This plugin allows blacklisting users based on their IP address, however it takes the IP address from the
X-Forwarded-For header if available.
Not all Web server configurations will strip or replace
X-Forwarded-For headers – in which case the IP ban can be bypassed by sending this header. This plugin therefore only works in certain configurations, but does not warn admins of this fact.
Current state: Fixed
curl http://localhost/"and see the “You Are Banned” message
curl http://localhost/ -H 'X-Forwarded-For: 999.999.999.999'"and see that it displays the page
Note that this will not work if your Web server sets or strips
(To remove the IP blacklist run this SQL: “
delete from wp_options where option_name='banned_ips';")
Upgrade to version 1.6.4 or later.
If a reverse-proxy is used, check the “I am using a reverse proxy” box in the plugin settings, and ensure that
X-Forwarded-For headers are being set even if the request already contains an