White list and Black list of extra IP addresses prior to country code.
Description
The filter hook “ip-location-block-extra-ips” can assign the white and black list of extra IP addresses with CIDR notation which should be validated prior to other validations.
Parameters
-
$extra_ips
(array) An associative array of'white_list'
and'black_list'
. Both are string of comma separated IP addresses. -
$hook
(string)'comment'
,'xmlrpc'
,'login'
,'admin'
or'public'
.
Use case
1.) The following code snippet in your theme’s functions.php
can automatically fetch the IP addresses from Tor exit nodes on background and add them to the black list when login attempt is captured.
define( 'MY_EXTRA_IPS_LIST', 'my_extra_ips_list' );
define( 'MY_EXTRA_IPS_CRON', 'my_extra_ips_cron' );
function my_extra_ips_get() {
// get tor address list
$list = @file( 'https://check.torproject.org/exit-addresses' );
if ( FALSE !== $list ) {
// retrieve IP addresses from lines like :
// 'ExitAddress 123.456.789.123 YYYY-MM-DD hh:mm:ss'
$list = preg_filter(
'/^ExitAddress (d{1,3}.d{1,3}.d{1,3}.d{1,3}) .*$/m',
'$1',
$list
);
// keep the list in the cache
if ( ! empty( $list ) ) {
$list = implode( ',', array_map( 'trim', $list ) );
set_transient( MY_EXTRA_IPS_LIST, $list, DAY_IN_SECONDS );
}
}
if ( ! wp_next_scheduled( MY_EXTRA_IPS_CRON ) ) {
wp_schedule_single_event( time() + HOUR_IN_SECONDS, MY_EXTRA_IPS_CRON );
}
return $list;
}
function my_extra_ips_hook( $extra_ips, $hook ) {
$list = get_transient( MY_EXTRA_IPS_LIST );
// if the list does not exist, then update
if ( ! $list ) {
wp_schedule_single_event( time(), MY_EXTRA_IPS_CRON );
}
// restrict the target hook
if ( $list && in_array( $hook, array( 'xmlrpc', 'login' ) ) ) {
$extra_ips['black_list'] .= ( $extra_ips['black_list'] ? ',' : '' ) . $list;
}
return $extra_ips;
}
add_action( MY_EXTRA_IPS_CRON, 'my_extra_ips_get' );
add_filter( 'ip-location-block-extra-ips', 'my_extra_ips_hook', 10, 2 );
2.) Validate extra IP addresses with CIDR prior to other validations. Get IPs with CIDR from Amazon AWS and set them to the black list
define( 'MY_EXTRA_IPS_LIST', 'my_extra_ips_list' );
define( 'MY_EXTRA_IPS_CRON', 'my_extra_ips_cron' );
function my_extra_ips_get() {
$list = json_decode(
@file_get_contents( 'https://ip-ranges.amazonaws.com/ip-ranges.json' ),
TRUE // convert object to array
);
// keep the list in the cache
if ( is_array( $list['prefixes'] ) ) {
$list = implode( ',', array_column( $list['prefixes'], 'ip_prefix' ) );
set_transient( MY_EXTRA_IPS_LIST, $list, DAY_IN_SECONDS );
}
if ( ! wp_next_scheduled( MY_EXTRA_IPS_CRON ) )
wp_schedule_single_event( time() + HOUR_IN_SECONDS, MY_EXTRA_IPS_CRON );
return $list;
}
function my_extra_ips_hook( $extra_ips, $hook ) {
// if the list does not exist, then update
$list = get_transient( MY_EXTRA_IPS_LIST );
if ( ! $list )
wp_schedule_single_event( time(), MY_EXTRA_IPS_CRON );
// restrict the target hook
if ( in_array( $hook, array( 'xmlrpc', 'login' ), true ) ) {
$extra_ips['black_list'] .= ( $extra_ips['black_list'] ? ',' : '' ) . $list;
}
return $extra_ips;
}
add_action( MY_EXTRA_IPS_CRON, 'my_extra_ips_get' );
add_filter( 'ip-location-block-extra-ips', 'my_extra_ips_hook', 10, 2 );
"mu-plugins" (ip-location-block-mu.php)
as Validation timing , you should put your code snippet into drop-in.php
in Geolocation API folder instead of functions.php
. See My custom functions in “functions.php” doesn’t work. in FAQ for detail.Since
0.2.2.0