This is a maintenance release including 3 of bug fixes and 3 of improvements. Every user of this plugin should update to make it work properly.
Fix the issue of login-fail-counter
In the last release 0.2.1.1, I added block by country (register, lost password) which enables to login from anywhere but disables other actions such as new user registration or lost password. But “login-fail-counter” didn’t work correctly only in this setting.
And now, it works properly to block brute force attack to the wp-login.php.
Fix the issue of validation settings for admin
The Admin area and Admin ajax/post at “Validation settings” on “Settings” tab should be able to perform individual behavior. But previously it wasn’t.
For example, Prevent zero-day exploit for Admin area protects a site against attacks even from your own country, and Block by country for Admin ajax/post protects against attacks from outside your country but always accepts ajax requested from your country.
Prevent zero-day exploit for Admin ajax/post can also accept ajax requested from outside your own country if a plugin defines same handler for privileged users and non privileged users. So its behavior depeneds on the plugin’s implementation. Fix some issues for Jetpack
Jetpack is a super popular plugin and has a lot of awesome features. But some of them were blocked by WP-ZEP. For example, “Site Stats” using Sparkline did not appear on the admin bar which issue was reported on the support forum (thanks H).
The solution is not perfect, but tentatively fixed. In the future release, compatibility with Jetpack should be more advanced.
Improvement of diagnosis on admin screen
From release 0.2.0.8, the diagnosis for validation logs had been implemented because of issue #1. In this release, the diagnosis is hidden behind the definition of symbol IP_GEO_BLOCK_DEBUG. To revive this functionality, add the following code in your functions.php.
<?php define( 'IP_GEO_BLOCK_DEBUG', true ); ?>With the above definition, additional functions will appear on “Plugin settings” at “Setting” tab as follows:
Improvement of handling IPv6 in IP2Location
The IP2Location™ PHP Module can handle both IPv4 and IPv6 using local database. But for the IPv6 it needs GMP Functions in the server. So I provide the alternatives using BC Math Functions in case there is no GMP in the server.
An advantage of using local database is getting detail information. You can download the Free IP2Location LITE Databases after you register your email address and sign up a free account.
Here’s a sample and a result using the DB5.LITE which is uploaded into this plugin’s database directory.
<?php
/**
* Set the path to the IP2Location Lite Database.
*
*/
function my_ip2location_path( $path ) {
return WP_PLUGIN_DIR . '/ip-location-block/database/IP2LOCATION-LITE-DB5.IPV6.BIN';
}
add_filter( 'ip-location-block-ip2location-path', 'my_ip2location_path' );
/**
* Get the geolocation information of specific IP address.
*
*/
function my_geolocation() {
// IP_Geo_Block::get_geolocation(
// $ip = NULL, $providers = array(), $callback = 'get_country'
// );
//
// @param string $ip IP address / default: $_SERVER['REMOTE_ADDR']
// @param array $providers list of providers / ex: array( 'ipinfo.io' )
// @param string $callback geolocation function / ex: 'get_location'
// @return array country code and so on
$geolocation = IP_Geo_Block::get_geolocation(
'5.165.178.77', array( 'ip2location' ), 'get_location'
);
// [provider] => ip2location
// [countryCode] => RU
// [countryName] => Russian Federation
// [regionName] => Penza
// [cityName] => Penza
// [latitude] => 53.2006607056
// [longitude] => 45.0046386719
var_dump( $geolocation );
if ( isset( $geolocation['errorMessage'] ) ) {
// error handling
}
}
?>Improvement at activation process
At the activation process just after you had installed, this plugin uses RESTful API to get and put your country code into the whitelist. After that, MaxMind GeoLite Legacy Database was downloaded and used for the main source of validating the country code of IP addresses.
It meant that the database was different between before and after activation. This had a possibility to block yourself by means of accuracy of those DBs.
From this release, MaxMind database will be also used at the activation to keep consistency of validation. (Of course, a fallback process in case that the service of MaxMind is unavailable is still there.)
Unfortunately when you are locked out yourself, download the emergent version of ip-location-block.php and upload it instead of the original one via FTP so that you can update your settings and this plugin itself. (See also this topic.)
I hope you enjoy this release !! 