Introducing GeoLocation API

Over the past period we have been working to develop our own GeoLocation API and close the gap that was there. So far the plugin relied on third-party databases and APIs but in future those integrations will receive minimal maintenance and even some of them will be deprecated.

Why our own native Geo-Location Provider

Three reasons: consistency, extendibility and performance.

Third-party integrations require maintenance and a lot of testing to ensure they are working properly, and in the same time their providers are constantly introducing new things, changing API endpoints and therefore this affects the overall plugin stability. With IP Location Block, we ensure all features remain consistent and stable.

The next important reason is extendibility. With IP Location Block we have been able to precision blocking and some other planned features that are already in progress.

How it compares to other providers

The native IP Location Block provider is fast, secure and extendable. We implemented advanced set up to battle with millions of requests per second. Having said that, our plugin responds faster than the other geo-location APIs which normally contributes positively to your page load.

Besides speed, biggest advantage is extendibility because we now have full control of this API and we can introduce new features that the IP Location Block plugin will benefit from. Pure example is Precision Blocking feature which can match by state/city. Other providers does not provide the required data pieces to implement this feature, however with the IP Location Block native geo-location provider this is now reality.

How can I register and start using the API

  1. To register just go to the signup link and go through the procedure.
  2. Assuming that you have access to the Dashboard, go to API > Credentials to obtain your key.
  3. Enter the key in the IP Location Block plugin settings and disable other providers, you don't really need any other at this point.

To see the pricing click here.

Migration from IP Geo Block

I added option to migrate from IP Geo Block. This option will just copy the options form IP Geo Block to IP Location Block.

To migrate, go to Settings > IP Location Block > Plugin settings and follow the steps:

  1. Deactivate IP Geo Block but don’t remove it yet because it will remove the settings as well.
  2. In IP Location Block settings, use the “Migrate from IP Geo Block” option at the bottom to copy the settings from IP Geo Block
  3. You can now remove IP Geo Block

Note: The tool will NOT remove those options from IP Geo Block yet because IP Geo Block has the functionality to remove those settings itself when you uninstall it if the checkbox "Remove all settings and records at uninstallation" is checked. When uninstalling sure you enable this option and then uninstall it.

Note: This option will be only visible is valid IP Geo Block settings are detected.

Why so many WordPress plugins are vulnerable?

WordPress Vulnerability Statistics Source: © The WPScan Team

The above graph shows recent statistics of WordPress vulnerability from WPScan Vulnerability Database summarized by Sucuri which is a worldwide security company especially famous for analyzing vulnerability in WordPress.

Why so many vulnerabilities are there in WP plugins?

After reading the Sucuri Blog deeply and widely, I came to the conclusion that there is some kind of disuse and misuse of WordPress core functions.

I’d like to verify each vulnerability from this point of view.

(more…)

How does WP-ZEP prevent zero-day attack?

IP Location Block is the only plugin which has an ability to prevent zero-day attack even if some of the plugins in a WordPress site have unveiled vulnerability. I call it “Zero-day Exploit Prevention for WordPress” (WP-ZEP).

In this article, I’ll explain its mechanism and also its limitations. Before that, I’ll mention the best practice of plugin actions.

(more…)

Referrer Suppressor for external links

“Referrer Suppressor” which eliminate the browser’s referer is one of my favorite feature in IP Location Block.

It came to this plugin as a logical consequence of WP-ZEP. In this article, I’ll tell you the story.

(more…)

Analysis of Attack Vector against WP Plugins

On the WPScan Vulnerability Database maintained by Sucuri, we can find many new plugins and themes every month. Of course, WP-ZEP is not God Almighty against these. Then you may wonder about:

I’m with you!!

So I picked up the latest 50 vulnerabilities from WPScan DB, and dig into each attack vector one by one to investigate which can be prevented or not by WP-ZEP.

(more…)

Living with Jetpack

Jetpack is the Swiss army knife for your WordPress site. Plentiful awesome features are served for free by hooking to WordPress.com.

In this article, I show some notes related to living with Jetpack and IP Location Block.

(more…)

Impact on server load caused by brute-force attacks

I have examined the load reduction performance against brute-force attacks by using IP Location Block. I report the result in this article.

(more…)

Prevent exposure of wp-config.php

From July to September in 2015, 33 types of malicious requests to attempt exposing the wp-config.php via vulnerable plugins and themes had been observed on my site. I analyzed all of them to identify if IP Location Block can block them or not.

(more…)