{"id":263390,"date":"2026-01-04T20:20:59","date_gmt":"2026-01-04T20:20:59","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/simple-ip-blocker-for-pages\/"},"modified":"2026-01-04T20:25:48","modified_gmt":"2026-01-04T20:25:48","slug":"simple-ip-blocker-for-pages","status":"publish","type":"plugin","link":"https:\/\/pcd.wordpress.org\/plugins\/simple-ip-blocker-for-pages\/","author":23406744,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"2.3.4","stable_tag":"2.3.4","tested":"6.9.4","requires":"6.0","requires_php":"7.4","requires_plugins":null,"header_name":"Simple IP Blocker for Pages","header_author":"phm1000","header_description":"Bloquez des adresses IP ou des plages CIDR sp\u00e9cifiques sur des pages s\u00e9lectionn\u00e9es. S\u00e9curit\u00e9 renforc\u00e9e (Sanitization, Validation, Escaping).","assets_banners_color":"5b7a8c","last_updated":"2026-01-04 20:25:48","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/buymeacoffee.com\/pmathis","header_plugin_uri":"","header_author_uri":"https:\/\/philippemathis.com","rating":0,"author_block_rating":0,"active_installs":0,"downloads":136,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"2.3.4":{"tag":"2.3.4","author":"phm1000","date":"2026-01-04 20:25:48"}},"upgrade_notice":{"2.3.4":"

Major update: Enhanced security with complete output escaping compliance, improved user interface with blocked IPs preview and navigation, comprehensive notification system. Recommended for all users.<\/p>","2.3.3":"

Critical security update: Full audit of data validation and output escaping. All users must upgrade.<\/p>","2.3.0":"

Important security update: Replaces insecure input filtering with strict sanitization and validation.<\/p>"},"ratings":[],"assets_icons":{"icon-256x256.png":{"filename":"icon-256x256.png","revision":3432248,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-772x250.png":{"filename":"banner-772x250.png","revision":3432248,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["2.3.4"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3432248,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3432269,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3432248,"resolution":"3","location":"assets","locale":""},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3432248,"resolution":"4","location":"assets","locale":""},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3432248,"resolution":"5","location":"assets","locale":""}},"screenshots":{"1":"Settings page with page selection and block message preview","2":"Add IPs to block with CIDR support and self-blocking protection","3":"Manage blocked IPs with bulk deletion","4":"Advanced options for proxy\/CDN compatibility","5":"Manage block message"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[1912,229510,1192,212949,600],"plugin_category":[54],"plugin_contributors":[253281],"plugin_business_model":[],"class_list":["post-263390","plugin","type-plugin","status-publish","hentry","plugin_tags-access-control","plugin_tags-cidr","plugin_tags-ip-blocking","plugin_tags-page-protection","plugin_tags-security","plugin_category-security-and-spam-protection","plugin_contributors-phm1000","plugin_committers-phm1000"],"banners":{"banner":"https:\/\/ps.w.org\/simple-ip-blocker-for-pages\/assets\/banner-772x250.png?rev=3432248","banner_2x":false,"banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/simple-ip-blocker-for-pages\/assets\/icon-256x256.png?rev=3432248","icon_2x":"https:\/\/ps.w.org\/simple-ip-blocker-for-pages\/assets\/icon-256x256.png?rev=3432248","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/simple-ip-blocker-for-pages\/assets\/screenshot-1.png?rev=3432248","caption":"Settings page with page selection and block message preview"},{"src":"https:\/\/ps.w.org\/simple-ip-blocker-for-pages\/assets\/screenshot-2.png?rev=3432269","caption":"Add IPs to block with CIDR support and self-blocking protection"},{"src":"https:\/\/ps.w.org\/simple-ip-blocker-for-pages\/assets\/screenshot-3.png?rev=3432248","caption":"Manage blocked IPs with bulk deletion"},{"src":"https:\/\/ps.w.org\/simple-ip-blocker-for-pages\/assets\/screenshot-4.png?rev=3432248","caption":"Advanced options for proxy\/CDN compatibility"},{"src":"https:\/\/ps.w.org\/simple-ip-blocker-for-pages\/assets\/screenshot-5.png?rev=3432248","caption":"Manage block message"}],"raw_content":"\n

Simple IP Blocker for Pages<\/strong> is a lightweight security plugin to restrict access to specific pages based on visitor IP addresses.<\/p>\n\n

It features a secure administration interface and supports custom block messages with safe HTML (via wp_kses_post<\/code>) for secure personalization.<\/p>\n\n

Key Features<\/h3>\n\n
    \n
  • Flexible IP Blocking:<\/strong> Block individual IPv4 addresses or entire ranges using CIDR notation (e.g., 192.168.1.0\/24).<\/li>\n
  • Page-Level Protection:<\/strong> Select specific pages to protect while keeping the rest of your site accessible.<\/li>\n
  • Enhanced Security:<\/strong> Implements strict manual sanitization (wp_unslash<\/code> and sanitize_text_field<\/code>) and systematic output escaping with absint()<\/code> for all numeric values.<\/li>\n
  • Custom Block Messages:<\/strong> Display personalized messages with safe HTML support or redirect blocked visitors.<\/li>\n
  • Self-Blocking Prevention:<\/strong> Built-in safeguard prevents administrators from accidentally locking themselves out.<\/li>\n
  • User-Friendly Interface:<\/strong> View blocked IPs list directly on the settings page with easy navigation to full management interface.<\/li>\n
  • Real-Time Feedback:<\/strong> Success and warning messages for all actions (add, delete, save settings).<\/li>\n
  • CDN & Proxy Support:<\/strong> Compatible with Cloudflare and proxies via X-Forwarded-For<\/code> headers with built-in spoofing warnings.<\/li>\n<\/ul>\n\n\n
      \n
    1. Upload the plugin folder to the \/wp-content\/plugins\/<\/code> directory.<\/li>\n
    2. Activate the plugin through the 'Plugins' menu in WordPress.<\/li>\n
    3. Navigate to 'IP Blocker' to configure protected pages and blocked IP addresses.<\/li>\n<\/ol>\n\n\n
      \n

      How do I block an IP address?<\/h3><\/dt>\n
        \n
      1. Go to 'IP Blocker' in your WordPress admin menu<\/li>\n
      2. Scroll to the \"Add IPs to Block\" section<\/li>\n
      3. Enter IP addresses (one per line) or CIDR ranges (e.g., 192.168.1.0\/24)<\/li>\n
      4. Click \"Add IPs\"<\/li>\n
      5. You'll see a success message confirming how many IPs were added<\/li>\n<\/ol><\/dd>\n

        Can I see which IPs are currently blocked?<\/h3><\/dt>\n

        Yes! The blocked IPs list is displayed on the main settings page (first 10 IPs). Click \"Manage All Blocked IPs\" to see the complete list and manage them.<\/p><\/dd>\n

        How do I remove blocked IP addresses?<\/h3><\/dt>\n
          \n
        1. Go to 'IP Blocker' \u2192 'Manage IPs'<\/li>\n
        2. Check the boxes next to the IPs you want to remove<\/li>\n
        3. Click \"Delete Selected\"<\/li>\n
        4. You'll see a confirmation message<\/li>\n<\/ol><\/dd>\n

          What happens if I try to block my own IP?<\/h3><\/dt>\n

          The plugin has a built-in safeguard that prevents you from blocking your own IP address. You'll receive a warning message showing which IPs were skipped.<\/p><\/dd>\n

          What is CIDR notation?<\/h3><\/dt>\n

          CIDR (e.g., 192.168.1.0\/24) allows you to block entire IP ranges. \/24 blocks 256 addresses (192.168.1.0 to 192.168.1.255), \/16 blocks 65,536 addresses, etc.<\/p><\/dd>\n

          Does this work with Cloudflare or other CDNs?<\/h3><\/dt>\n

          Yes! Enable \"Check Proxy\/Cloudflare Headers\" in the settings to correctly identify visitor IPs behind proxies or CDNs.<\/p><\/dd>\n

          Which pages can I protect?<\/h3><\/dt>\n

          You can select any published WordPress page. The rest of your site remains accessible to everyone.<\/p><\/dd>\n\n<\/dl>\n\n\n

          2.3.4<\/h4>\n\n
            \n
          • Security:<\/strong> Added explicit re-validation of IP addresses before deletion to prevent invalid data manipulation.<\/li>\n
          • Security:<\/strong> Enhanced CIDR range validation with strict boundary checking (0-32) and decimal value prevention.<\/li>\n
          • Security:<\/strong> Improved sipbl_validate_ip_or_cidr()<\/code> function with separated validation logic for better clarity and security.<\/li>\n
          • Security:<\/strong> Complete output escaping using absint()<\/code> for all numeric values displayed in admin interface.<\/li>\n
          • Security:<\/strong> IP addresses in warning messages are now properly escaped with esc_html()<\/code>.<\/li>\n
          • Improvement:<\/strong> Added comprehensive admin notification system with success, warning, and error messages.<\/li>\n
          • Improvement:<\/strong> Blocked IPs list now displayed on main settings page (shows first 10 with \"...and X more\" indicator).<\/li>\n
          • Improvement:<\/strong> Added \"Manage All Blocked IPs\" button for easy navigation to full IP management page.<\/li>\n
          • Improvement:<\/strong> Added \"Back to Settings\" navigation button on IP management page.<\/li>\n
          • Improvement:<\/strong> Real-time IP count indicators on both settings and management pages.<\/li>\n
          • Improvement:<\/strong> Better user feedback when attempting to block own IP address (shows specific IPs that were skipped).<\/li>\n
          • Fix:<\/strong> Resolved WordPress.Security.EscapeOutput.OutputNotEscaped warnings for numeric variables.<\/li>\n<\/ul>\n\n

            2.3.3<\/h4>\n\n
              \n
            • Security:<\/strong> Full security audit of data validation and output escaping.<\/li>\n
            • Security:<\/strong> Strict page ID validation using absint()<\/code> to prevent injection.<\/li>\n
            • Security:<\/strong> Enhanced redirect URL validation using esc_url_raw()<\/code>.<\/li>\n
            • Security:<\/strong> Implemented systematic output escaping to prevent XSS vulnerabilities.<\/li>\n<\/ul>\n\n

              2.3.2<\/h4>\n\n
                \n
              • Security:<\/strong> Fixed WordPress.Security.EscapeOutput.OutputNotEscaped<\/code> errors.<\/li>\n
              • Security:<\/strong> Replaced __<\/code> translation functions with esc_html__<\/code> and esc_attr__<\/code> for secure admin UI rendering.<\/li>\n<\/ul>\n\n

                2.3.0<\/h4>\n\n
                  \n
                • Security:<\/strong> Removed insecure filter_input<\/code> calls and replaced them with strict manual sanitization using wp_unslash()<\/code> and sanitize_textarea_field()<\/code>.<\/li>\n
                • Security:<\/strong> Enhanced validation logic using filter_var<\/code> with FILTER_VALIDATE_IP<\/code> for all address and CIDR inputs.<\/li>\n
                • Security:<\/strong> Improved output escaping throughout the admin UI (esc_html, esc_attr, and esc_textarea).<\/li>\n
                • Improvement:<\/strong> Added safe admin UI feedback using transients for success and error notifications.<\/li>\n<\/ul>\n\n

                  2.2.1<\/h4>\n\n
                    \n
                  • Security:<\/strong> Full internationalization (i18n) of all user-facing strings.<\/li>\n
                  • Security:<\/strong> Enhanced input validation and sanitization across all forms.<\/li>\n
                  • Security:<\/strong> Strict nonce verification implemented for all admin actions.<\/li>\n<\/ul>","raw_excerpt":"Block specific IP addresses or CIDR ranges from accessing selected WordPress pages with secure configuration.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/263390","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=263390"}],"author":[{"embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/phm1000"}],"wp:attachment":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=263390"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=263390"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=263390"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=263390"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=263390"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=263390"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}