Introduction
IP Filter is a plugin for WordPress. It lets you grant or deny access to your website using a list of IP addresses.
Features
- Filtered visitors will get a 403 Forbidden page.
- Two filters available: “grant” (IP Filter IP list will act as a white list) and “deny” (it will act as a black list). The default filter type is “deny”
- Wildcard character “*” allowed to filter a group of IPv4 addresses
- Blocked IP addresses can be logged
- The error message is customizable and can contain HTML
- IP addresses to be filtered can be typed in a text zone. Here is a list of what you can put in this text zone:
- Free format, you are not limited to put one IP address per line
- Comments are allowed and will be ignored by IP Filter, but they should not contain IP addresses and the “*” character
- IPv4 and IPv6 addresses are allowed
- Wildcard character “*” is accepted for IPv4 but it must represent a complete field. IP addresses without wildcard can’t be truncated. Examples:
- Correct: 10.20.30.40
- Correct: 10.20.*.40
- Correct: 10.*.*.*
- Correct: 10.*
- Correct: *.20
- Correct: *
- Incorrect: 10.2*
- Incorrect: 10.20
- Incorrect: 10.2*.30.40
Be careful to not block yourself!
Screenshot
Notes
If you happen to block yourself, remember that you still can access your administration area by typing the URL “/wp-admin/” after your domain name. Additionnally, you can also add the URL parameter “ipfilter_bypass” to bypass the filter (eg: “http://www.mysite.com/?ipfilter_bypass”).
Installation
The installation of IP Filter is very easy. Just extract the plugin directory into your wp-content/plugins directory, and add the IP addresses to filter in the IP Filter options page.
For some reason the software will not log blocked IP addresses. We tested it with a known IP.
Any Suggestions?
Hi Rick,
I can only see three reasons for the IP logging not working:
Is the logging option enabled? If not, then make sure it is enabled; if yes, then try to disable it/enable it again. Also, make sure that PHP has the write privilege in the path of the IP Filter plugin.
Hope this helps 🙂
I notice when I go to my configure page only one or two of the words I put in the “message shown” box, how can I tell if my entire message is showing?
Hi,
The normal behavior of IP Filter is that you should see the entire message in the “Message shown to filtered visitors” box.
Could you try to write a new message and save it? It works here for me, I just verified it, so it should work for you too.
If it doesn’t work, could you tell me in which language are you writing the message, and also could you try to save after you deactivated all the plugins but IP Filter?
Thank you for your interest in IP Filter 🙂
Yeah, I tried to resave it, but only one or two of the words show up in the box. I’m using the program in English. The program is working fine but I have no way of checking what the end user is seeing. Thanks for your help.
That’s weird… Does the same thing happen if you deactivate all other plugins? Do you have any error message? If not, could you follow the instructions in our support page to activate error reporting temporarily, and tell me of any error you may see?
Thank you for your patience 🙂
S-DLT, I just ran into the same issue as well, but I figured what caused it.
Did you have “‘” in your message? When I tried to save something like “you don’t have access”, the message was cut off at the “‘” mark (so it came up as “you don”).
After I changed my message to “you do not have access”, the entire message was saved correctly. So try a message that doesn’t use “‘” (or even quotes for that matter).
Just wanted to clarify: “‘” was supposed to be single quotes (” ‘ “). Basically I was trying to say avoid using single or double quotation marks in the error message.
I confirm the problem. Thanks for reporting this! Will be fixed on the next release 🙂
See my reply to S-DLT
The problem is fixed in version 1.0.3 🙂
You rock! Thanks for the update!!!
And more to come 😉
Help!
I locked myself out, i blocked my IP to test if it was logged in the log folder, it was not as folder didn’t have the right permission but now i can no longer access the admin.
I tried what you say: mysite.com/wp-admin/
mysite.com/wp-login.php?ipfilter_bypass
and every single other way around but there is no way to get access!
where are located the blocked Ip on the server. must be a way to delete mine! or any other way but i need to solve my problem!
Please help
Thanks
Lina
Hi Lola !
Ip-Filter settings are stored in the wp_options table, key “ipfilter”.
However you should be able to log in even if you added your IP. Maybe a new bug? What is your WordPress version?
Alternatively you can login to your admin area using a proxy or by using the Tor browser.
Sorry for the trouble.
I am having the same problem I cannot access the admin area and I have tried different ways. If I cannot not back out the IP addresses then I will remove the IP Filter completely. My site is useless if I cannot get into the admin area. I could use some help here! Where are the IP addresses listed? In the DB or text file?
Please disregard last posting. Found the problem.
Hi,
Thanks for the plugin. Is there anyway to fully block an IP and to disable the bypass? the reason is to stop people trying to brute force the admin login… with the bypass option they would still be able to try to login. It would be great to have an option to fully block an IP, if you make a mistake you can always fix it by editing the database or removing the plugin files.
Jo
Ooops… I noticed that you could remove the IPfilter bypass, and your plugin seems to block every attempts to login as well… it is great! I have another question though, how to do remove an IP from the ipfilter key without the plugin resetting all its settings?
I.e.: I tried to block my ip, it worked, I then went to the wp_option table and removed my ip from the ipfilter key, but it then reset everything, the custom message as well as any other IP I had listed.
Is there a way to remove a unique IP, to unlock your self, directly in the database without having your plugin to reset itself?
Thanks!
Hi Jo,
You should not edit the wp_options table manually because it is a “dangerous” thing to do; if you still want to do it, here is a little helper.
s:10 stands for a string of 10 characters for example.
a:6 stands for an array with 6 key/value pairs between the next brackets.
Example:
The important thing to remember is that if you edit the list of IP addresses directly (the data associated to the “filtered_ips” key), remember to replace the “s:1000” part of the example by the new length of the string. Otherwise WordPress will consider the field as invalid and will reset the ipfilter occurence in the wp_options table. I know that’s not very convenient, I should definitely use a better storage option for filtered IP addresses. But that’s how it works currently 🙂
Hi can I ask a question? If I enter 222.127.*.*.
1. Is that a valid entry?
2.Will I be blocking first two segments of the IP Address (222.127) or the whole IP address? I’m looking to block 222.127.
Cheers,
Henry
Hi Henri,
It’s a valid entry but you could also write 227.127.*, it will block any ip begining by 227.127
Hello , how to clearify IP banned list ?
I made “List of IP addresses to filter:” , but ip still blocked ?
need to clear SQL base ?
thanks
Hi,
If you save the list of IP addresses to a blank text, then no IP address should be blocked. Maybe you have another plugin blocking that IP.
Have you thought about adding an automatic parse of IP addresses in the Comments Spam folder? I think this would be a great addition if you could simply mark comments as spam and the IP ends up on the IP Filter list.
Yes it would be a great addition indeed. Added in the list of feature requests 🙂
hi, Thanks for the plugin, I’ve just started using it. Here’s a list of hacker (attempted brute forces on my website) IP addresses:
http://www.madeinengland.co.nz/ive-closed-my-hacking-competition-early
Please leave a comment on my site if you have others to add to this list for people to share 🙂
I’m thinking about adding a text field in the options that would allow to optionnally load IP addresses from an external source. That would be an URL to a text-file for example.
A great feature to add would be automatic extraction of IPs from the Spam comments. A lot of the WordPress sites I maintain we mark the comments as spam and keep them and not delete them. It would be great it there was a checkbox to turn on “Also get IPs from Spam Comments” and have it automatically pull those in on Save.
That will definitely be included in a future releasr as I got a need for that as well 😉
I’m sorry if this is too elementary, but I had someone on my site that was filling out forms at an insanely fast rate and I want to block them– this plugin looks perfect for the job, but how do I go about figuring out the ip address of the offender? I tried to use the google analytics filter, but in the filter area there is no way option to select “visitor ip address” as all of the tutorials say… and I am the admin. So what tools (or plugins) do you recommend for finding the offenders? Thanks!
hi, Thanks for the plugin.
I want to block IPs to visit some pages instead of whole site.
example:BLOCK 1.2.3.4 VISIT http://www.abc.com/post-001
how could I do?
HELP ME PLS!
This plugin looks like it is exactly what I need, but I want to allow users that are editors to be able to add IPs. Is there a way I can change the permissions to allow Editors to access the admin page of this plugin?
I have received numerous IP addresses from Ukraine posting unwanted adds and have been effectively using the filter as their IP addresses change, however one recent IP address seems to be unaffected by the filter as well as their post not showing up on reports normally emailed to me for moderation [5.248.80.184]. In an attempt to block 5.* I somehow blocked myself from the site and was forced to stay with the complete IP address.
Any suggestions would be a great help. Thanks
Can I use this plug in to restrict access to certain pages on my website only? I want 90% of my site to be available to the public but for limited pages to be available to a limited number of IP addresses.
Love this plug-in, but at times it only works intermittently. Blocked IPs are still able to access the site. I have blocked over 1,000 IPs. Is this too many? Could this be causing the misses?
We are using the “Grant” filter and have just recently started using a web based proxy service. Is there a way to have the plugin detect a more accurate IP of the visitor instead of that of the proxy?
Hello. Is there anyway that IP Filter can allow a range of sequential ips from the same source without typing them all in?