Protect your website against Brute Force Attacks and other malicious requests that have potential to jeopardise the website’s safety or hijacking your …
Author: | Paul C. Schroeder (profile at wordpress.org) |
WordPress version required: | 4.0 |
WordPress version tested: | 6.2.2 |
Plugin version: | 2.1 |
Added to WordPress repository: | 01-12-2020 |
Last updated: | 06-06-2023 |
Rating, %: | 0 |
Rated by: | 0 |
Plugin URI: | https://youtag.lu/ip-vault |
Total downloads: | 793 |
Active installs: | 20+ |
Click to start download |
IP Vault lets you protect your WordPress backend – and any other part of your website – from non verified users.
IP Vault Firewall also preserves your server ressources and bandwidth by blocking hacking attempts before they reach your site.
How does it work ?
Requests to protected files and folders are redirected to the Authentication Page. IP Vault unlocks user’s IP addresses using a key
that is emailed for authentication. Once users verify their account, they can access all restricted areas. Users are automatically verified on registration.
What is protected ?
Out-of-the box, IP Vault restricts access to .php
and .phtml
files, as well as wp-admin
folder, which are frequently exploited by bad bots and hackers.
You can choose which part of your site to protect. Need to make the whole website private ? No problem, just restrict access to /
.
The story behind this plugin
In the past 20 years, I have been monitoring a few dozen client sites to prevent malicious access. I have also helped a great number of people to clean their website from malware.
I noticed that even marginal WordPress sites or non-wordpress PHP based sites are constantly exposed to hacking attempts.
Almost all exploits I have seen work by either calling a vulnerable PHP script already on the server, by adding such a script or by injecting their own code into an existing script.
I have tried and tested quite a few security plugins. They can be quite complex to set up and to maintain. Some security plugins try to block access to vulnerable files by comparing requests to a blacklist.
These tend to become quite large and need frequent updates to be efficient. Others use geo-blocking services to block requests from certain countries. However in my experience, hacking attempts can come from just about any location.
I thought there must be a better way using whitelists for verified users instead. And that’s how the idea for IP Vault was born.
To Dos
- add option to get auth code by SMS (requires users to register phone number)
I love this plugin. How can I contribute ?
- Rate plugin and leave feedback on WordPress.org
- Help resolve questions in support forums
- Help with translations
- Donate
Disclaimer
This plugin uses the following 3rd Party services :
-
ip-api.com – used to offer insights into IP addresses, namely country and city information. Terms and Policies
-
ipify.org – used to map IPv6 addresses to IPv4. Terms and Policies
Screenshots
ChangeLog