Posted on May 11, 2021

The list of plugins which WP-ZEP should bypass.


The filter hook “ip-location-block-bypass-plugins” assigns the array of query strings in the request to the /wp-content/plugins/my-plugin/…/*.php which WP-ZEP should bypass.

In some cases, WP-ZEP (Zero-day Exploit Prevention for WordPress) blocks the valid request. This filter hook is used to prevent such an unexpected blocking.


  • $plugins
    (array) An array of allowed slug of plugin.

Use case

The following code snippet in your theme’s functions.php can bypass WP-ZEP validation against the direct request to /wp-content/plugins/my-plugin/…/*.php.

function my_bypass_plugins( $plugins ) {
    $whitelist = array(
    return array_merge( $plugins, $whitelist );
add_filter( 'ip-location-block-bypass-plugins', 'my_bypass_plugins' );
NOTE: When you select "mu-plugins" (ip-location-block-mu.php) as Validation timing , you should put your code snippet into drop-in.php in Geolocation API folder instead of functions.php. See My custom functions in “functions.php” doesn’t work. in FAQ for detail.