Advanced IP Blocker

The scanner checks your site in two ways: Local Scan: Checks for outdated PHP versions, WordPress core updates, debug mode risks, and SSL status. This runs locally and instantly. Deep Scan (Vulnerability Audit): Checks your installed plugins and themes against our central database of known security vulnerabilities (CVEs). This process is manual (you click a button) to ensure it never slows down your site during normal operation.

The Audit Log is your site's "black box". It records critical administrative actions such as plugin activations, settings changes, and file modifications. This helps you identify "who did what and when," which is essential for troubleshooting and security forensics.

The FIM scans your critical core files (wp-config.php, .htaccess, index.php) and specific plugin files daily. It takes a "fingerprint" (hash) of the file. If the file changes (e.g., malware adds a line of code), the fingerprint changes, and the plugin alerts you immediately via email.

To ensure maximum performance as the network grows. Storing thousands of IPs in standard WordPress options (wp_options) can slow down a site. By moving this data to a dedicated, indexed database table (wp_advaipbl_community_ips), we ensure that lookups are lightning-fast (O(1) complexity) and consume negligible memory, regardless of how many threats we track.

It is a collaborative security feature where users share anonymized data about verified attacks (like SQL injections caught by the WAF or IPs flagged by AbuseIPDB). Our central server aggregates this data to create a global blocklist of active threats. You can choose to contribute data ("Join") and/or use the global list to protect your site ("Enable Blocking").

No. The data sharing happens in the background via a low-priority scheduled task (Cron) just a few times a day. The global blocklist is downloaded locally and cached, so checking an IP against it is instant (microseconds) and does not require external API calls.

You need a free Cloudflare account and your domain must be using Cloudflare's nameservers. 1. Go to Security > Settings > Cloud Edge Defense. 2. Enter your Cloudflare API Token (with "Zone > Firewall Services > Edit" permissions) and Zone ID. 3. Click "Verify" and save. The plugin will now automatically push your blocked IPs to Cloudflare's Firewall. For a step-by-step guide with screenshots, click the help icon in the settings or visit our website.

Yes. Safety is our priority. 1. Backups: The plugin automatically creates a timestamped backup of your .htaccess file in a protected folder every time it writes new rules. 2. Compatibility: It automatically detects your server type and generates valid syntax for Apache 2.2 or 2.4. 3. Safety Limit: It includes a safety limit on the number of IPs written to the file to prevent server memory issues.

The "Server-Level Firewall (.htaccess)" feature relies on Apache/LiteSpeed specific files. If you use Nginx (without Apache), these local rules will be ignored by the server. Recommendation: For Nginx users, we strongly recommend enabling the Cloud Edge Defense (Cloudflare) feature. It provides the same "pre-execution" blocking benefits but works on any server environment since the blocking happens in the cloud.

While every website's security needs are unique, here is a general guide to get you started based on your site's profile. For a deep dive into every feature, please consult our Comprehensive Feature Guide. 1. Essential First Steps (For ALL Websites) No matter your site type, do these three things immediately after installation to ensure a strong baseline security without locking yourself out: Whitelist Your IPs: Go to Security > Dashboard > System Status and use the one-click buttons to add your current IP and your server's IP to the whitelist. This is the most critical step. Activate Trap Defenses: Go to Security > Blocking Rules, and in the "User Agents" and "Honeypot URLs" tabs, copy the suggested lists into the active blocklist text areas. This provides immediate protection from thousands of common bots. Enable Logging: Go to Security > Settings > General and ensure "Enable Logging" is turned on. This gives you the visibility you need to understand what is happening on your site. 2. Recommended Profiles Once the essentials are done, tailor the configuration to your site type: For a Standard Blog or Business Website: Your main goal is to block automated threats without affecting administrators. * Enable the IP Trust & Threat Scoring System: This is the smartest way to block bad actors contextually. The default point values are an excellent starting point. (Found in Settings > IP Trust & Threat Scoring). * Enable the WAF and Rate Limiting: These are powerful proactive defenses. (Found in Settings > Core Protections and Threshold Blocking). * Enable Spamhaus ASN Protection: Let the plugin automatically block thousands of known malicious networks for you. (Found in Settings > Core Protections). For an E-commerce or Membership Site (WooCommerce, etc.): You need to protect your site while ensuring legitimate customers from around the world are never blocked. * Enable Two-Factor Authentication (2FA): This is the single best way to protect administrator and shop manager accounts. Enforce it for these roles in Settings > Login & User Protection. * Use Geo-Challenge Instead of Geoblocking: If you receive attacks from a specific country but also have customers there, use the Geo-Challenge feature instead of a hard block. This will stop bots without affecting human users. * CRITICAL: DO NOT USE "Whitelist Login Access". This feature will lock out your customers. * WAF Exclusions: Double-check that URLs for your payment gateways (like Stripe or PayPal webhooks) are in the WAF exclusion list to ensure payments are processed correctly. For Any Site Using a CDN or Reverse Proxy (like Cloudflare): Your top priority is ensuring the plugin detects the correct visitor IP address. * Configure Trusted Proxies: Go to Security > Settings > IP Detection. Add the IPs or, even better, the ASNs of your CDN/proxy service to this list. For Cloudflare, simply add AS13335 on a new line. This is essential for the accuracy of all other security features.