⚠️ Status: untested. This extension is provided as-is and has not been tested in production. Please feel free to fork, modify, improve, and open pull requests.Licensed under GNU GPLv3 (see LICENSE).
WordPress plugin that screens every front-end visitor against the ip-block.com service and blocks flagged IP addresses before your site renders.
Settings → IP Block
| Field | Purpose |
|---|---|
| Enable IP Protection | Master on/off switch |
| Site ID | Your 12-character ip-block.com site identifier |
| API Key | Your 48-character key (leave blank to keep the saved one) |
| API Endpoint URL | Defaults to https://api.ip-block.com/v1/check |
| If service is unreachable | Fail open (allow) or closed (block) |
| Decision Cache Lifetime | Seconds a decision is cached; 0 = check every request |
| Behind a proxy / CDN | Read the real IP from CF-Connecting-IP / X-Forwarded-For |
| When a visitor is blocked | Redirect to ip-block.com, or show a local 403 |
| Block Message | Local 403 text |
| Allowlisted IPs | One IP per line — never blocked |
- Copy the
ip-block-protectionfolder intowp-content/plugins/. - Plugins → Installed Plugins → Activate "IP Block Protection".
- Configure under Settings → IP Block and tick Enable.
- Hooks
plugins_loaded(priority 1) so blocked IPs are stopped before heavy work. - Admin, cron, WP-CLI and AJAX requests are never screened.
IPBlock_Checkerhandles allowlisting, transient caching and fail-open/closed.IPBlock_Clientspeaks the ip-block.com API (POST /v1/check→{"action":...}).
- Allowlist your own IP before enabling so you cannot lock yourself out of the front end.
- The API key is stored in the
wp_optionstable (standard WordPress practice).