This is a maintenance release including 3 of bug fixes and 3 of improvements. Every user of this plugin should update to make it work properly.
Fix the issue of login-fail-counter
In the last release 0.2.1.1, I added
block by country (register, lost password) which enables to login from anywhere but disables other actions such as new user registration or lost password. But “login-fail-counter” didn’t work correctly only in this setting.
And now, it works properly to block brute force attack to the
Fix the issue of validation settings for admin
Admin area and
Admin ajax/post at “Validation settings” on “Settings” tab should be able to perform individual behavior. But previously it wasn’t.
Prevent zero-day exploit for
Admin area protects a site against attacks even from your own country, and
Block by country for
Admin ajax/post protects against attacks from outside your country but always accepts ajax requested from your country.
Prevent zero-day exploitfor
Admin ajax/postcan also accept ajax requested from outside your own country if a plugin defines same handler for privileged users and non privileged users. So its behavior depeneds on the plugin's implementation.
Fix some issues for Jetpack
Jetpack is a super popular plugin and has a lot of awesome features. But some of them were blocked by WP-ZEP. For example, “Site Stats” using Sparkline did not appear on the admin bar which issue was reported on the support forum (thanks H).
The solution is not perfect, but tentatively fixed. In the future release, compatibility with Jetpack should be more advanced.
Improvement of diagnosis on admin screen
From release 0.2.0.8, the diagnosis for validation logs had been implemented because of issue #1. In this release, the diagnosis is hidden behind the definition of symbol
IP_GEO_BLOCK_DEBUG. To revive this functionality, add the following code in your
With the above definition, additional functions will appear on “Plugin settings” at “Setting” tab as follows:
Improvement of handling IPv6 in IP2Location
The IP2Location™ PHP Module can handle both IPv4 and IPv6 using local database. But for the IPv6 it needs GMP Functions in the server. So I provide the alternatives using BC Math Functions in case there is no GMP in the server.
An advantage of using local database is getting detail information. You can download the Free IP2Location LITE Databases after you register your email address and sign up a free account.
Here’s a sample and a result using the DB5.LITE which is uploaded into this plugin’s database directory.
Improvement at activation process
At the activation process just after you had installed, this plugin uses RESTful API to get and put your country code into the whitelist. After that, MaxMind GeoLite Legacy Database was downloaded and used for the main source of validating the country code of IP addresses.
It meant that the database was different between before and after activation. This had a possibility to block yourself by means of accuracy of those DBs.
From this release, MaxMind database will be also used at the activation to keep consistency of validation. (Of course, a fallback process in case that the service of MaxMind is unavailable is still there.)
Unfortunately when you are locked out yourself, download the emergent version of
ip-location-block.php and upload it instead of the original one via FTP so that you can update your settings and this plugin itself. (See also this topic.)
I hope you enjoy this release !!