On December in 2017, the number of users of IP Location Block have grown over 30,000. While being proud of this fact, I feel that this plugin should be improved much more because it is not ready to out-of-the-box. The fact that the questions on the forum related to the blocking behavior of this plugin have been increasing is telling about that.
I hope a new feature in this release can help to resolve the blocking issues when you have some experiences of unexpected blocking.
New feature: “Find blocked requests” button
You can find a magnifying glass buttons in “Exceptions” in “Back-end target settings” section.
After clicking the button, you may find an icon attached to the item in the list of “Candidate actions/pages”. It indicates that there may be some blocked requests with its name of the action or page in the Logs. So when you click the icon , you can verify if it’s malicious or not in a new opened window. If you confirm it’s safe to accept, you can add it as “Exceptions”.
The same feature is available in “Plugins area” and “Themes area” section.
Actually, this has almost the same meaning with error logs in “Debug information” which was equiped in version 0.3.0.1. But I believe that it’s huge better than before .
Improvement: Support Nginx
If your server software is neither Apache nor LiteSpeed, and .user.ini
is avaialble, you can now make “Force to load WP core” enabled at “Plugins area” and “Themes area” in “Back-end target settings” section.
This feature enables to prevent exposure of wp-config.php or other vulnerabilities against attacks to some OMG plugins and themes even on Nginx.
One thing I should mention here is that this feature is full compatible with other plugins using .user.ini
like Wordfence Security. Its WAF always works before WordPress core is loaded.
And also note that the following directive can be found in your configuration to deny access to the hidden files starting with a dot.
Improvement: Toogle sorting order
Now “Slug in back-end” would pick up many requests. So “Toogle sorting order” button is now available.
Improvement: UAlist in Logs
Sometimes you might be frustrated with not being able to find the reason why some certain requests were blocked or passed especially on the public facing pages.
I think that the reason mainly lies in the “UA string and qualification” because in the previous version, it said just “blocked” at “Result” column in the Logs.
But now, you can find “UAlist” like this:
When you find it, please have a look at the rules in “UA string and qualification” in “Front-end target settings” section on “Settings” tab.
Conclusion
From this version, I have more things to do than before for verifying the functionality not only on Apache but also on Nginx in addition to the browsers compatibility on different OS, single or multisite for sub-directory/sub-domain, SSL, plugins and themes compatibility and so on. So I would be grateful for your continued cooperation to improve this plugins .