Announcing Eazy Ad Unblocker!

Hello everyone,

I wish to announce that I have released a wordpress plugin named “Eazy Ad Unblocker”. You can find this plugin at the following URL: https://wordpress.org/plugins/eazy-ad-unblocker/

Now, to tell you what this plugin does. Suppose you own a wordpress site and have painstakingly put advertisements on it. Now many of your visitors don’t even look at your ads, let alone clicking on it. Why? Because they install browser extensions that block those ads from being shown on your site!

What “Eazy Ad Unblocker” basically does is to detect if an adblocker is active on the page seen by the visitors. If an adblocker is active, a modal popup shows up on the screen and prevents your visitors from browsing your website in any way, asking the to either deactivate the adblocker or whitelist your site.
The plugin only detects ad blockers. It does not check if ads are actually there on the page.

Advanced and tech-savvy visitors may try to delete the popup and background overlay through web developer tools, inspect element and the like. This is countered effectively by the plugin. Right-clicking in the web page will fail
to invoke the context menu. Trying to invoke web dev tools by using keyboard shortcuts in the web page will also fail.

You will see this feature on many news sites, which implore users to deactivate adblockers or whitelist the site, telling them that the site they are viewing uses adverts for much needed revenue.

As a user of this plugin, you can configure the title, descriptive text and opacity of the modal popup shown to your visitors. You can completely black out your website content partially visible in the popup background by setting opacity to 100 %. You can add photos, videos and audio clips to the body content of the popup. Only formats supported by HTML5 will work in audio and video with this popup.

The plugin supports internationalization, both in the popup content and the wp-admin screen. You can preview the functioning of this plugin at https://myplugins.net/demo/
You can also see more details at https://wordpress.org/plugins/eazy-ad-unblocker/

A Simple IP Blocker Plugin for WordPress

In my post here, I had shown how to create a basic “Hello World” plugin that greets the user with a simple “hello world” message in the admin dashboard. Now, let me show you how to create a wordpress plugin that actually does something more useful. In this post, I shall discuss a plugin that restricts the number of login attempts a user can make to login to the admin dashboard of your wordpress site. It makes sense to do this to secure your dashboard from being broken into because an unauthorized user can do just about anything to your site if he manages to access your admin dashboard. This includes defacing your site, deleting your content and God knows what else!

We will call our plugin “Simple IP Blocker”. It will restrict the number of failed login attempts to a fixed number, say three. On the fourth attempt, the user will see an error message “IP address blocked”. The user will be blocked for the remainder of the day on which he made the three unsuccessful login attempts. He will be able to try again on the following day.

Now, let’s get down to the nuts and bolts of the actual plugin. The steps are:

  1. Create a folder for the plugin
  2. Create a PHP file for the code called index.php in that folder.
  3. Create a header for the plugin.
  4. Initialize the required constants.
  5. Create a database table through the activation hook.
  6. Create a function that hooks into wp_login_failed action.
    It logs the failed attempts in the database table and blocks the IP address of the user.
  7. Create a function that displays the logged data from the table.
  8. Hook the function in 7 into the admin_menu action so that the logged data can be displayed.
  9. Create a function that hooks into the login action ‘wp_authenticate’
    that will give an error on trying to login in after ip is blocked.
  10. Activate your plugin and test it.

Let us discuss these steps in detail:

1. Navigate to the wp-content folder in your wordpress installation. Go to the plugins sub folder in it.
Create a folder called “simple-ip-blocker”.

2. Create a blank file titled index.php using your text editor and save it in the folder created in step 1

3. Now, let’s create the header in the index.php file.
Print the following code in after the opening php tag in the index.php file:

<?php 
/ * 
* Plugin Name: My Simple IP Blocker 
*/ 
?>

4. We will initialize the following constants:

<?php 
global $wpdb; 
define("LOGIN_FAILURES", 3); 
define("IPBLOCKER_TABLE", $wpdb-&gt;prefix.'ip_blocker');
?>

5. The above step will create a new line in the plugins section of your wordpress installation and define
the necessary constants.

We need to create a database table to log and count failed login attempts.
We will do this by using the “register_activation_hook” function.
We will create a PHP function named “simple_ip_blocker_create_table”.
In this function, we will write a “CREATE TABLE” MYSQL query. We will execute it by calling $wpdb->query
function on the global $wpdb variable by passing the query in it as a parameter.

We will then pass the “simple_ip_blocker_create_table” function name in the “register_activation_hook” function.

The code is as follows:

<?php 

function simple_ip_blocker_create_table() { 

     global $wpdb, $table_prefix; 
     //mysql query $create_tab_query = 
"CREATE TABLE IF NOT EXISTS `".IPBLOCKER_TABLE."`( 
`id` bigint(20) NOT NULL AUTO_INCREMENT, 
`ip_addr` varchar(20) NOT NULL, `attempts` int(4) NOT NULL, 
`try_date` date NOT NULL, `is_blocked` tinyint(1) NOT NULL, 
PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8"; 

$wpdb->query($create_tab_query); } 

register_activation_hook( __FILE__, 'simple_ip_blocker_create_table' ); ?>

 

Explanation of table structure:

id – PRIMARY KEY
ip_addr – IP address of user trying to log in.
attempts – number of failed logins per user.
try_date – date on which user s trying to log in.
is_blocked – flag too indicate whether the user is blocked or not.

6. Next, we will create a function that will hook into “wp_login_failed”. We will call
this function simple_ip_blocker_reset_bruteforce. This function will fire whenever the
user tries to login but fails. We will maintain a counter in the $_SESSION. Each failed
login will increment the counter. On reaching 3 attempts, the IP blocked flag, is_blocked
will be marked as 1 to indicate that the particular user is blocked for the remainder of
the day. However, the user can try again on the next day. Each attempt is logged in the
database table we created. For the first failed attempt, a new row will be created in the
table. For subsequent attempts, that row will be updated.For the third failed login,
the “is_blocked” field of that row will be updated to 1.

Check out the code below:

<?php 

function simple_ip_blocker_reset_bruteforce() { 

@session_start(); 
global $wpdb, $table_prefix; 
if(!isset($_SESSION["brute_count"])) { 
$_SESSION["brute_count"] = 1; 
$query = "INSERT INTO ".IPBLOCKER_TABLE."(ip_addr, attempts, try_date, is_blocked) VALUES(%s, %d, %s, %d)"; 
$try_date = gmdate("Y-m-d"); 

$wpdb-&gt;query( $wpdb-&gt;prepare( 
        $query, 
        $_SERVER["REMOTE_ADDR"], 
        $_SESSION["brute_count"], 
        $try_date,
        0
      ) );
      
     }
     else
     {
      $_SESSION["brute_count"] = $_SESSION["brute_count"] + 1;
     
      $try_date = gmdate("Y-m-d"); 
       
       //check limit
        
      $check_query = "SELECT attempts FROM ".IPBLOCKER_TABLE." WHERE ip_addr = %s AND try_date = %s";
        
      $attempt_count = $wpdb-&gt;get_var($wpdb-&gt;prepare($check_query, $_SERVER['REMOTE_ADDR'], $try_date ));
    
       if($attempt_count &gt;= LOGIN_FAILURES)
       {
         unset($_SESSION["brute_count"]);
         
         $update_query = "UPDATE ".IPBLOCKER_TABLE." SET is_blocked = 1 WHERE ip_addr = %s AND try_date = %s";
         
         $wpdb-&gt;query($wpdb-&gt;prepare($update_query, $_SERVER['REMOTE_ADDR'], $try_date ));
         
         wp_redirect(site_url('/wp-admin/'));
         
         exit;
         
       }
       else{
         
        $query = "UPDATE ".IPBLOCKER_TABLE." SET attempts = %d WHERE ip_addr = %s AND try_date = %s";
        
        $wpdb-&gt;query( $wpdb-&gt;prepare( 
          $query,  
          $_SESSION["brute_count"],
          $_SERVER['REMOTE_ADDR'],
          $try_date
         ) ); 
         
         
       }
     } 
  }  

  add_action("wp_login_failed", "simple_ip_blocker_reset_bruteforce");
?>

 

7. So far so good. Now we will create a function to display the data of
failed logins in the wordpress backend. We will call this function
“simple_ipblocker_menu_callback”. It will simply query the database table
that we created and list out the information in tabular form.

See the code below:

<?php 

function simple_ipblocker_menu_callback() { 

  global $wpdb; 
  $get_history = "SELECT * FROM ".IPBLOCKER_TABLE; //&quot; LIMIT $offset, 10; 
  
  $history = $wpdb->get_results($get_history, ARRAY_A); ?> 
  <h1>Simple IP Blocker active!</h1> 
  <table border="0" cellspacing="5" cellpadding="5" class="widefat" > 
  <tr>
    <td>S. No.</td>
    <td>IP Address</td>
    <td>Login Attempts</td> 
    <td>Try Date</td>
    <td>Blocked</td> 
  </tr> 
  <?php foreach($history as $row){ ?>
    <tr>
      <td><?php echo $row["id"]; ?></td>
      <td><?php echo $row["ip_addr"]; ?></td>
      <td><?php echo $row["attempts"]; ?></td>
      <td><?php echo $row["try_date"]; ?></td> 
      <td><?php echo ($row["is_blocked"] == 1)?"blocked":"unblocked"; ?></td>
    </tr>
  <?php } ?> 
  </table> 
<?php } ?>

 

8. In this step, we will simply write some code to call the function created above whenever the user
clicks the link for the plugin in the admin sidebar on the left. See below:

<?php 

function simple_ipblocker_menu_add() { 

     add_menu_page("Simple IP Blocker", "Simple IP Blocker", "administrator", "simple-ip-blocker", "simple_ipblocker_menu_callback" ); 

} 

add_action("admin_menu", "simple_ipblocker_menu_add"); 

?>

 

9. The last function to be created is the function that checks if the user’s IP is blocked. If so,
the user will not be able to login to the admin dashboard on that day. However, the user may try
logging in on the next day again.
We will call this function “simple_ip_blocker_check_ip”. In this function, we will check if the user’s
IP address is marked 1 in the is_blocked field. If so, the user will be prevented from logging in.
The function hooks into “wp_authenticate” and hence will fire before every login attempt.

The code is as follows:

<?php 
       function simple_ip_blocker_check_ip() { 
               global $wpdb; 
               $try_date = gmdate("Y-m-d"); 
               $check_IP = "SELECT is_blocked FROM ".IPBLOCKER_TABLE." WHERE ip_addr = %s AND try_date = %s"; 
               $blocked = $wpdb-&gt;get_var( $wpdb-&gt;prepare( 
          $check_IP,  
          $_SERVER['REMOTE_ADDR'],
          $try_date
         ) );
         
    if($blocked == 1)
    {
      wp_die("IP address blocked!");
    }
  }

  add_action("wp_authenticate", "simple_ip_blocker_check_ip");
?>

 

10. Lastly, now that the coding is complete, we need to activate the “Simple IP Blocker” plugin listed in the
wp-admin and test it according to the functionality in the steps above.

The full listing is as follows:

<?php  
/*
* Plugin Name: My Simple IP Blocker
*/  
global $wpdb;

define("LOGIN_FAILURES", 3);
define("IPBLOCKER_TABLE", $wpdb->prefix.'ip_blocker');

function simple_ip_blocker_create_table()
{
  global $wpdb, $table_prefix;
  
  $create_tab_query = "CREATE TABLE IF NOT EXISTS `".IPBLOCKER_TABLE."`(
    `id` bigint(20) NOT NULL AUTO_INCREMENT,
    `ip_addr` varchar(20) NOT NULL,
    `attempts` int(4) NOT NULL,
    `try_date` date NOT NULL,
    `is_blocked` tinyint(1) NOT NULL,
    PRIMARY KEY (`id`)
  ) ENGINE=MyISAM  DEFAULT CHARSET=utf8";
  
  $wpdb->query($create_tab_query);
}

register_activation_hook( __FILE__, 'simple_ip_blocker_create_table' );


function simple_ip_blocker_reset_bruteforce()
{ 
   @session_start(); 
   
   global $wpdb, $table_prefix;
   
   if(!isset($_SESSION["brute_count"]))
   {
    $_SESSION["brute_count"] = 1; 
    
    $query = "INSERT INTO ".IPBLOCKER_TABLE."(ip_addr, attempts, try_date, is_blocked) VALUES(%s, %d, %s, %d)";
    
    $try_date = gmdate("Y-m-d");
    
    $wpdb->query( $wpdb->prepare( 
      $query, 
      $_SERVER["REMOTE_ADDR"], 
      $_SESSION["brute_count"], 
      $try_date,
      0
    ) );
    
   }
   else
   {
    $_SESSION["brute_count"] = $_SESSION["brute_count"] + 1;
   
    $try_date = gmdate("Y-m-d"); 
     
     //check limit
      
    $check_query = "SELECT attempts FROM ".IPBLOCKER_TABLE." WHERE ip_addr = %s AND try_date = %s";
      
    $attempt_count = $wpdb->get_var($wpdb->prepare($check_query, $_SERVER['REMOTE_ADDR'], $try_date ));
  
     if($attempt_count >= LOGIN_FAILURES)
     {
       unset($_SESSION["brute_count"]);
       
       $update_query = "UPDATE ".IPBLOCKER_TABLE." SET is_blocked = 1 WHERE ip_addr = %s AND try_date = %s";
       
       $wpdb->query($wpdb->prepare($update_query, $_SERVER['REMOTE_ADDR'], $try_date ));
       
       wp_redirect(site_url('/wp-admin/'));
       
       exit;
       
     }
     else{
       
      $query = "UPDATE ".IPBLOCKER_TABLE." SET attempts = %d WHERE ip_addr = %s AND try_date = %s";
      
      $wpdb->query( $wpdb->prepare( 
        $query,  
        $_SESSION["brute_count"],
        $_SERVER['REMOTE_ADDR'],
        $try_date
       ) ); 
       
       
     }
   } 
}  

add_action("wp_login_failed", "simple_ip_blocker_reset_bruteforce");  //plugin admin panel


//pre-authentication

function simple_ip_blocker_check_ip()
{
  //die('done');
  global $wpdb;
  
  $try_date = gmdate("Y-m-d");
  
  $check_IP = "SELECT is_blocked FROM ".IPBLOCKER_TABLE." WHERE ip_addr = %s AND try_date = %s";
  
  $blocked = $wpdb->get_var( $wpdb->prepare( 
        $check_IP,  
        $_SERVER['REMOTE_ADDR'],
        $try_date
       ) );
       
  if($blocked == 1)
  {
    wp_die("IP address blocked!");
  }
}

add_action("wp_authenticate", "simple_ip_blocker_check_ip");

function simple_ipblocker_menu_callback()
{ 

  global $wpdb;
  
  /* $page = (isset($_GET['pg']))?$_GET['pg']:1;
  
  $offset = ($page - 1) * 10; */
  
  $get_history = "SELECT * FROM ".IPBLOCKER_TABLE; //" LIMIT $offset, 10";
  
  $history = $wpdb->get_results($get_history, ARRAY_A);
  
  ?>
  <h1>Simple IP Blocker active!</h1>
    <table border="0" cellspacing="5" cellpadding="5" class="widefat">
      <tr>
        <td>S. No.</td>
        <td>IP Address</td>
        <td>Login Attempts</td>
        <td>Try Date</td>
        <td>Blocked</td>
      </tr>
      <?php 
        foreach($history as $row)
        {
          ?>
          <tr>
            <td><?php echo $row["id"]; ?></td>
            <td><?php echo $row["ip_addr"]; ?></td>
            <td><?php echo $row["attempts"]; ?></td>
            <td><?php echo $row["try_date"]; ?></td>
            <td><?php echo ($row["is_blocked"] == 1)?"blocked":"unblocked"; ?></td>
          </tr>
          <?php 
        }
      ?>
    </table>
  <?php
  
  
  
}  

function simple_ipblocker_menu_add()
{
  add_menu_page("Simple IP Blocker", "Simple IP Blocker", "administrator", "simple-ip-blocker", "simple_ipblocker_menu_callback" );
}  

add_action("admin_menu", "simple_ipblocker_menu_add");
//plugin admin panel end

?>

 

Create a Basic WordPress Plugin From Scratch

In my post here, I had shown you how to create a plugin from existing code. In this post, I will show how to create a basic ‘Hello World’ wordpress plugin from scratch.

First of all, create a ‘hello-world’ folder in your plugins subfolder under the wp-content folder of your wordpress installation.
Then, create a blank file in the ‘hello-world’ folder and name it ‘index.php’.
After that, open your index.php file and put the following code in it:

<?php
/*
Plugin Name: Hello World Plugin
Plugin URI: http://myexamplesite.com/hello-world
Description: A simple WordPress Hello World plugin
Version: 1.0
Author: Author Name 
Author URI: http://myownsite.com
License: GPL2
*/
 ?>

 

This will create a descriptive header in the listing of plugins under the plugins section in wp-admin.

Now create a simple hello_world function in the example index.php page like so:

<?php 

function hello_world()
{
     echo "<h1>Hello World!</h1>"; 
}

?>

But this function needs to be called somewhere to get its output.

To get the output, we need to add the following code to our index.php file.

<?php

function hello_world_callback()
{
      add_menu_page("Hello World", "Hello World", "administrator", "hello-world", "hello_world");
}

add_action("admin_menu", "hello_world_callback");

?>

The add_action function hooks into ‘admin_menu’ to create a link to the plugin in the admin sidebar on the left of your dashboard. On clicking this link, the ‘hello_world’ function is called and the output is displayed on that page.

We will get the output in wp-admin under the “Hello World” tab once we activate the plugin.

So the complete code that needs to be there in the index.php is the following:

<?php
/*
Plugin Name: Hello World Plugin
Plugin URI: http://myexamplesite.com/hello-world
Description: A simple WordPress Hello World plugin
Version: 1.0
Author: Author Name 
Author URI: http://myownsite.com
License: GPL2
*/

function hello_world()
{
     echo "<h1>Hello World!</h1>"; 
} 

function hello_world_callback() { 
     add_menu_page("Hello World", "Hello World", "administrator", "hello-world", "hello_world"); 
} 

add_action("admin_menu", "hello_world_callback");

?>

 

The video above shows the installation and working of the plugin.

Click the following link for a more detailed tutorial.

An elementary security plugin protecting admin dashboard

In this post, I shall discuss an elementary plugin that can protect your wordpress admin dashboard from frequent incorrect login attempts. The plugin redirects the user to the home page after a predetermined number of incorrect logins, three for example. However, if the user enters the correct password after three wrong attempts, the user is logged in to the dashboard. The code hooks into the wp_login_failed action hook and uses a counter variable stored in the session to keep track of the number of login attempts. The plugin backend only tells the administrator that the plugin is active (See image above). The code listing is given below:

<?php 
/* 
* Plugin Name: My Simple Security 
*/ 

function simple_security_reset_bruteforce($username){ 

  @session_start(); 
  if(!isset($_SESSION["brute_count"])) { 
    $_SESSION["brute_count"] = 1; 
  } else { 
    $_SESSION["brute_count"] = $_SESSION["brute_count"] + 1; 
    if($_SESSION["brute_count"] > 3) { 
    
      unset($_SESSION["brute_count"]); 
      wp_redirect(site_url()); 
      exit; 
    } 
  } 
} 

add_action("wp_login_failed", "simple_security_reset_bruteforce"); //plugin admin panel 

function simple_security_menu_callback() { 

  echo "<h1>Simple Security active!</h1>"; 
  
} 

function simple_security_menu_add() { 

  add_menu_page("Simple Security", "Simple Security", "administrator", "simple-security", "simple_security_menu_callback" ); 
  
} 

add_action("admin_menu", "simple_security_menu_add"); //plugin admin panel end 

?>

 

A recording of the plugin is given below:

 

To turn this into a plugin and use it in your wordpress:

  1. Create an empty folder in your plugins folder.
  2. Give it an easily understandable name.
  3. Then, create a blank file in any text editor.
  4. Copy the code from the code listing here, including the “<?php” at the start.
  5. Paste the code copied above in your blank file.
  6. Save this file as index.php in your empty folder created above.
  7. Go to the wp-admin and activate the plugin.
  8. Logout from admin and try logging in to wp-admin repeatedly with the wrong password.

It should work as shown in the video above.

My WordPress Plugin for Customer Reviews

Welcome to my site! I have just posted my wordpress plugin named eazy123 customer reviews.

The demo can be found here. Its salient features include not asking reviewers their email

addresses and a five-star rating system.

Take it out for a test drive. Screenshots given below. Hope you like it!