The plugin calls the rest API at https://verify.threatpoint.co.uk/api/v1/resources/
The rest API is only passed the IP address from the client or X-Forwarded-For address(es) is present.
This external service is only called when the add action – “add_action( ‘login_head’, ‘threatpoint_ip_rep’ );” is placed on a page to protect – wp-login.php for example. Any page can be protected in this manner.
An API key is required to utilise the service, although the plugin will operate without one it will not be able to pass the IP or call any data from the API.
This plugin only passes IP information – no other PII is transferred. The IP address is analysed across the aggregated data within the ThreatPoint IP reputation service and a risk score with geo location information is returned to the plugin. Simple rules within the plugin dictate whether traffic should be allowed to continue as normal or be redirected to an information URL of your choice (set by through the plugin settings). The IP address is stored in the IP aggregated data and used as part of the consortium. No other data such as originating website is stored. Only the IP address and geo location information is held, with date, time and risk scores associated with the request.
Plugin/ Theme Support
- Provide risk based decisions through configuration to allow an administrator the correct flow for their site.
- API Key – An API key is required to access the IP reputation service as explained above – email firstname.lastname@example.org
- Country Blacklist – 2 Character ISO country code csv format. Country codes in this list will cause IP addresses from those countries to issue a redirection. Allows you to block access from countries
- Country Whitelist – 2 Character ISO country code csv format. Country codes in this list will cause only IP addressed from these countries to be allowed. All others will be redirected. Allow all from UK for example.
- Country Blacklist is evaluated first – it makes little sense to have both blacklists and whitelists set although it is a supported option due to demand.
- Redirection URL – The web page you wish traffic to be redirected to
- Reject IP Risk >= – Redirect IP risk scores marked as Consider or High. Allow low risk only if consider is selected. The risk score is created by the IP reputation service based on the source, location, previous use and history across the IP consortium (velocity, reputation, tor, vpn, proxy)
- English (default) – only language currently supported
- Many thanks for taking the time to look at the plugin
- Drop the ThreatPoint team a line @threatpointuk on Twitter
- Email questions or suggestions via email@example.com
- Api key requests via firstname.lastname@example.org
- English – default, currently the only language supported
- The ThreatPoint team are often asked to investigate attacks on web sites and other services. More often than not these attacks begin from IP addresses that should be considered before access is granted. The IP reputation API provides the intelligence to protect such services, simply and effective. The WordPress plugin framework allows this to be easily introduced into WordPress sites as an additional layer of protection.
- This is not a silver bullet, but it is a useful deterrent. Best efforts to redirect IP addresses based on IP reputation are made. The service should be used in conjunction with other layers of detection and with defined authentication and access rules as part of an overall security policy.
Please speak to our consultant for expert advice on areas to focus on
- ThreatPoint UK also provide email verification, device reputation, dark web monitoring and password monitoring services as part of the service. Please contact email@example.com to find out more about these additional services.
- Many credits go to the fraud and analytics team at ThreatPoint UK and the team behind the API services
- Credits to numerous wordpress tutorials used to understand the plugin creation process. notably this article https://www.sitepoint.com/real-world-example-wordpress-plugin-development/
No screenshots provided