WordPress. * **IMPROVED: Smart Bot Verification. Enhanced logic to correctly identify legitimate traffic from iOS devices (iCloud Private Relay) and social media previews, eliminating false positives while keeping impostors out. * **File Hardening. Protect your most sensitive files (wp-config.php, readme.html, .git) at the server level with a single click. * AbuseIPDB Integration. Proactively block attackers before they strike. The plugin can now check visitor IPs against AbuseIPDB’s real-time, crowdsourced database of malicious IPs and block those with a high abuse score on their very first request. * Edge Firewall Mode! Protect any PHP file or standalone application within your WordPress directory (even if it’s not part of WordPress). Ideal for securing custom scripts, legacy applications, or folders like /scan/. (Requires manual configuration). * Advanced Rules Engine! Create powerful, custom security rules with multiple conditions (IP, Country, ASN, URI, User-Agent) and actions (Block, Challenge, or add Threat Score). * Known Bot Verification. A powerful new security layer that uses reverse DNS lookups to verify legitimate crawlers like Googlebot and Bingbot. This completely neutralizes attackers who try to bypass security rules by faking their User-Agent, assigning high threat scores to impostors. * Verify Monitoring Bots (IP List). A brand new feature that downloads and caches official IP lists from popular uptime monitoring services (like UptimeRobot and Pingdom) to ensure they are never incorrectly blocked or challenged. * Onboarding Setup Wizard. A brand new step-by-step wizard that guides new users through the essential security configurations (IP whitelisting, WAF, and bot traps) in under a minute, ensuring a strong security posture from day one. * Major Refactor: Codebase Modernization. The entire plugin architecture has been refactored into a modern, modular structure. Logic for admin pages, AJAX, actions, and settings is now handled by dedicated classes, making the plugin more stable, performant, and easier to maintain and extend in the future. * Advanced IP Spoofing Protection. A zero-trust “Trusted Proxies” system ensures the plugin always identifies the true visitor IP, even behind complex setups like Cloudflare or a custom reverse proxy. It neutralizes attacks that attempt to fake their IP, preventing block evasion and the framing of innocent users. * Geo-Challenge. A smarter way to handle traffic from high-risk countries. Instead of a hard block, it presents a quick, invisible JavaScript challenge that stops bots but is seamless for human visitors. This reduces unwanted traffic without affecting potential legitimate users. * ENHANCEMENT: Full Bulk-Action Support. IP management is now faster than ever. Both the Whitelist and the Blocked IPs list now support full bulk actions, allowing you to select and remove multiple entries at once, or unblock all IPs with a single click. * Endpoint Lockdown Mode: Automatically shields wp-login.php and xmlrpc.php with a JavaScript challenge during sustained distributed attacks, preventing server overload. * Two-Factor Authentication (2FA): Secure user accounts with industry-standard TOTP authentication, backup codes, role enforcement, and a central admin management dashboard. * IP Trust & Threat Scoring System: An intelligent defense that assigns “threat points” to IPs for malicious actions, blocking them only when they reach a configurable score. More accurate and context-aware than simple rules. * Attack Signature Engine: Proactively stops distributed botnet attacks by identifying and blocking the attacker’s “fingerprint” (signature) instead of just individual IPs. * Web Application Firewall (WAF): Block malicious requests (SQLi, XSS, etc.) with a customizable ruleset. * And much more: Rate Limiting, Country & ASN Blocking (with Spamhaus support), ASN Whitelisting, Push Notifications, Google reCAPTCHA, Honeypots, Active User Session Management, and Full WP-CLI Support.
Top keywords
- security17×1.28%
- ip14×1.05%
- ips10×0.75%
- rules10×0.75%
- now9×0.68%
- php9×0.68%
- site9×0.68%
- wordpress9×0.68%
- block8×0.60%
- challenge8×0.60%
- blocking7×0.53%
- database7×0.53%
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)
Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate. Really simple, Effective and Performant WordPress Security Really Simple Security is the most lightweight and easy-to-use security plugin for WordPress. It secures your WordPress website with SSL certificate generation, including proper 301 https redirection and SSL enforcement, scanning for possible vulnerabilities, Login Protection and implementing essential WordPress hardening features. We believe that security should have the absolute minimum effect on website performance, user experience and maintainability. Therefore, Really Simple Security is: Lightweight: Every security feature is developed with a modular approach and with performance in mind. Disabled features won’t load any redundant code. Easy-to-use: 1-minute configuration with short onboarding setup. Security Features Easy SSL Migration Migrates your website to HTTPS and enforces SSL in just one click. 301 redirect via PHP or .htaccess Secure cookies Let’s Encrypt: Install an SSL Certificate if your hosting provider supports manual installation. Server Health Check: Your server configuration is every bit as important for your website security. WordPress Hardening Tweak your configuration and keep WordPress fortified and safe by tackling potential weaknesses. Prevent code execution in the uploads folder Prevent login feedback and disable user enumeration Disable XML-RPC Disable directory browsing Username restrictions (block ‘admin’ and public names) and much more.. Vulnerability Detection Get notified when plugins, themes or WP core contain vulnerabilities and need appropriate action. Login Protection Allow or enforce Two-Factor Authentication (2FA) for specific user roles. Users receive a two-factor code via Email. Improve Security with Really Simple Security Pro Protect your site with all essential security features by upgrading to Really Simple Security Pro. Advanced SSL enforcement Mixed Content Scan & Fixer. Detect files that are requested over HTTP and fix them to HTTPS, both Front- and Back-end. Enable HTTP Strict Transport Security and configure your site for the HSTS Preload list. Firewall Really Simple Security Pro includes a performant and efficient WordPress firewall, to stop bots, crawlers and bad actors with IP and username blocks. 404 blocking – Blocks crawlers as they trigger unusual numbers of 404 errors. Region blocking – Only allow/block access to your site from specific regions. Automated and customisable Firewall rules. IP blocklist and allowlist. Security Headers Security headers protect your site visitors against the risk of clickjacking, cross-site-forgery attacks, stealing login credentials and malware. Independent of your Server Configuration, works on Apache, LiteSpeed, NGINX, etc. Protect your website visitors with X-XSS Protection, X-Content-Type-Options, X-Frame-Options, a Referrer Policy and CORS headers. Automatically generate your WordPress-tailored Content Security Policy. Vulnerability Measures When a vulnerability is detected in a plugin, theme or WordPress core you will get notified accordingly. With Vulnerability Measures, you can configure simple but effective measures to make sure that a critical vulnerability won’t remain unattended. Force update: An update process will be tried multiple times until it can be assumed development of a theme or plugin is abandoned. You will be notified during these steps. Quarantine: When a plugin or theme can’t be updated to solve a vulnerability, Really Simple Security can quarantine the plugin. Advanced Site Hardening Choose a custom login URL Automated File Permissions check and fixer Rename and randomize your database prefix Change the debug.log file location to a non-public folder Disable application passwords Control admin creation Disable HTTP methods, reducing HTTP requests Login Protection Secure your website’s login process and user accounts with powerful security measures. Two-Step verification (Email login) 2FA (two factor authentication) with TOTP Passwordless login with passkey login Enforce strong passwords and frequent password change Limit Login Attempts With Limit Login Attempts you can configure a threshold to temporarily or permanently block IP addresses or (non-existing) usernames. You can also throw a CAPTCHA after a failed login (hCaptcha or Google reCaptcha) Access Control Restrict access to your site for specific regions. Add specific IP addresses or IP ranges to the Blocklist or Allowlist. Useful Links Documentation Security Definitions Translate Really Simple Security Issues & pull requests Feature requests Love Really Simple Security? If you want to support the continuing development of this plugin, please consider buying Really Simple Security Pro, which includes some excellent security features and premium support. About Really Simple Plugins Our mission is to make complex WordPress requirements really easy. Really Simple Security is developed by Really Simple Plugins. For generating SSL certificates, Really Simple Security uses the le acme2 PHP Let’s Encrypt client library, thanks to ‘fbett’ for providing it. Vulnerability Detection uses WP Vulnerability, an open-source initiative by Javier Casares. Want to join as a collaborator? We’re on GitHub as well!