IP Filter

Introduction

IP Filter is a plugin for WordPress. It lets you grant or deny access to your website using a list of IP addresses.

Features

  • Filtered visitors will get a 403 Forbidden page.
  • Two filters available: “grant” (IP Filter IP list will act as a white list) and “deny” (it will act as a black list). The default filter type is “deny”
  • Wildcard character “*” allowed to filter a group of IPv4 addresses
  • Blocked IP addresses can be logged
  • The error message is customizable and can contain HTML
  • IP addresses to be filtered can be typed in a text zone. Here is a list of what you can put in this text zone:
    • Free format, you are not limited to put one IP address per line
    • Comments are allowed and will be ignored by IP Filter, but they should not contain IP addresses and the “*” character
    • IPv4 and IPv6 addresses are allowed
    • Wildcard character “*” is accepted for IPv4 but it must represent a complete field. IP addresses without wildcard can’t be truncated. Examples:
      • Correct: 10.20.30.40
      • Correct: 10.20.*.40
      • Correct: 10.*.*.*
      • Correct: 10.*
      • Correct: *.20
      • Correct: *
      • Incorrect: 10.2*
      • Incorrect: 10.20
      • Incorrect: 10.2*.30.40

Be careful to not block yourself!

 Screenshot

IP Filter settings page

Notes

If you happen to block yourself, remember that you still can access your administration area by typing the URL “/wp-admin/” after your domain name. Additionnally, you can also add the URL parameter “ipfilter_bypass” to bypass the filter (eg: “http://www.mysite.com/?ipfilter_bypass”).

Installation

The installation of IP Filter is very easy. Just extract the plugin directory into your wp-content/plugins directory, and add the IP addresses to filter in the IP Filter options page.

Get it!

Download IP Filter

View Comments (39)

  • For some reason the software will not log blocked IP addresses. We tested it with a known IP.
    Any Suggestions?

    • Hi Rick,

      I can only see three reasons for the IP logging not working:

      1. IP logging is not enabled in IP Filter options
      2. PHP has no write access to IP Filter directory
      3. You found a bug in IP Filter and I should correct it :)

      Is the logging option enabled? If not, then make sure it is enabled; if yes, then try to disable it/enable it again. Also, make sure that PHP has the write privilege in the path of the IP Filter plugin.

      Hope this helps :)

  • I notice when I go to my configure page only one or two of the words I put in the "message shown" box, how can I tell if my entire message is showing?

    • Hi,

      The normal behavior of IP Filter is that you should see the entire message in the "Message shown to filtered visitors" box.

      Could you try to write a new message and save it? It works here for me, I just verified it, so it should work for you too.

      If it doesn't work, could you tell me in which language are you writing the message, and also could you try to save after you deactivated all the plugins but IP Filter?

      Thank you for your interest in IP Filter :)

      • Yeah, I tried to resave it, but only one or two of the words show up in the box. I'm using the program in English. The program is working fine but I have no way of checking what the end user is seeing. Thanks for your help.

        • Just wanted to clarify: "'" was supposed to be single quotes (" ' "). Basically I was trying to say avoid using single or double quotation marks in the error message.

        • S-DLT, I just ran into the same issue as well, but I figured what caused it.

          Did you have "'" in your message? When I tried to save something like "you don't have access", the message was cut off at the "'" mark (so it came up as "you don").

          After I changed my message to "you do not have access", the entire message was saved correctly. So try a message that doesn't use "'" (or even quotes for that matter).

        • That's weird... Does the same thing happen if you deactivate all other plugins? Do you have any error message? If not, could you follow the instructions in our support page to activate error reporting temporarily, and tell me of any error you may see?

          Thank you for your patience :)

  • Help!

    I locked myself out, i blocked my IP to test if it was logged in the log folder, it was not as folder didn't have the right permission but now i can no longer access the admin.

    I tried what you say: mysite.com/wp-admin/
    mysite.com/wp-login.php?ipfilter_bypass

    and every single other way around but there is no way to get access!

    where are located the blocked Ip on the server. must be a way to delete mine! or any other way but i need to solve my problem!

    Please help

    Thanks

    Lina

    • Hi Lola !

      Ip-Filter settings are stored in the wp_options table, key "ipfilter".

      However you should be able to log in even if you added your IP. Maybe a new bug? What is your WordPress version?

      Alternatively you can login to your admin area using a proxy or by using the Tor browser.

      Sorry for the trouble.

      • I am having the same problem I cannot access the admin area and I have tried different ways. If I cannot not back out the IP addresses then I will remove the IP Filter completely. My site is useless if I cannot get into the admin area. I could use some help here! Where are the IP addresses listed? In the DB or text file?

  • Hi,
    Thanks for the plugin. Is there anyway to fully block an IP and to disable the bypass? the reason is to stop people trying to brute force the admin login... with the bypass option they would still be able to try to login. It would be great to have an option to fully block an IP, if you make a mistake you can always fix it by editing the database or removing the plugin files.
    Jo

  • Ooops... I noticed that you could remove the IPfilter bypass, and your plugin seems to block every attempts to login as well... it is great! I have another question though, how to do remove an IP from the ipfilter key without the plugin resetting all its settings?
    I.e.: I tried to block my ip, it worked, I then went to the wp_option table and removed my ip from the ipfilter key, but it then reset everything, the custom message as well as any other IP I had listed.
    Is there a way to remove a unique IP, to unlock your self, directly in the database without having your plugin to reset itself?
    Thanks!

    • Hi Jo,

      You should not edit the wp_options table manually because it is a "dangerous" thing to do; if you still want to do it, here is a little helper.

      s:10 stands for a string of 10 characters for example.
      a:6 stands for an array with 6 key/value pairs between the next brackets.

      Example:

      a:6:{s:11:"filter_type";s:4:"deny";s:12:"filtered_ips";s:1000:"1.1.1.1
      2.2.2.2
      3.3.3.3
      4.4.4.4
      (bunch of IP addresses skipped...)
      9.9.9.9
      10.10.10.10";s:12:"deny_message";s:68:"<h1>Access denied!</h1>
      <p>Your IP address has been recorded.</p>
      ";s:15:"log_blocked_ips";b:1;s:19:"ipfilter_bypass_url";s:15:"ipfilter_bypass";s:10:"bypass_url";s:22:"my_ipfilter_bypass_url";}
      

      The important thing to remember is that if you edit the list of IP addresses directly (the data associated to the "filtered_ips" key), remember to replace the "s:1000" part of the example by the new length of the string. Otherwise WordPress will consider the field as invalid and will reset the ipfilter occurence in the wp_options table. I know that's not very convenient, I should definitely use a better storage option for filtered IP addresses. But that's how it works currently :)

  • Hi can I ask a question? If I enter 222.127.*.*.

    1. Is that a valid entry?
    2.Will I be blocking first two segments of the IP Address (222.127) or the whole IP address? I'm looking to block 222.127.

    Cheers,

    Henry

    • Hi Henri,
      It's a valid entry but you could also write 227.127.*, it will block any ip begining by 227.127

  • Hello , how to clearify IP banned list ?
    I made "List of IP addresses to filter:" , but ip still blocked ?
    need to clear SQL base ?

    thanks

    • Hi,

      If you save the list of IP addresses to a blank text, then no IP address should be blocked. Maybe you have another plugin blocking that IP.

  • Have you thought about adding an automatic parse of IP addresses in the Comments Spam folder? I think this would be a great addition if you could simply mark comments as spam and the IP ends up on the IP Filter list.

    • Yes it would be a great addition indeed. Added in the list of feature requests :)

1 2 3