Description
Simple IP Blocker for Pages is a lightweight security plugin to restrict access to specific pages based on visitor IP addresses.
It features a secure administration interface and supports custom block messages with safe HTML (via wp_kses_post) for secure personalization.
Key Features
- Flexible IP Blocking: Block individual IPv4 addresses or entire ranges using CIDR notation (e.g., 192.168.1.0/24).
- Page-Level Protection: Select specific pages to protect while keeping the rest of your site accessible.
- Enhanced Security: Implements strict manual sanitization (
wp_unslashandsanitize_text_field) and systematic output escaping withabsint()for all numeric values. - Custom Block Messages: Display personalized messages with safe HTML support or redirect blocked visitors.
- Self-Blocking Prevention: Built-in safeguard prevents administrators from accidentally locking themselves out.
- User-Friendly Interface: View blocked IPs list directly on the settings page with easy navigation to full management interface.
- Real-Time Feedback: Success and warning messages for all actions (add, delete, save settings).
- CDN & Proxy Support: Compatible with Cloudflare and proxies via
X-Forwarded-Forheaders with built-in spoofing warnings.
Captures d’écrans
Settings page with page selection and block message preview 
Add IPs to block with CIDR support and self-blocking protection 
Manage blocked IPs with bulk deletion 
Advanced options for proxy/CDN compatibility 
Manage block message
Installation
- Upload the plugin folder to the
/wp-content/plugins/directory. - Activate the plugin through the ‘Plugins’ menu in WordPress.
- Navigate to ‘IP Blocker’ to configure protected pages and blocked IP addresses.
FAQ
-
How do I block an IP address?
-
- Go to ‘IP Blocker’ in your WordPress admin menu
- Scroll to the « Add IPs to Block » section
- Enter IP addresses (one per line) or CIDR ranges (e.g., 192.168.1.0/24)
- Click « Add IPs »
- You’ll see a success message confirming how many IPs were added
-
Can I see which IPs are currently blocked?
-
Yes! The blocked IPs list is displayed on the main settings page (first 10 IPs). Click « Manage All Blocked IPs » to see the complete list and manage them.
-
How do I remove blocked IP addresses?
-
- Go to ‘IP Blocker’ ‘Manage IPs’
- Check the boxes next to the IPs you want to remove
- Click « Delete Selected »
- You’ll see a confirmation message
-
What happens if I try to block my own IP?
-
The plugin has a built-in safeguard that prevents you from blocking your own IP address. You’ll receive a warning message showing which IPs were skipped.
-
What is CIDR notation?
-
CIDR (e.g., 192.168.1.0/24) allows you to block entire IP ranges. /24 blocks 256 addresses (192.168.1.0 to 192.168.1.255), /16 blocks 65,536 addresses, etc.
-
Does this work with Cloudflare or other CDNs?
-
Yes! Enable « Check Proxy/Cloudflare Headers » in the settings to correctly identify visitor IPs behind proxies or CDNs.
-
Which pages can I protect?
-
You can select any published WordPress page. The rest of your site remains accessible to everyone.
Avis
Il n’y a aucun avis pour cette extension.
Contributeurs/contributrices & développeurs/développeuses
« Simple IP Blocker for Pages » est un logiciel libre. Les personnes suivantes ont contribué à cette extension.
Contributeurs
Traduisez « Simple IP Blocker for Pages » dans votre langue.
Le développement vous intéresse ?
Parcourir le code, consulter le SVN dépôt, ou s’inscrire au journal de développement par RSS.
Journal des modifications
2.3.4
- Security: Added explicit re-validation of IP addresses before deletion to prevent invalid data manipulation.
- Security: Enhanced CIDR range validation with strict boundary checking (0-32) and decimal value prevention.
- Security: Improved
sipbl_validate_ip_or_cidr()function with separated validation logic for better clarity and security. - Security: Complete output escaping using
absint()for all numeric values displayed in admin interface. - Security: IP addresses in warning messages are now properly escaped with
esc_html(). - Improvement: Added comprehensive admin notification system with success, warning, and error messages.
- Improvement: Blocked IPs list now displayed on main settings page (shows first 10 with « …and X more » indicator).
- Improvement: Added « Manage All Blocked IPs » button for easy navigation to full IP management page.
- Improvement: Added « Back to Settings » navigation button on IP management page.
- Improvement: Real-time IP count indicators on both settings and management pages.
- Improvement: Better user feedback when attempting to block own IP address (shows specific IPs that were skipped).
- Fix: Resolved WordPress.Security.EscapeOutput.OutputNotEscaped warnings for numeric variables.
2.3.3
- Security: Full security audit of data validation and output escaping.
- Security: Strict page ID validation using
absint()to prevent injection. - Security: Enhanced redirect URL validation using
esc_url_raw(). - Security: Implemented systematic output escaping to prevent XSS vulnerabilities.
2.3.2
- Security: Fixed
WordPress.Security.EscapeOutput.OutputNotEscapederrors. - Security: Replaced
__translation functions withesc_html__andesc_attr__for secure admin UI rendering.
2.3.0
- Security: Removed insecure
filter_inputcalls and replaced them with strict manual sanitization usingwp_unslash()andsanitize_textarea_field(). - Security: Enhanced validation logic using
filter_varwithFILTER_VALIDATE_IPfor all address and CIDR inputs. - Security: Improved output escaping throughout the admin UI (esc_html, esc_attr, and esc_textarea).
- Improvement: Added safe admin UI feedback using transients for success and error notifications.
2.2.1
- Security: Full internationalization (i18n) of all user-facing strings.
- Security: Enhanced input validation and sanitization across all forms.
- Security: Strict nonce verification implemented for all admin actions.