Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3481949

Timestamp:

03/13/2026 11:59:03 AM (2 weeks ago)

Author:

inilerm

Message:

Preparing version 8.9.0

Location:

advanced-ip-blocker/trunk

Files:

: 15 edited

advanced-ip-blocker.php (modified) (2 diffs)
css/advaipbl-styles.css (modified) (1 diff)
includes/class-advaipbl-action-handler.php (modified) (5 diffs)
includes/class-advaipbl-admin-pages.php (modified) (1 diff)
includes/class-advaipbl-ajax-handler.php (modified) (5 diffs)
includes/class-advaipbl-community-manager.php (modified) (3 diffs)
includes/class-advaipbl-main.php (modified) (20 diffs)
includes/class-advaipbl-settings-manager.php (modified) (9 diffs)
includes/class-advaipbl-site-scanner.php (modified) (2 diffs)
js/admin-settings.js (modified) (1 diff)
languages/advanced-ip-blocker-es_ES.mo (modified) (previous)
languages/advanced-ip-blocker-es_ES.po (modified) (2 diffs)
languages/advanced-ip-blocker.pot (modified) (2 diffs)
readme.txt (modified) (4 diffs)
uninstall.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

advanced-ip-blocker/trunk/advanced-ip-blocker.php

-                      r3476940
+                      r3481949
 Plugin URI: https://advaipbl.com/
 Description: Your complete WordPress security firewall. Blocks IPs, bots & countries. Includes an intelligent WAF, Threat Scoring, and Two-Factor Authentication.
 Version: 8.8.9
+Version: 8.9.0
 Author: IniLerm
 Author URI: https://advaipbl.com/
 …
+}
 define( 'ADVAIPBL_VERSION', '8.8.9' );
+define( 'ADVAIPBL_VERSION', '8.9.0' );
 define( 'ADVAIPBL_PLUGIN_FILE', __FILE__ );

advanced-ip-blocker/trunk/css/advaipbl-styles.css

r3476940	r3481949
1	1	/**
2	2	* Advanced IP Blocker - Admin Panel Styles
3		* Version: 8.~~8.9~~
	3	* Version: 8.9.0
4	4	*/
5	5

advanced-ip-blocker/trunk/includes/class-advaipbl-action-handler.php

-                      r3476940
+                      r3481949
             if ($processed_count > 0) {
+                $this->plugin->purge_all_page_caches();
                 /* translators: %d: Number of entries. */
                 $message = sprintf(_n('%d entry has been unblocked.', '%d entries have been unblocked.', $processed_count, 'advanced-ip-blocker'), $processed_count);
 …
                 case 'unblock_all':
                     $this->plugin->unblock_all_ips('Admin Action');
+                    $this->plugin->purge_all_page_caches();
                     $message = __('All blocked IPs have been successfully unblocked.', 'advanced-ip-blocker');
                     break;
 …
                                 } else {
                                     $this->plugin->block_ip_instantly( $ip_or_range, 'manual', __('Manual Block', 'advanced-ip-blocker'), [], 'admin_action' );
+                                    $this->plugin->purge_all_page_caches();
                                     /* translators: %s: IP. */
                                     $message = sprintf( __( 'Entry %s has been blocked.', 'advanced-ip-blocker' ), $ip_or_range );
 …
                             case 'remove_block':
                                 $this->plugin->desbloquear_ip($ip_or_range);
+                                $this->plugin->purge_all_page_caches();
                                 /* translators: %s: IP. */
                                 $message = sprintf( __( 'IP %s unblocked from all lists.', 'advanced-ip-blocker' ), $ip_or_range );
 …
         $options['enable_community_network'] = '1';  // Compartir (Join)
         $options['enable_community_blocking'] = '1'; // Bloquear (Protect)
+        // Generar y registrar el API Token V3 automáticamente en nuevas instalaciones
+        if ( isset( $this->plugin->community_manager ) ) {
+            // Pasamos las opciones actualizadas a la memoria temporal de la clase Main antes de registrar
+            $this->plugin->options = $options;
+            $this->plugin->community_manager->register_site();
+            // Refrescamos las opciones desde la BD por si register_site las ha modificado directamente.
+            $options = get_option( ADVAIPBL_Main::OPTION_SETTINGS, [] );
+        }
+    }

advanced-ip-blocker/trunk/includes/class-advaipbl-admin-pages.php

r3476940	r3481949
24	24	}
25	25
	26	nocache_headers(); // Prevent caching on this admin page
	27
26	28	// 1. DEFINIR LA ESTRUCTURA COMPLETA DEL MENÚ
27	29	$menu_structure = [

advanced-ip-blocker/trunk/includes/class-advaipbl-ajax-handler.php

-                      r3476940
+                      r3481949
         if ($success) {
+            $this->plugin->purge_all_page_caches();
             /* translators: %1$s: IP, %2$s: Username. */
             $this->plugin->log_event(sprintf(__('Threat score for IP %1$s was manually reset by %2$s.', 'advanced-ip-blocker'), $ip, $this->plugin->get_current_admin_username()), 'info');
 …
+        }
+        // --- Verificación del Token API V3 (Servidor Central AIB) ---
+        if ($provider === 'api_token_v3') {
+            if (empty($api_key)) {
+                wp_send_json_error(['message' => __('API Key is missing.', 'advanced-ip-blocker')]);
+            }
+            // Llamada al servidor central para verificar el token real
+            $response = wp_remote_get('https://advaipbl.com/wp-json/aib-api/v3/verify-token', [
+                'headers' => [
+                    'Authorization' => 'Bearer ' . $api_key,
+                    'Accept'        => 'application/json'
+                ],
+                'timeout' => 10
+            ]);
+            if (is_wp_error($response)) {
+                wp_send_json_error(['message' => __('Connection failed: ', 'advanced-ip-blocker') . $response->get_error_message()]);
+            }
+            $status_code = wp_remote_retrieve_response_code($response);
+            $body = wp_remote_retrieve_body($response);
+            $data = json_decode($body, true);
+            if ($status_code === 200 && isset($data['status']) && in_array($data['status'], ['active', 'connected'], true)) {
+                wp_send_json_success(['message' => __('API Key is valid and active!', 'advanced-ip-blocker')]);
+            } else {
+                $error_msg = $data['message'] ?? __('Invalid or inactive API Key.', 'advanced-ip-blocker');
+                wp_send_json_error(['message' => $error_msg]);
+            }
+            return;
+        }
         // --- Lógica existente para Geolocalización ---
         $this->plugin->geolocation_manager->set_transient_api_key($provider, $api_key);
 …
+        }
+    }
+    /**
+     * AJAX action to get a free API Key from the Central Server automatically.
+     */
+    public function ajax_get_free_api_key() {
+        check_ajax_referer('advaipbl_verify_api_nonce', 'nonce'); // Usamos este nonce existente
+        if (!current_user_can('manage_options')) {
+            wp_send_json_error(['message' => __('Unauthorized', 'advanced-ip-blocker')]);
+        }
+        $result = $this->plugin->community_manager->register_site();
+        if (is_wp_error($result)) {
+            wp_send_json_error(['message' => __('Connection to Central Server failed: ', 'advanced-ip-blocker') . $result->get_error_message()]);
+        }
+        if (isset($result['api_token'])) {
+            wp_send_json_success([
+                'message' => __('API Key generated and saved successfully!', 'advanced-ip-blocker'),
+                'api_token_visual' => 'AIB_' . str_repeat('•', 24) . substr($result['api_token'], -4)
+            ]);
+        } else {
+            wp_send_json_error(['message' => __('Failed to generate API Key.', 'advanced-ip-blocker')]);
+        }
+    }
     /**
      * Callback de AJAX para gestionar la respuesta al aviso de telemetría.
 …
                 $skipped_count++; // Duplicate or invalid
+            }
+        }
+        if ($imported_count > 0) {
+            $this->plugin->purge_all_page_caches();
+        }
 …
+        }
+        if ($imported_count > 0) {
+            $this->plugin->purge_all_page_caches();
+        }
         // Si Cloudflare está habilitado, desencadenamos una sincronización asíncrona casi inmediata.
         // Hacemos esto porque sincronizar miles de IPs de forma síncrona aquí podría agotar el tiempo de espera PHP.

advanced-ip-blocker/trunk/includes/class-advaipbl-community-manager.php

-                      r3476940
+                      r3481949
     private $plugin;
+    private $feed_url = 'https://advaipbl.com/wp-content/uploads/advaipbl-feed/blocklist.json';
+    private $feed_url_v2 = 'https://advaipbl.com/wp-content/uploads/advaipbl-feed/blocklist.json';
+    private $feed_url_v3 = 'https://advaipbl.com/wp-json/aib-api/v3/community-blocklist';
     private $last_update_option = 'advaipbl_community_last_update';
 …
      */
     public function update_list() {
+        $response = wp_remote_get($this->feed_url, ['timeout' => 15]);
+        if (is_wp_error($response) || wp_remote_retrieve_response_code($response) !== 200) {
+        $feed_data = false; // Initialize feed_data to store the raw JSON body
+        $api_token = $this->plugin->options['api_token_v3'] ?? '';
+        // VÍA V3 (Prioritaria si hay token)
+        $use_v3 = false;
+        if (!empty($api_token)) {
+            $response = wp_remote_get($this->feed_url_v3, [
+                'headers' => [
+                    'Authorization' => 'Bearer ' . $api_token,
+                    'Accept'        => 'application/json'
+                ],
+                'timeout' => 30
+            ]);
+            $status_code = wp_remote_retrieve_response_code($response);
+            if (!is_wp_error($response) && $status_code === 200) {
+                $feed_data = wp_remote_retrieve_body($response);
+                $use_v3 = true;
+            } else {
+                $error_msg = is_wp_error($response) ? $response->get_error_message() : 'HTTP ' . $status_code;
+                $this->plugin->log_event('AIB Network Sync: V3 failed (' . $error_msg . '), falling back to V2.', 'warning');
+            }
+        }
+        // FALLBACK V2 (Si no hay token o falló V3)
+        if (!$use_v3) {
+            $response = wp_remote_get($this->feed_url_v2, [
+                'timeout' => 30
+            ]);
+            if (is_wp_error($response) || wp_remote_retrieve_response_code($response) !== 200) {
+                $error_msg = is_wp_error($response) ? $response->get_error_message() : 'HTTP ' . wp_remote_retrieve_response_code($response);
+                $this->plugin->log_event('AIB Network list download failed completely. Reason: ' . $error_msg, 'error');
+                // Actualizar timestamp para no reintentar de inmediato
+                update_option(ADVAIPBL_Main::OPTION_COMMUNITY_SYNC_TIME, time());
+                return false;
+            }
+            $feed_data = wp_remote_retrieve_body($response);
+        }
+        // Process the downloaded data
+        if (!$feed_data) {
+            $this->plugin->log_event('AIB Network list download failed: No data received from V3 or V2.', 'error');
             return false;
+        }
+        $body = wp_remote_retrieve_body($response);
+        $data = json_decode($body, true);
+        $data = json_decode($feed_data, true);
         if (!$data || !isset($data['ips']) || !is_array($data['ips'])) {
+            $this->plugin->log_event('AIB Network list download failed: Invalid data format.', 'error');
             return false;
+        }
 …
         ];
+    }
+    /**
+     * Registers the site with the Central Server and gets a V3 API Token.
+     * Can be called manually via AJAX or automatically during upgrades.
+     *
+     * @return array|WP_Error Returns an array with 'api_token' on success, or WP_Error on failure.
+     */
+    public function register_site() {
+        $site_url = home_url();
+        $response = wp_remote_post('https://advaipbl.com/wp-json/aib-api/v3/register', [
+            'headers' => [
+                'Content-Type' => 'application/json',
+                'Accept'       => 'application/json'
+            ],
+            'body' => wp_json_encode(['site_url' => $site_url]),
+            'timeout' => 15
+        ]);
+        if (is_wp_error($response)) {
+            $this->plugin->log_event('Community Network Registration failed: ' . $response->get_error_message(), 'error');
+            return new WP_Error('registration_failed', $response->get_error_message());
+        }
+        $status_code = wp_remote_retrieve_response_code($response);
+        $body = json_decode(wp_remote_retrieve_body($response), true);
+        // Permitir continuar (o al menos loguear info útil) si hay rate-limit o ya registrado
+        if ($status_code !== 200) {
+            $error_msg = $body['message'] ?? __('Unknown error during registration.', 'advanced-ip-blocker');
+            $this->plugin->log_event("Community Network Registration failed (HTTP {$status_code}): {$error_msg}", 'error');
+            // If the key was already registered or there are too many requests, we don't abort the entire plugin,
+            // we just inform. Ideally, for a test environment, the admin should generate
+            // from their account or wait.
+            if ($status_code === 429 || (isset($body['code']) && $body['code'] === 'site_already_registered')) {
+                // For these specific cases, we might not return an error, but rather indicate it's handled.
+                // However, the function signature expects WP_Error on failure, so we'll return an error.
+                return new WP_Error('registration_failed_handled', $error_msg, ['status' => $status_code]);
+            }
+            return new WP_Error('registration_failed', $error_msg, ['status' => $status_code]);
+        }
+        if (isset($body['status']) && $body['status'] === 'success' && !empty($body['api_token'])) {
+            $options = $this->plugin->options; // Get current options
+            $options['api_token_v3'] = sanitize_text_field($body['api_token']);
+            update_option(ADVAIPBL_Main::OPTION_SETTINGS, $options);
+            $this->plugin->options = $options; // Update memory cache
+            return [
+                'api_token' => $body['api_token']
+            ];
+        }
+        $error_msg = $body['message'] ?? __('Failed to generate API Key.', 'advanced-ip-blocker');
+        return new WP_Error('registration_failed', $error_msg);
+    }
+}

advanced-ip-blocker/trunk/includes/class-advaipbl-main.php

-                      r3476940
+                      r3481949
     add_filter('authenticate', [$this, 'check_login_rules'], 20, 3);
     add_action('plugins_loaded', [$this, 'check_database_update']);
+    add_action('admin_init', [$this, 'check_database_update']);
     $this->add_hooks();
 …
         add_action('wp_login_failed', [$this, 'registrar_intento_login_fallido']);
         add_action('login_init', [ $this, 'handle_login_page_restriction' ], 1 );
+        add_action('login_init', [ $this, 'handle_login_geo_restriction' ], 2 );
         add_action('wp_login', [$this, 'auto_whitelist_admin_on_login'], 10, 2);
         add_filter('rest_endpoints', [ $this, 'disable_rest_api_user_endpoints' ] );
 …
             add_action('wp_ajax_advaipbl_add_ip_to_whitelist', [$this->ajax_handler, 'ajax_add_ip_to_whitelist']);
             add_action('wp_ajax_advaipbl_verify_api_key', [$this->ajax_handler, 'ajax_verify_api_key']);
+            add_action('wp_ajax_advaipbl_get_free_api_key', [$this->ajax_handler, 'ajax_get_free_api_key']);
             add_action('wp_ajax_advaipbl_update_geoip_db', [$this->ajax_handler, 'ajax_update_geoip_db']);
             add_action('wp_ajax_advaipbl_get_dashboard_stats', [$this->ajax_handler, 'ajax_get_dashboard_stats']);
 …
+        }
+    }
+    /**
+     * Helper routine to automatically generate V3 API Tokens for users who
+     * already had the AIB Network activated in older versions.
+     */
+    private function auto_migrate_v3_token() {
+        // Ensure options are freshly loaded since this runs early in init during updates
+        $this->options = get_option(self::OPTION_SETTINGS, []);
+        // If the user hasn't opted-in to the community network, do nothing (privacy first)
+        if (empty($this->options['enable_community_network'])) {
+            return;
+        }
+        // If they already have a V3 token, do nothing
+        if (!empty($this->options['api_token_v3'])) {
+            return;
+        }
+        // Trigger the internal site registration to generate keys and fetch the V3 token
+        if (isset($this->community_manager)) {
+            $this->community_manager->register_site();
+            // Re-load options into memory as register_site() modifies the DB directly sometimes
+            $this->options = get_option(self::OPTION_SETTINGS, []);
+        }
+    }
       /**
 …
+        }
         if (wp_is_json_request() && strpos($request_uri, '/telemetry/') === false && strpos($request_uri, '/aib-network/') === false && strpos($request_uri, '/aib-scanner/') === false) {
+        if (wp_is_json_request() && strpos($request_uri, '/telemetry/') === false && strpos($request_uri, '/aib-network/') === false && strpos($request_uri, '/aib-scanner/') === false && strpos($request_uri, '/aib-api/') === false) {
             return;
+        }
 …
         $wpdb->insert($table_name, $data_to_log);
+    }
+    /**
+     * Purges all cache from popular caching plugins.
+     * Called when security settings or blocklists change to ensure immediate effect.
+     */
+    public function purge_all_page_caches() {
+        // LiteSpeed Cache
+        if (has_action('litespeed_purge_all')) {
+            do_action('litespeed_purge_all');
+        } elseif (defined('LSCWP_V')) {
+            do_action('litespeed_purge_all_hook');
+        }
+        // WP Rocket
+        if (function_exists('rocket_clean_domain')) {
+            rocket_clean_domain();
+        }
+        // W3 Total Cache
+        if (function_exists('w3tc_flush_all')) {
+            w3tc_flush_all();
+        }
+        // WP Super Cache
+        if (function_exists('wp_cache_clear_cache')) {
+            wp_cache_clear_cache();
+        }
+        // WP Fastest Cache
+        if (isset($GLOBALS['wp_fastest_cache']) && method_exists($GLOBALS['wp_fastest_cache'], 'deleteCache')) {
+            $GLOBALS['wp_fastest_cache']->deleteCache(true);
+        }
+        // Autoptimize
+        if (class_exists('autoptimizeCache')) {
+            autoptimizeCache::clearall();
+        }
+        // SG Optimizer (SiteGround)
+        if (function_exists('sg_cachepress_purge_cache')) {
+            sg_cachepress_purge_cache();
+        }
+        // Kinsta Cache
+        if (class_exists('Kinsta\Cache')) {
+            do_action('kinsta_purge_edge_cache');
+        }
+        /* translators: %s: Type of action triggered. */
+        $this->log_event(__('System page caches successfully flushed after a security update.', 'advanced-ip-blocker'), 'info', 'localhost');
+    }
     /**
 …
+        }
+    }
+    /**
+     * Handles the geo-restriction of the login page.
+     * Hooked to 'login_init' with priority 2.
+     */
+    public function handle_login_geo_restriction() {
+        if ( ! empty( $this->options['login_restrict_countries'] ) && is_array( $this->options['login_restrict_countries'] ) ) {
+            $client_ip = $this->get_client_ip();
+            // Bypass logic: whitelisted IPs are always allowed
+            if ( $this->is_whitelisted( $client_ip ) ) {
+                return;
+            }
+            // Fetch the location of the IP
+            $location = $this->geolocation_manager->fetch_location( $client_ip );
+            $country_code = $location['country_code'] ?? '';
+            // If the country is not found, or it's not in the allowed list, block it
+            if ( empty($country_code) || ! in_array( $country_code, $this->options['login_restrict_countries'], true ) ) {
+                /* translators: 1: The IP address, 2: The Country Code */
+                $this->log_event( sprintf( __( 'Login access denied due to Geo-Blocking restrictions for IP %1$s (%2$s)', 'advanced-ip-blocker' ), $client_ip, empty($country_code) ? 'Unknown' : $country_code ), 'warning', ['ip' => $client_ip] );
+                // Show a generic access denied message
+                wp_die(
+                    esc_html__( 'Login access from your location is not allowed.', 'advanced-ip-blocker' ),
+                    esc_html__( 'Access Denied', 'advanced-ip-blocker' ),
+                    [ 'response' => 403 ]
+                );
+            }
+        }
+    }
     /**
 …
         // Valor por defecto '1.0' para instalaciones muy antiguas
         $current_db_version = get_option('advaipbl_db_version', '1.0');
+        $installed_plugin_ver = get_option('advaipbl_version_installed', '0.0.0');
         // Si la versión guardada es menor que la versión actual del código ('1.9')
 …
                  $this->log_event('Community list forced update during DB upgrade.', 'info');
+            }
+        }
+        // --- Migraciones de nueva generación basadas en Plugin Version ---
+        if ( version_compare($installed_plugin_ver, ADVAIPBL_VERSION, '<') ) {
+            // Migración a 8.9.0: Auto-Generar Token V3
+            if ( version_compare($installed_plugin_ver, '8.9.0', '<') && $installed_plugin_ver !== '0.0.0' ) {
+                $this->auto_migrate_v3_token();
+            }
+            // Actualizar la versión instalada en la base de datos
+            update_option('advaipbl_version_installed', ADVAIPBL_VERSION);
+        }
 …
      * Se ejecuta a través de una tarea de WP-Cron.
      */
             public function send_telemetry_data() {
         if (empty($this->options['allow_telemetry']) || '1' !== $this->options['allow_telemetry']) {
             return;
+        }
+    /**
+     * Genera el payload de telemetría de uso del plugin.
+     * @return array
+     */
+    private function get_telemetry_payload() {
         global $wpdb;
         $is_woocommerce_active = class_exists('WooCommerce');
 …
             'is_woo_active'  => $is_woocommerce_active,
             'geo_provider'   => $this->options['geolocation_provider'] ?? 'N/A',
             'geolocation_method' => $this->options['geolocation_method'] ?? 'api',
+            'geolocation_method' => $this->options['geolocation_method'] ?? 'api',
         ];
 …
         // Array de settings completo que refleja todos los módulos principales.
-        // Las claves coinciden con las opciones reales para mayor claridad.
         $telemetry_data['settings'] = [
             'enable_waf'                  => !empty($this->options['enable_waf']),
 …
             'enable_spamhaus_asn'         => !empty($this->options['enable_spamhaus_asn']),
             'enable_manual_asn'           => !empty($this->options['enable_manual_asn']),
             'enable_abuseipdb'            => !empty($this->options['enable_abuseipdb']),
+            'enable_abuseipdb'            => !empty($this->options['enable_abuseipdb']),
             'xmlrpc_protection_mode'      => $this->options['xmlrpc_protection_mode'] ?? 'smart',
             'recaptcha_enable'            => !empty($this->options['recaptcha_enable']),
             'enable_push_notifications'   => !empty($this->options['enable_push_notifications']),
             'enable_threat_scoring'       => !empty($this->options['enable_threat_scoring']),
             'auto_whitelist_admin'        => !empty($this->options['auto_whitelist_admin']),
+            'enable_threat_scoring'       => !empty($this->options['enable_threat_scoring']),
+            'auto_whitelist_admin'        => !empty($this->options['auto_whitelist_admin']),
             'disable_user_enumeration'    => !empty($this->options['disable_user_enumeration']),
             'prevent_author_scanning'     => !empty($this->options['prevent_author_scanning']),
             'restrict_login_page'         => !empty($this->options['restrict_login_page']),
             'prevent_login_hinting'       => !empty($this->options['prevent_login_hinting']),
             'enable_email_notifications'  => !empty($this->options['enable_email_notifications']),
             'enable_signature_engine'     => !empty($this->options['enable_signature_engine']),
+            'prevent_login_hinting'       => !empty($this->options['prevent_login_hinting']),
+            'enable_email_notifications'  => !empty($this->options['enable_email_notifications']),
+            'enable_signature_engine'     => !empty($this->options['enable_signature_engine']),
             'enable_signature_analysis'   => !empty($this->options['enable_signature_analysis']),
             'enable_signature_blocking'   => !empty($this->options['enable_signature_blocking']),
             'enable_2fa'                  => !empty($this->options['enable_2fa']),
             'enable_xmlrpc_lockdown'      => !empty($this->options['enable_xmlrpc_lockdown']),
+            'enable_2fa'                  => !empty($this->options['enable_2fa']),
+            'enable_xmlrpc_lockdown'      => !empty($this->options['enable_xmlrpc_lockdown']),
             'enable_login_lockdown'       => !empty($this->options['enable_login_lockdown']),
             'enable_404_lockdown'         => !empty($this->options['enable_404_lockdown']),
 …
             'enable_audit_log'            => !empty($this->options['enable_audit_log']),
             'enable_fim'                  => !empty($this->options['enable_fim']),
+            'enable_bot_verification'   => !empty($this->options['enable_bot_verification']),
+            'enable_geo_challenge'      => !empty($this->options['enable_geo_challenge']),
+            'enable_bot_verification'     => !empty($this->options['enable_bot_verification']),
+            'enable_geo_challenge'        => !empty($this->options['enable_geo_challenge']),
             'htaccess_write'              => !empty($this->options['enable_htaccess_write']),
             'htaccess_sync_ips'           => !empty($this->options['enable_htaccess_ip_blocking']),
 …
             'htaccess_hardening_config'   => !empty($this->options['htaccess_protect_wp_config']),
             'htaccess_hardening_readme'   => !empty($this->options['htaccess_protect_readme']),
             'cloudflare_enabled'          => !empty($this->options['enable_cloudflare']),
+            'cloudflare_enabled'          => !empty($this->options['enable_cloudflare']),
             'cloudflare_sync_manual'      => !empty($this->options['cf_sync_manual']),
             'cloudflare_sync_temp'        => !empty($this->options['cf_sync_temporary']),
 …
             'ips_with_active_score'   => (int) $wpdb->get_var("SELECT COUNT(id) FROM {$wpdb->prefix}advaipbl_ip_scores"),
             // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
             'active_malicious_signatures' => (int) $wpdb->get_var($wpdb->prepare("SELECT COUNT(id) FROM {$wpdb->prefix}advaipbl_malicious_signatures WHERE expires_at > %d", time())),
+            'active_malicious_signatures' => (int) $wpdb->get_var($wpdb->prepare("SELECT COUNT(id) FROM {$wpdb->prefix}advaipbl_malicious_signatures WHERE expires_at > %d", time())),
             'geo_challenge_country_count' => count($this->options['geo_challenge_countries'] ?? []),
         ];
+        ];
         $server_ip = $this->get_server_ip();
 …
+            }
+        }
+        return $telemetry_data;
+    }
+    /**
+     * Recopila y envía datos de telemetría anónimos a un endpoint de API REST.
+     * Se ejecuta a través de una tarea de WP-Cron.
+     */
+    public function send_telemetry_data() {
+        if (empty($this->options['allow_telemetry']) || '1' !== $this->options['allow_telemetry']) {
+            return;
+        }
+        // Si tenemos V3 y participamos en la red comunitaria, la telemetría viaja incrustada
+        // en 'execute_community_report' para ahorrar envíos. Se anula el envío V2 aislado.
+        if (!empty($this->options['api_token_v3']) && !empty($this->options['enable_community_network'])) {
+            return;
+        }
+        $telemetry_data = $this->get_telemetry_payload();
         $endpoint_url = 'https://advaipbl.com/wp-json/telemetry/v2/submit';
         $secret_key   = 'yV.vZRp|g6E{zJ,DI7WcMIiGDejmH($$~<0-I$$Bd7Y) D5Z65M/*P:h>w:/E<D<';
+        $headers = [
+            'Content-Type'    => 'application/json',
+            'X-Telemetry-Key' => $secret_key
+        ];
+        // Incluir Token V3 como fallback si llegara aquí, aunque V3 debe saltar arriba.
+        if (!empty($this->options['api_token_v3'])) {
+            $headers['Authorization'] = 'Bearer ' . $this->options['api_token_v3'];
+        }
         wp_remote_post($endpoint_url, [
             'timeout'   => 15,
             'blocking'  => false,
+            'headers'   => [
+                'Content-Type'    => 'application/json',
+                'X-Telemetry-Key' => $secret_key
+            ],
+            'headers'   => $headers,
             'body'      => wp_json_encode($telemetry_data),
         ]);
 …
                 'api_key_ipapicom', 'api_key_ipstackcom', 'api_key_ipinfocom',
                 'api_key_ip_apicom', 'maxmind_license_key', 'push_webhook_urls',
                 'cf_api_token', 'cf_zone_id', 'abuseipdb_api_key'
+                'cf_api_token', 'cf_zone_id', 'abuseipdb_api_key', 'api_token_v3'
             ];
             foreach ($sensitive_keys as $sensitive_key) {
 …
 public function maybe_redirect_to_wizard() {
     if ( get_option( 'advaipbl_run_setup_wizard' ) ) {
+        // Eliminamos la opción para que no se redirija en bucle
+        // Evitar bucles infinitos en servidores con Object Caches muy lentos (ej. LiteSpeed)
+        // comprobando si YA estamos en la ruta de destino.
+        $is_already_on_wizard = ( isset( $_GET['page'] ) && $_GET['page'] === 'advaipbl-setup-wizard' );
         delete_option( 'advaipbl_run_setup_wizard' );
+        if ( ( defined( 'DOING_AJAX' ) && DOING_AJAX ) || isset( $_GET['activate-multi'] ) ) {
+            // Si es una activación masiva, volvemos a añadir la opción para que se muestre el aviso.
+            add_option( 'advaipbl_run_setup_wizard', true );
+        if ( $is_already_on_wizard || ( defined( 'DOING_AJAX' ) && DOING_AJAX ) || isset( $_GET['activate-multi'] ) ) {
+            // Si es activación masiva, volvemos a poner para mostrar mensaje.
+            if ( isset( $_GET['activate-multi'] ) ) {
+                add_option( 'advaipbl_run_setup_wizard', true );
+            }
             return;
+        }
         wp_safe_redirect( admin_url( 'admin.php?page=advaipbl-setup-wizard' ) );
         exit;
 …
+}
 /**
+    /**
      * Ejecuta el envío de reportes a la API central.
      */
     public function execute_community_report() {
+        // 1. Verificar si el usuario participa
+        // 1. Obtener el lote de bloqueos (solo si participa en AIB Network)
+        $payload = [
+            'site_hash' => hash('sha256', home_url()),
+            'version'   => ADVAIPBL_VERSION,
+            'reports'   => []
+        ];
+        global $wpdb;
         if ( empty($this->options['enable_community_network']) ) {
+            // Si no participa, limpiamos la tabla local para no acumular basura
+            global $wpdb;
+            // Si no participa en red, no enviamos reportes de amenazas (pero la telemetria puede enviarse abajo)
             // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
             $wpdb->query("TRUNCATE TABLE {$wpdb->prefix}advaipbl_pending_reports");
+            return;
+        }
+        // 2. Obtener el lote
+        $payload = $this->reporter_manager->get_batch_for_api(100); // 100 reportes por envío
+        if ( empty($payload['reports']) ) {
+            return; // Nada que enviar
+        }
+        // 3. Enviar a la API (V2 con strict anti-poisoning)
+        $api_url = 'https://advaipbl.com/wp-json/aib-network/v2/report';
+        // La API V2 requiere el site_hash explicitamente en el root del JSON para aplicar el Rate Limiting local
+        } else {
+            $gathered_payload = $this->reporter_manager->get_batch_for_api(100);
+            if (!empty($gathered_payload)) {
+                $payload = $gathered_payload;
+            }
+        }
+        $has_reports = !empty($payload['reports']);
+        $has_v3_token = !empty($this->options['api_token_v3']);
+        // 3. Fallback a V2 si no hay token V3 (V2 no agrupa telemetría, aborta si no hay reportes)
+        if (!$has_v3_token && !$has_reports) {
+            return;
+        }
+        // Asegurar site_hash para Rate Limiting V2 o info cruda
         $payload_data = $payload;
         $payload_data['site_hash'] = $payload['site_hash'] ?? hash('sha256', get_site_url());
+        // 4. Parámetros de envío
+        if ($has_v3_token) {
+            $api_url = 'https://advaipbl.com/wp-json/aib-api/v3/report';
+            $headers = [
+                'Content-Type'  => 'application/json',
+                'Authorization' => 'Bearer ' . $this->options['api_token_v3']
+            ];
+            // En V3 inyectamos la telemetría general en el mismo paquete para ahorrar recursos del cliente y servidor
+            if (!empty($this->options['allow_telemetry']) && '1' === $this->options['allow_telemetry']) {
+                $payload_data['telemetry'] = $this->get_telemetry_payload();
+            } else {
+                $payload_data['telemetry'] = [];
+            }
+            // Si después de intentarlo no hay ni amenazas locales ni métricas permitidas, no saturamos la red
+            if (!$has_reports && empty($payload_data['telemetry'])) {
+                return;
+            }
+        } else {
+            // Configuración V2 (Asegurar que nunca llegamos aquí si !$has_reports por la comprobación anterior)
+            $api_url = 'https://advaipbl.com/wp-json/aib-network/v2/report';
+            $headers = [
+                'Content-Type'    => 'application/json',
+                'X-AIB-Site-Hash' => $payload_data['site_hash'],
+            ];
+        }
         $response = wp_remote_post( $api_url, [
+            'body'    => wp_json_encode($payload_data),
+            'headers' => [
+                'Content-Type' => 'application/json',
+                'X-AIB-Site-Hash' => $payload_data['site_hash'], // Cabecera de autenticación simple
+            ],
+            'timeout' => 10,
+            'blocking' => false // "Fire and forget" para no ralentizar el cron
+            'body'     => wp_json_encode($payload_data),
+            'headers'  => $headers,
+            'timeout'  => 5,
+            'blocking' => false
         ]);
-        if ( is_wp_error($response) ) {
-            // Loguear error silenciosamente para debug
-            // error_log('AIB Network Report Failed: ' . $response->get_error_message());
+        }
+    }

advanced-ip-blocker/trunk/includes/class-advaipbl-settings-manager.php

-                      r3464093
+                      r3481949
     add_settings_field('advaipbl_show_admin_bar_menu', __( 'Admin Bar Menu', 'advanced-ip-blocker' ), [$this, 'switch_field_callback'], $page, 'advaipbl_general_settings_section', ['name'  => 'show_admin_bar_menu', 'label' => __( 'Show security menu in the WordPress admin bar', 'advanced-ip-blocker' )]);
     add_settings_section('advaipbl_general_settings_section', null, null, $page);
  add_settings_field(
 …
 // --- AIB COMMUNITY NETWORK SECTION ---
         add_settings_section('advaipbl_community_network_section', null, null, $page);
+        // --- V3 API Connection ---
+        add_settings_field(
+            'advaipbl_api_connection_status',
+            __('AIB Account Connection', 'advanced-ip-blocker'),
+            [$this, 'api_connection_status_callback'],
+            $page,
+            'advaipbl_community_network_section'
+        );
+        add_settings_field(
+            'advaipbl_api_token_v3',
+            __('API Token', 'advanced-ip-blocker'),
+            [$this, 'api_token_field_callback'],
+            $page,
+            'advaipbl_community_network_section',
+            [
+                'name' => 'api_token_v3',
+                'description' => __('Connecting to the Advanced IP Blocker cloud network gives you access to the community blocklist and deep site scanning.', 'advanced-ip-blocker'),
+            ]
+        );
         add_settings_field(
 …
     );
     add_settings_field('advaipbl_restrict_login_page', __( 'Whitelist Login Access', 'advanced-ip-blocker' ), [ $this, 'restrict_login_page_callback' ], $page, 'advaipbl_advanced_login_section');
+    add_settings_field('advaipbl_login_restrict_countries', __( 'Whitelist Login Countries', 'advanced-ip-blocker' ), [ $this, 'geoblock_countries_callback' ], $page, 'advaipbl_advanced_login_section', [
+        'type' => 'login_restrict',
+        'description' => __('Select one or more countries that are allowed to access wp-login.php. If empty, all countries are allowed.', 'advanced-ip-blocker')
+    ]);
     add_settings_section('advaipbl_advanced_xmlrpc_section', null, null, $page);
     add_settings_field('advaipbl_xmlrpc_protection_mode', __('XML-RPC Protection Mode', 'advanced-ip-blocker'), [$this, 'xmlrpc_protection_mode_callback'], $page, 'advaipbl_advanced_xmlrpc_section');
 …
             'xmlrpc_protection_mode', 'geolocation_method', 'trusted_proxies', 'abuseipdb_api_key', 'abuseipdb_action',
             'cf_api_token', 'cf_zone_id', 'community_blocking_action', 'scan_frequency', 'scan_notification_email',
             'fim_alert_email'
+            'fim_alert_email', 'api_token_v3'
         ];
 …
+        }
+        // V3 API Token Validation (only if changed manually)
+        if (isset($new_input['api_token_v3']) && $new_input['api_token_v3'] !== ($this->plugin->options['api_token_v3'] ?? '')) {
+            if (!empty($new_input['api_token_v3'])) {
+                $response = wp_remote_get('https://advaipbl.com/wp-json/aib-api/v3/verify-token', [
+                    'headers' => [
+                        'Authorization' => 'Bearer ' . $new_input['api_token_v3'],
+                        'Accept'        => 'application/json'
+                    ],
+                    'timeout' => 15
+                ]);
+                if (is_wp_error($response) || wp_remote_retrieve_response_code($response) !== 200) {
+                    add_settings_error('advaipbl_settings_messages', 'invalid_v3_token', __('Invalid AIB Cloud Network Token. Connection failed.', 'advanced-ip-blocker'), 'error');
+                    $new_input['api_token_v3'] = $this->plugin->options['api_token_v3'] ?? ''; // Revert to previous or empty
+                }
+            }
+        }
         if (isset($input['geoblock_countries'])) {
             $countries = (array) $input['geoblock_countries'];
 …
             $new_input['geo_challenge_countries'] = [];
+        }
+        if (isset($input['login_restrict_countries'])) {
+            $countries = (array) $input['login_restrict_countries'];
+            $all_country_codes = array_keys($this->plugin->get_country_list());
+            $new_input['login_restrict_countries'] = array_values(array_intersect($countries, $all_country_codes));
+        } else {
+            $new_input['login_restrict_countries'] = [];
+        }
         if (isset($input['recaptcha_score_threshold'])) {
             $new_input['recaptcha_score_threshold'] = $this->plugin->sanitize_score_threshold($input['recaptcha_score_threshold']);
+        }
+        // Purge page caches when security settings are updated
+        $this->plugin->purge_all_page_caches();
         return $new_input;
 …
+        }
+    }
+    /**
+     * Callback para mostrar el estado de la conexión con la API V3.
+     */
+    public function api_connection_status_callback() {
+        $token = $this->plugin->options['api_token_v3'] ?? '';
+        if (empty($token)) {
+            echo '<span class="dashicons dashicons-dismiss" style="color: #d63638;"></span> <strong style="color: #d63638;">' . esc_html__('Not Connected', 'advanced-ip-blocker') . '</strong>';
+            echo '<p class="description">' . esc_html__('Get a Free API Key below to connect your site to the AIB Cloud Network.', 'advanced-ip-blocker') . '</p>';
+        } else {
+            echo '<div id="advaipbl-api-status-container">';
+            echo '<span class="dashicons dashicons-yes-alt" style="color: #00a32a;"></span> <strong style="color: #00a32a;">' . esc_html__('Connected', 'advanced-ip-blocker') . '</strong>';
+            // Si tuviéramos el tipo de plan guardado, lo mostraríamos aquí. Por ahora, asumimos conectado.
+            echo ' <span class="advaipbl-badge advaipbl-badge-free" style="margin-left:5px;">' . esc_html__('AIB Cloud Network', 'advanced-ip-blocker') . '</span>';
+            echo '<p class="description" style="margin-top:5px;">';
+            echo '<button type="button" class="button button-secondary button-small" id="advaipbl-verify-api-token">' . esc_html__('Verify Connection', 'advanced-ip-blocker') . '</button>';
+            echo '<span id="advaipbl-api-verification-result" style="margin-left: 8px;"></span>';
+            echo '</p>';
+            echo '</div>';
+        }
+    }
+    /**
+     * Callback específico para el campo del Token API con ofuscación.
+     */
+    public function api_token_field_callback($args) {
+        $name = $args['name'];
+        $value = isset($this->plugin->options[$name]) ? $this->plugin->options[$name] : '';
+        // Ofuscar si existe
+        $display_val = $value;
+        if (!empty($value) && strlen($value) > 8) {
+            $display_val = substr($value, 0, 4) . str_repeat('•', 24) . substr($value, -4);
+        }
+        echo '<div style="display: flex; gap: 10px; position: relative; align-items: center;">';
+        echo '<div style="display: flex; gap: 10px; max-width: 400px; position: relative; align-items: center;">';
+        // Campo visible al usuario (puede estar ofuscado si ya hay valor)
+        echo '<input type="text" id="advaipbl_' . esc_attr($name) . '_display" class="regular-text" style="font-family: monospace;" ';
+        if (!empty($value)) {
+            echo 'value="' . esc_attr($display_val) . '" disabled';
+            echo '>';
+            // Campo oculto real que se enviará en el formulario POST sólo si no se edita
+            echo '<input type="hidden" name="' . esc_attr(ADVAIPBL_Main::OPTION_SETTINGS) . '[' . esc_attr($name) . ']" id="advaipbl_' . esc_attr($name) . '" value="' . esc_attr($value) . '">';
+            // Botón para editar
+            echo '<button type="button" class="button" id="advaipbl-edit-api-token" title="' . esc_attr__('Edit API Key', 'advanced-ip-blocker') . '"><span class="dashicons dashicons-edit" style="margin-top: 2px;"></span></button>';
+        } else {
+             // Si no hay valor, lo mostramos normal como input type="text" pero que envía
+            echo 'name="' . esc_attr(ADVAIPBL_Main::OPTION_SETTINGS) . '[' . esc_attr($name) . ']" id="advaipbl_' . esc_attr($name) . '" value="" placeholder="AIB_xxxxxxxxxxxxxxxxxxxxxxxxxx">';
+             // Botón mágico para generar clave
+            echo '<button type="button" class="button button-primary" id="advaipbl-get-api-token" title="' . esc_attr__('Get a Free VIP Key instantly', 'advanced-ip-blocker') . '">' . esc_html__('Get Free Key', 'advanced-ip-blocker') . '</button>';
+            echo '<span class="spinner" id="advaipbl-api-token-spinner" style="float:none; margin:0;"></span>';
+        }
+        echo '</div>';
+        if (isset($args['description']) && empty($value)) {
+            echo '<p class="description" style="margin-top:5px;">' . wp_kses_post($args['description']) . '</p>';
+        } else if (!empty($value)) {
+            echo '<p class="description" style="margin-top:5px;">' . esc_html__('Your API key is hidden for security.', 'advanced-ip-blocker') . '</p>';
+        }
+        // Script para manejar la edición y la validación
+        ?>
+        <script>
+        jQuery(document).ready(function($) {
+            $('#advaipbl-edit-api-token').on('click', function(e) {
+                e.preventDefault();
+                var $display = $('#advaipbl_<?php echo esc_js($name); ?>_display');
+                var $hidden = $('#advaipbl_<?php echo esc_js($name); ?>');
+                // Convert display to a real input field connected to POST
+                $display.prop('disabled', false)
+                        .val('')
+                        .attr('name', '<?php echo esc_js(ADVAIPBL_Main::OPTION_SETTINGS); ?>[<?php echo esc_js($name); ?>]')
+                        .focus();
+                // Remove hidden field and button
+                $hidden.remove();
+                $(this).remove();
+            });
+            // Validación simple del lado del cliente antes de enviar
+            $('form').on('submit', function() {
+                var apiTokenInput = $('input[name="<?php echo esc_js(ADVAIPBL_Main::OPTION_SETTINGS); ?>[<?php echo esc_js($name); ?>]"]');
+                if (apiTokenInput.length && !apiTokenInput.prop('disabled')) {
+                    var val = apiTokenInput.val().trim();
+                    if (val !== '' && !val.startsWith('AIB_')) {
+                        alert('<?php echo esc_js(__('Invalid API Key format. It should start with AIB_.', 'advanced-ip-blocker')); ?>');
+                        apiTokenInput.focus();
+                        return false;
+                    }
+                }
+                return true;
+            });
+        });
+        </script>
+        <?php
+    }
     /**
  * Muestra el campo <select> para el modo de protección XML-RPC.
 …
         $type = $args['type'] ?? 'geoblock'; // Por defecto es geoblock para retrocompatibilidad
+        $option_name = ($type === 'geo_challenge') ? 'geo_challenge_countries' : 'geoblock_countries';
+        if ($type === 'geo_challenge') {
+            $option_name = 'geo_challenge_countries';
+            $placeholder_text = __('Search for a country to challenge...', 'advanced-ip-blocker');
+        } elseif ($type === 'login_restrict') {
+            $option_name = 'login_restrict_countries';
+            $placeholder_text = __('Search for an allowed country...', 'advanced-ip-blocker');
+        } else {
+            $option_name = 'geoblock_countries';
+            $placeholder_text = __('Search for a country to block...', 'advanced-ip-blocker');
+        }
         $select_id = 'advaipbl_' . $option_name;
-        $placeholder_text = ($type === 'geo_challenge')
-            ? __('Search for a country to challenge...', 'advanced-ip-blocker')
-            : __('Search for a country to block...', 'advanced-ip-blocker');
         $selected_countries = $this->plugin->options[$option_name] ?? [];
 …
             <?php endforeach; ?>
         </select>
+        <p class="description">
+            <?php esc_html_e( 'Select one or more countries. Type in the box to search.', 'advanced-ip-blocker' ); ?>
+        </p>
+        <?php if (isset($args['description'])) : ?>
+            <p class="description"><?php echo wp_kses_post($args['description']); ?></p>
+        <?php else : ?>
+            <p class="description">
+                <?php esc_html_e( 'Select one or more countries. Type in the box to search.', 'advanced-ip-blocker' ); ?>
+            </p>
+        <?php endif; ?>
         <?php
+    }

advanced-ip-blocker/trunk/includes/class-advaipbl-site-scanner.php

-                      r3469306
+                      r3481949
         $site_hash = hash('sha256', get_site_url());
+        $headers = [
+            'Content-Type' => 'application/json',
+            'X-AIB-Site-Hash' => $site_hash
+        ];
+        // Incluir V3 Token y saltar a endpoint V3 si existe
+        if (!empty($this->plugin->options['api_token_v3'])) {
+            $api_url = 'https://advaipbl.com/wp-json/aib-api/v3/scanner/check';
+            $headers['Authorization'] = 'Bearer ' . $this->plugin->options['api_token_v3'];
+        }
         $response = wp_remote_post( $api_url, [
             'body'    => wp_json_encode( $payload ),
+            'headers' => [
+                'Content-Type' => 'application/json',
+                'X-AIB-Site-Hash' => $site_hash
+            ],
+            'headers' => $headers,
             'timeout' => 15 // Subimos un poco el timeout por si la lista es larga
         ]);
 …
         $api_check_url = 'https://advaipbl.com/wp-json/aib-scanner/v2/check-ip?ip=' . $server_ip;
         $site_hash = hash('sha256', get_site_url());
+        $headers = [
+            'X-AIB-Site-Hash' => $site_hash
+        ];
+        // Incluir V3 Token y saltar a endpoint V3 si existe
+        if (!empty($this->plugin->options['api_token_v3'])) {
+            $api_check_url = 'https://advaipbl.com/wp-json/aib-api/v3/scanner/check-ip?ip=' . $server_ip;
+            $headers['Authorization'] = 'Bearer ' . $this->plugin->options['api_token_v3'];
+        }
         $response = wp_remote_get($api_check_url, [
             'timeout' => 5,
+            'headers' => [
+                'X-AIB-Site-Hash' => $site_hash
+            ]
+            'headers' => $headers
         ]);

advanced-ip-blocker/trunk/js/admin-settings.js

-                      r3455663
+                      r3481949
                 });
         });
+        // Handler específico para el Token API V3
+        $('body').on('click', '#advaipbl-verify-api-token', function (e) {
+            e.preventDefault();
+            const $button = $(this);
+            // El selector del token V3 ahora usa _display o el input oculto tras darle a editar
+            let apiKey = $('#advaipbl_api_token_v3_display').val() || $('#advaipbl_api_token_v3').val();
+            const $statusContainer = $button.closest('.advaipbl-status-indicator');
+            const texts = adminData.text || {};
+            $button.text(texts.verifying_api || 'Verifying...').prop('disabled', true);
+            if (!apiKey || apiKey.indexOf('•') !== -1) { // If it's obfuscated, we just grab the real one
+                apiKey = $('#advaipbl_api_token_v3').val();
+            }
+            if (!apiKey) {
+                showAdminNotice(texts.enter_api_key || 'Please enter an API key first.', 'error');
+                $button.text('Verify Connection').prop('disabled', false);
+                return;
+            }
+            $.post(ajaxurl, {
+                action: 'advaipbl_verify_api_key',
+                nonce: adminData.nonces.verify_api,
+                provider: 'api_token_v3',
+                api_key: apiKey
+            })
+                .done(function (response) {
+                    const $resultSpan = $('#advaipbl-api-verification-result');
+                    if (response.success) {
+                        $resultSpan.text(response.data.message).css({ 'color': 'green', 'font-weight': 'bold' });
+                        $button.text('Verify Connection');
+                    } else {
+                        $resultSpan.text('Error: ' + response.data.message).css({ 'color': 'red', 'font-weight': 'bold' });
+                        $button.text('Verify Connection');
+                    }
+                })
+                .fail(function () {
+                    const $resultSpan = $('#advaipbl-api-verification-result');
+                    $resultSpan.text(texts.ajax_error || 'AJAX error.').css({ 'color': 'red', 'font-weight': 'bold' });
+                    $button.text('Verify Connection');
+                })
+                .always(function () {
+                    $button.prop('disabled', false);
+                });
+        });
+        // Handler para generar una clave gratuita (In-App Registration)
+        $('body').on('click', '#advaipbl-get-api-token', function (e) {
+            e.preventDefault();
+            const $button = $(this);
+            const $spinner = $('#advaipbl-api-token-spinner');
+            const originalText = $button.text();
+            $button.prop('disabled', true).text('Generating...');
+            $spinner.addClass('is-active');
+            $.post(ajaxurl, {
+                action: 'advaipbl_get_free_api_key',
+                nonce: adminData.nonces.verify_api, // Reutilizamos el nonce de ajustes generales
+                _t: Date.now() // Cache buster para Cloudflare
+            })
+                .done(function (response) {
+                    if (response.success) {
+                        showAdminNotice(response.data.message, 'success');
+                        // Actualizar el valor visual localmente sin recargar
+                        const newHtml = `
+                        <input type="text" id="advaipbl_api_token_v3_display" class="regular-text" style="font-family: monospace;" value="${response.data.api_token_visual}" disabled>
+                        <input type="hidden" name="advaipbl_settings[api_token_v3]" id="advaipbl_api_token_v3" value="${response.data.api_token}">
+                        <button type="button" class="button" id="advaipbl-edit-api-token" title="Edit API Key"><span class="dashicons dashicons-edit" style="margin-top: 2px;"></span></button>
+                    `;
+                        // Recargar suavemente para asegurar que todo WordPress capte el Token V3 en backend sin error
+                        // Eliminado reload automático para no perder el token sin guardar.
+                        // setTimeout(() => window.location.reload(), 2000);
+                        // En su lugar, actualizamos el texto de validación también
+                        $('#advaipbl-api-verification-result').html('<span style="color: green;">' + (adminData.text.api_key_generated || 'API Key Generated!') + '</span>');
+                        // Localizar el indicador de estado de la red AIB y cambiarlo a activo visualmente
+                        var $statusIndicator = $('.advaipbl-status-indicator');
+                        if($statusIndicator.length) {
+                             $statusIndicator.css({
+                                 'background': '#f0f6fc',
+                                 'border': '1px solid #cce5ff'
+                             });
+                             $statusIndicator.html('<span class="dashicons dashicons-cloud-saved" style="color: #2271b1; vertical-align: middle;"></span> <strong>' + (adminData.text.protection_active || 'Protection Active:') + '</strong> <span style="margin-left:5px;">Connected (Waiting for first sync)</span>');
+                        } else {
+                             // Si estaba 'Not Connected', no existe el div con esa clase, así que lo inyectamos
+                             var $card = $button.closest('.advaipbl-card');
+                             var $header = $card.find('h3').first();
+                             $header.after('<div class="advaipbl-status-indicator" style="margin-bottom: 15px; padding: 10px; background: #f0f6fc; border: 1px solid #cce5ff; border-radius: 4px;"><span class="dashicons dashicons-cloud-saved" style="color: #2271b1; vertical-align: middle;"></span> <strong>' + (adminData.text.protection_active || 'Protection Active:') + '</strong> <span style="margin-left:5px;">Connected (Waiting for first sync)</span></div>');
+                             // Si hay un texto de 'No Conectado' previo en la tabla, podríamos querer ocultarlo
+                             $card.find('td:contains("Not Connected"), td:contains("No Conectado")').html('<span style="color:green; font-weight:bold;">' + (adminData.text.connected || 'Connected') + '</span>');
+                        }
+                    } else {
+                        showAdminNotice('Error: ' + response.data.message, 'error');
+                        $button.prop('disabled', false).text(originalText);
+                        $spinner.removeClass('is-active');
+                    }
+                })
+                .fail(function () {
+                    showAdminNotice(adminData.text.ajax_error || 'AJAX error.', 'error');
+                    $button.prop('disabled', false).text(originalText);
+                    $spinner.removeClass('is-active');
+                });
+        });
+    }

advanced-ip-blocker/trunk/languages/advanced-ip-blocker-es_ES.po

-                      r3471934
+                      r3481949
 "blocker\n"
 "POT-Creation-Date: 2025-07-22 14:47+0200\n"
 "PO-Revision-Date: 2026-03-01 08:26+0100\n"
+"PO-Revision-Date: 2026-03-11 11:29+0100\n"
 "Last-Translator: \n"
 "Language-Team: \n"
 …
 msgid "ASN blocklist saved successfully."
 msgstr "Lista de bloqueo de ASN guardada exitosamente."
+#: includes/class-advaipbl-settings-manager.php:501
+msgid "Whitelist Login Countries"
+msgstr "Países de inicio de sesión en la lista blanca"
+#: includes/class-advaipbl-settings-manager.php:1210
+msgid ""
+"Select one or more countries that are allowed to access wp-login.php. If "
+"empty, all countries are allowed."
+msgstr ""
+"Seleccione uno o más países con permiso para acceder a wp-login.php. Si deja "
+"el campo vacío, se permite el acceso a todos los países."
+#: includes/class-advaipbl-settings-manager.php:1434
+msgid "AIB Account Connection"
+msgstr "Conexión de cuenta AIB"
+#: includes/class-advaipbl-settings-manager.php:1435
+msgid "Not Connected"
+msgstr "No Conectado"
+#: includes/class-advaipbl-settings-manager.php:1436
+msgid "Get a Free API Key below to connect your site to the AIB Cloud Network."
+msgstr ""
+"Obtenga una clave API gratuita a continuación para conectar su sitio a la "
+"red en la nube de AIB."
+#: includes/class-advaipbl-settings-manager.php:1437
+msgid "API Token"
+msgstr "API Token"
+#: includes/class-advaipbl-settings-manager.php:1438
+msgid "Get Free Key"
+msgstr "Obtener clave gratis"
+#: includes/class-advaipbl-settings-manager.php:1439
+msgid ""
+"Connecting to the Advanced IP Blocker cloud network gives you access to the "
+"community blocklist and deep site scanning."
+msgstr ""
+"Al conectarse a la red en la nube de Advanced IP Blocker, tendrá acceso a la "
+"lista de bloqueo de la comunidad y al escaneo profundo del sitio."
 #: includes/class-advaipbl-main.php:3078

advanced-ip-blocker/trunk/languages/advanced-ip-blocker.pot

-                      r3476940
+                      r3481949
 msgid ""
 msgstr ""
 "Project-Id-Version: Advanced IP Blocker 8.8.9\n"
+"Project-Id-Version: Advanced IP Blocker 8.9.0\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/advanced-ip-blocker\n"
 "POT-Creation-Date: 2025-07-22 14:47+0200\n"
 …
 msgstr ""
+#: includes/class-advaipbl-settings-manager.php:501
+msgid "Whitelist Login Countries"
+msgstr ""
+#: includes/class-advaipbl-settings-manager.php:1210
+msgid "Select one or more countries that are allowed to access wp-login.php. If empty, all countries are allowed."
+msgstr ""
+#: includes/class-advaipbl-settings-manager.php:1434
+msgid "AIB Account Connection"
+msgstr ""
+#: includes/class-advaipbl-settings-manager.php:1435
+msgid "Not Connected"
+msgstr ""
+#: includes/class-advaipbl-settings-manager.php:1436
+msgid "Get a Free API Key below to connect your site to the AIB Cloud Network."
+msgstr ""
+#: includes/class-advaipbl-settings-manager.php:1437
+msgid "API Token"
+msgstr ""
+#: includes/class-advaipbl-settings-manager.php:1438
+msgid "Get Free Key"
+msgstr ""
+#: includes/class-advaipbl-settings-manager.php:1439
+msgid "Connecting to the Advanced IP Blocker cloud network gives you access to the community blocklist and deep site scanning."
+msgstr ""
 #: includes/class-advaipbl-main.php:3078
 #, php-format

advanced-ip-blocker/trunk/readme.txt

-                      r3476940
+                      r3481949
 Requires at least: 6.7
 Tested up to: 6.9
 Stable tag: 8.8.9
+Stable tag: 8.9.0
 Requires PHP: 8.1
 License: GPLv2 or later
 …
 **Key Features:**
+*   **(NEW) AIB Cloud Network V3:** Upgrade to the next-generation distributed threat intelligence network. The new API V3 provides secure, individual API Keys per site, drastically improving synchronization reliability, threat telemetry, and global network stability.
+*   **(NEW) Whitelist Login Countries:** Take absolute control over administrative access. Easily restrict your WordPress login page and XML-RPC to only allow connections from specific, whitelisted countries, instantly blocking unauthorized foreign login attempts.
 *   **(IMPROVED) Bulk Import/Export for Blocked IPs & Whitelist:** Seamlessly import massive lists of IPs via CSV or manual entry. The system now features a bulletproof "Bulk Import" type, strict duration inheritance, and intelligent conflict resolution.
 *   **(NEW) Internal Security & Forensics:** A complete audit suite solely for WordPress. Track every sensitive event (plugin installs, settings changes, user logins) and monitor your critical files for unauthorized modifications with the integrated File Integrity Monitor.
 …
 == Changelog ==
+= 8.9.0 =
+*   **NEW MAJOR FEATURE:** AIB Cloud Network V3. We've completely overhauled our Community Defense Network infrastructure. The new API V3 introduces secure, individual API Keys for every connected site, drastically improving synchronization reliability, security telemetry, and overall network stability.
+*   **NEW FEATURE:** Whitelist Login Countries. A highly requested feature! You can now explicitly select which countries are allowed to access your WordPress login page (`wp-login.php`) and XML-RPC, automatically blocking all other nations.
+*   **ENHANCEMENT:** Upgraded the "Verify Connection" UI for the Cloud Network to provide instant, inline diagnostic feedback (success/error) without page reloads.
+*   **CRITICAL FIX:** Resolved an issue where verifying an API key could trigger local 404 block rules due to an incorrect HTTP request method (POST instead of GET).
+*   **ROBUSTNESS:** Improved plugin uninstallation logic. When using the "Delete All Data" option, the plugin now seamlessly unregisters the local API Key from the Central Server to keep your account clean for future reinstallations.
+*   **ROBUSTNESS:** Prevented the automatic AIB Network protection list from getting stuck on "Downloading..." if an API key fails to generate due to rate limiting on a fresh install.
 = 8.8.9 =
 *   **SECURITY UPDATE:** Fixed an issue where the "Export Template" feature was inadvertently including sensitive API keys (`cf_api_token`, `cf_zone_id`, `abuseipdb_api_key`) in the generated JSON. Templates are now completely clean of private tokens.
 …
 *   **MAINTENANCE:** Analyzed and ensured that the background Cloudflare Sync task (`advaipbl_cloudflare_sync_event`) schedules properly.
-= 8.8.8 =
-*   **CRITICAL FIX:** Resolved an issue where IPs imported via the Bulk Import tool were not immediately synchronized with the Server-Level Firewall (`.htaccess`). Synchronization is now instantaneous and safely batched.
-*   **CRITICAL FIX:** Addressed a regression introduced in the `.htaccess` fix where Cloudflare Edge Firewalls stopped synchronizing imported IPs. Bulk Imports will now immediately trigger a background Cloudflare Sync Event to safely upload large IP batches without dropping connections.
-= 8.8.7 =
-*   **ENHANCEMENT:** Bulk Import overhaul. Imported IPs are now strictly categorized under a new `bulk_import` block type, fixing issues where imported blocks were permanently categorized as Manual blocks.
-*   **ENHANCEMENT:** Streamlined the "Bulk Import" modal UI. Removed the redundant "Reason" field since all imports now securely force the "Bulk Import" reason programmatically to ensure filtering reliability.
-*   **UX/SECURITY:** Changed the default duration in the Bulk Import block modal from "Permanent" to "24 Hours". This is in line with strict security industry standards, preventing unmanageable boundless table growth from unintended permanent bans.
-*   **ROBUSTNESS:** Enhanced JavaScript handling in the Bulk Import modal to prevent caching issues from crashing the import button.
-= 8.8.6 =
-*   **SECURITY ENHANCEMENT:** Upgraded the Threat Intelligence synchronization engine. Client scanning endpoints now enforce an authenticated V2 handshake to prevent unauthorized harvesting of the vulnerability database.
-*   **OPTIMIZATION:** The AIB Community Network now fully offloads blocklist distribution to the Cloudflare Edge, dramatically improving sync speed and eliminating server load during large blocklist updates.
-= 8.8.5 =
-*   **CRITICAL FIX (AJAX/Editor Conflict):** Resolved a severe conflict where the "Attack Signature Engine" was incorrectly intercepting background AJAX requests (like `admin-ajax.php`), causing infinite loading loops in page builders (Elementor) and our own Security Dashboard. Standard AJAX and REST API requests are now safely excluded.
-*   **PERFORMANCE (Cloudflare Sync):** Implemented a "Memory Reconciliation" (Delta Sync) module for Cloudflare. The plugin now fetches active rules via a single API call and only pushes missing IPs (the delta) to Cloudflare, eliminating the `cURL error 28: Operation timed out` that occurred when syncing large databases on shared hosting.
-= 8.8.4 =
-*   **CRITICAL FIX:** Resolved the "Spamhaus Drop List" automatic update failure. The cron job is now correctly registered and updating the list daily.
-*   **FIX:** Fixed a UI issue where the "Bulk Import" form in the Whitelist section was displaying inline instead of in a modal.
-= 8.8.3 =
-*   **NEW FEATURE:** "Impersonator Detection" (Fake Crawler Protection). Bots claiming to be Google/Bing are now verified via DNS. If they fail, they are flagged as "Impersonators" and blocked/logged.
-*   **NEW FEATURE:** Bulk Import/Export for IP Lists! Easily manage large IP whitelists via CSV/Text.
-*   **ENHANCEMENT:** Attack Signature Notifications. You can now configure the frequency (Instant, Daily, Weekly) and recipients for signature detection alerts.
-*   **FIX:** Resolved a critical issue where "Signature Flagged" events were missing from the Security Log filters.
-*   **FIX:** Fixed an incorrect log call in the login protection logic that caused PHP warnings.
-= 8.8.2 =
-*   **NEW FEATURE:** Granular Site Scanner settings. You can now enable/disable specific checks (SSL, Updates, PHP, WP, Debug) to tailor the scanner to your environment.
-*   **IMPROVEMENT:** The Site Scanner now respects user preferences and skips disabled checks in both manual and scheduled scans.
-*   **IMPROVEMENT:** Refined logic to prevent "skipped" checks from triggering false positive email alerts.
-*   **DEV:** Added `apply_filters('advaipbl_site_scanner_results')` for developer customization.
-= 8.8.1 =
-*   **CRITICAL FIX:** Resolved a PHP Fatal Error in the AbuseIPDB module that occurred when the API rate limit was exceeded.
-*   **COMPATIBILITY:** Fixed XML-RPC compatibility issues with external editors (like MarsEdit). Valid authenticated requests now correctly bypass 2FA and 404/403 Lockdown protections.
-*   **FIX:** Added missing event logging for "Signatures Flagged" in the Security Log.
-*   **I18N:** Added missing translator comments to signature flagging reason strings.
-= 8.8.0 =
-*   **MAJOR REFACTOR:** Complete architectural modernization. The plugin core has been refactored into modular "Managers", significantly improving stability, maintainability, and code organization.
-*   **PERFORMANCE:** JavaScript assets have been split into feature-specific modules (Admin, Rules, Logs), reducing the initial page load weight and improving admin panel responsiveness.
-*   **IMPROVEMENT:** Centralized Cron Manager. Background tasks are now handled by a dedicated controller, ensuring reliable scheduling and clean uninstallation of all events.
-*   **IMPROVEMENT:** Enhanced "Plan A" reliability for REST API protection. The User Enumeration blocking logic now respects both IP and User-Agent whitelists.
-*   **STABILITY:** Fixed various legacy bugs and race conditions identified during the code audit.
-= 8.7.5 =
-*   **CRITICAL FIX:** Improved database integrity checks. The update process now strictly verifies the existence of all critical tables (like Blocked IPs and Signatures) and re-creates them if missing. This resolves improper installation states where tables might be absent after a file-only update.
-*   **FIX:** Resolved an "Invalid rule data received" error when creating Advanced Rules with regex patterns. The JSON handling logic now correctly preserves escaped characters (backslashes).
-*   **FIX:** Addressed a false positive in the SSL DeepScan where cron/loopback requests could report SSL as critical. The scanner now verifies the site's configured URL protocol in addition to the current connection.
-= 8.7.4 =
-*   **NEW FEATURE:** Threat Intelligence Services (AIB Community & AbuseIPDB) now support the "JavaScript Challenge" action in addition to instant blocking. This allows you to verify suspicious traffic without blocking it outright, saving server resources.
-*   **NEW FEATURE:** Internal Security & Forensics (Audit Logs) now support Push Notifications (Webhooks). Get instant alerts on Slack/Discord when critical audit events occur.
-*   **FIX:** Resolved a synchronization issue in the "Block Duration" logic. The Blocked IPs table, Security Logs, and Notifications now consistently display the correct duration (e.g., 1440 mins) instead of defaulting to "Permanent" or showing discrepancies for Impersonation blocks.
-*   **FIX:** Fixed the "Bot Impersonation" logic to correctly register the configured "Threat Score" points (e.g., 100/100) in the IP Trust Log before executing the immediate block.
-*   **FIX:** Improved Unblock logic. Manually unblocking an IP (or using "Unblock All") now automatically removes it from the "Pending Reports" queue, preventing false positives from being sent to the Community Network.
-*   **Code Quality:** Addressed various PHPCS warnings, including a security improvement in output escaping logic.
-= 8.7.3 =
-*   **FEATURE:** Added search functionality to the "Blocked IPs" list, allowing admins to quickly find specific IPs or ranges.
-*   **FIX:** Resolved "Table doesn't exist" error in the Audit Log when the feature is inactive.
-*   **FIX:** Corrected "Array to string conversion" warning in Community Blocklist updates due to complex whitelist formats.
-*   **IMPROVEMENT:** Enhanced robustness of IP whitelisting logic during community feed synchronization.
-= 8.7.2 =
-*   **Fix (PHP 8.1+ Compatibility):** Resolved a deprecated warning ("passing null to parameter") in WordPress core. Updated the internal `status_header` hook usage to strict compliance.
-*   **Fix:** Resolved a PHP warning ("Undefined variable $type") that occurred when removing IPs from the whitelist via the admin interface.
-*   **Performance:** Optimized the Blocklist Generator. It now uses a "Fast Mode" to skip expensive DNS lookups during bulk generation, fixing execution timeouts on large lists.
-*   **Improvement:** Migrated the Cloudflare "Clear All Rules" operation to a background asynchronous task, preventing UI freezes.
-= 8.7.1 =
-*   **Performance:** Migrated the Cloudflare "Clear All" operation to a background process (Async). This ensures instant UI feedback and prevents PHP timeouts when clearing thousands of rules.
-*   **Critical Fix (Priority):** Resolved a logic error where the AbuseIPDB check (Priority 10) was ignoring Global URI Exclusions. Excluded URLs are now correctly bypassed before any API calls.
-*   **Fix:** The "Unblock All" button now correctly removes all plugin-managed rules (`[AIB]` tagged) from Cloudflare, fixing potential "phantom blocks" synchronization issues.
-*   **Maintenance:** Improved plugin deactivation/uninstall routines to ensure all scheduled background tasks are properly cleaned up.
-= 8.7 =
-*   **NEW MAJOR FEATURE: Internal Security & Forensics Suite.** A comprehensive auditing system that tracks user activity (Audit Log) and monitors file system integrity (FIM) to detect breaches or unauthorized changes.
-*   **NEW FEATURE: Activity Audit Log.** Records critical events like plugin changes, setting updates, and login activity. Includes a searchable UI and automated log rotation.
-*   **NEW FEATURE: File Integrity Monitor (FIM).** Automatically scans critical core and plugin files for unauthorized modifications. Alerts you instantly via email if a file hash changes.
-*   **NEW FEATURE: Deep Scan Email Reports.** Enhanced weekly security report now includes "Pending Updates" status and a summary of known vulnerabilities, keeping you informed without logging in.
-*   **Enhancement:** Added "Downloads History" to the Telemetry Dashboard card.
-*   **Enhancement:** Improved "Clear Audit Logs" reliability with AJAX handling.
-*   **Security Fix:** Fixed CSP header to correctly allow Stripe/Sift scripts only on the "About" page.
-*   **Fix:** Resolved a race condition in AbuseIPDB checks that could cause duplicate email notifications.
-*   **Fix:** Addressed various PHPCS and linting warnings for cleaner code.
-= 8.6.11 =
-*   **Critical Fix (ASN Whitelisting):** Corrected a validation issue where ASN Whitelist entries with comments (e.g., "AS32934 # Facebook") were failing the strict check. The logic now properly sanitizes the whitelist before validation.
-*   **Critical Fix (IPv6):** Fixed CIDR validation logic to correctly support 128-bit IPv6 ranges. Previously, it was incorrectly restricted to 32 bits, causing valid IPv6 ranges to be rejected.
-*   **Improvement (Geolocation):** Implemented a robust fallback mechanism. If the Local MaxMind Database lookup fails (or finds no data), the system now seamlessly attempts to fetch the data via the real-time API, ensuring critical ASN/Country checks don't fail silently.
-= 8.6.10 =
-*   **NEW FEATURE: Enhanced Lockdown Forensics.** Added detailed sampling for Distributed Lockdown events (404/403). Administrators can now see the exact URIs, timestamps, and user-agents of the requests that triggered a lockdown in the details popup.
-*   **Fix:** Resolved a PHP warning (`undefined variable $block_reason_code`) in the `monitor_threat_score` function, ensuring cleaner error logs.
-= 8.6.9 =
-*   **NEW FEATURE: Username Blocking.** Added "Username" as a new condition type for Advanced Rules. You can now create rules to Block, Challenge, or Score login attempts based on specific usernames (e.g., block "admin" or "test").
-*   **Enhanced Notifications:** Enabled Email and Push notifications for Distributed Lockdowns (404/403 errors), ensuring administrators are alerted when these automated defenses kick in.
-*   **Security Fix (Compliance):** Added strict direct file access protection to `advaipbl-loader.php`. Implemented a smart check to satisfy security scanners (Plugin Check) while maintaining Edge Mode compatibility.
-*   **Improvement (Logging):** Added "Endpoint Challenge" event logging. Challenges served by the 404/403 Lockdown system are now properly recorded in the Security Log for auditing.
-*   **Improvement (Smarter Scanning):** Enhanced theme detection logic in the Site Scanner to better identify active themes even when standard WordPress functions return incomplete data.
-*   **Improvement (Onboarding):** New installations now come with a default whitelist of safe ASNs (Cloudflare, Google, etc.) to prevent accidental blocking of critical infrastructure.
-= 8.6.8 =
-*   **NEW MAJOR FEATURE: Admin Bar Menu.** Added a comprehensive "Security" menu to the WordPress Admin Bar. Administrators can now quickly access settings, flush caches, view logs, and toggle "Panic Mode" from any page.
-*   **NEW FEATURE: Distributed Lockdown (403/404).** Introduced a smart defense mechanism that automatically locks down the site for an IP subnet or country if they trigger excessive 404 or 403 errors, protecting against distributed brute-force and resource probing.
-*   **Critical Fix (ASN Whitelisting):** Resolved a logic conflict that prevented API-based geolocation users from successfully whitelisting critical services like Stripe or Google via their ASN.
-*   **Bugfix:** Fixed a JavaScript error ("cannot read properties of undefined") on the Post Editor screen that could interrupt the "Add Tag" functionality.
-*   **Telemetry:** Enhanced telemetry to track the usage of the new Distributed Lockdown features.
-= 8.6.7 =
-*   **NEW MAJOR FEATURE: HTTP Security Headers.** Added a comprehensive manager to easily configure and enforce security headers (HSTS, X-Frame-Options, CSP, etc.) directly from the dashboard. This improves your site's security grade and protects users from browser-based attacks.
-*   **Enhancement:** Integrated the "Security Headers" menu into the Admin Bar for quick access.
-*   **Critical Fix (Advanced Rules):** Refined the "Allow" rule logic. Global Allow rules now correctly bypass subsequent IP checks (like AbuseIPDB), ensuring that whitelisted traffic is never blocked by external threat intelligence.
-*   **UX:** Added a direct help link to the Security Headers page.
-= 8.6.6 =
-*   **Critical Security Fix (Zero-Tolerance):** "Impersonation" events are now blocked instantly, bypassing the Threat Scoring system. This ensures that any bot pretending to be Google/Bing but failing DNS verification is stopped immediately, regardless of score settings.
-*   **Logic Refinement (The "Equilibrium" Fix):** Reordered the security check priority. The "Allow" Advanced Rules and IP Whitelists are now evaluated *before* the global blocklists (like Community Network). This allows administrators to create effective "bypass rules" for IPs that might be listed in global blacklists.
-*   **Documentation:** Added verified credits for AbuseIPDB and Wordfence Intelligence. Added context-aware help links for reCAPTCHA settings.
-*   **Code Quality:** Addressed strict PHPCS warnings (SQL preparation, Nonce verification, Output escaping) across the codebase for improved security and stability.
-= 8.6.5 =
-*   **Improvement: Enhanced the "Known Bot Verification" engine. Refined DNS validation logic to better handle specific SEO crawlers (like Ahrefs, MJ12bot) and IPv6 configurations, preventing false "Impersonation" blocks.
-*   **Fix: Resolved a DNS resolution edge case where hostnames with trailing dots could cause validation failures on some server environments.
-*   **Tweak: Updated the default list of User-Agents and WAF rules to include protection against modern scraper libraries (Scrapy, Go-http-client).
-= 8.6.4 =
-*   **Critical Fix (Performance): Resolved a bug where the "Community List Update" cron job could be scheduled multiple times, causing excessive background tasks. This update automatically cleans up duplicate events.
-*   **NEW FEATURE: Server Reputation Scanner. Added a tool in the "Site Scanner" tab to check if your server's IP address is blacklisted by Spamhaus or AbuseIPDB, helping you identify hosting-related issues.
-*   **Improvement: Optimized the cron scheduling logic to prevent future duplication of tasks.
-*   **Improvement: Enhanced the Site Scanner UI with clearer status indicators and action buttons.
-= 8.6.3 =
-*   **NEW MAJOR FEATURE: Site Health & Vulnerability Scanner. Added a comprehensive security audit tool. It checks for critical issues like outdated PHP, debug mode risks, and scans your plugins/themes against a database of 30,000+ known vulnerabilities.
-*   **Architecture Upgrade: Migrated the "Community Defense Network" IP list to a dedicated custom database table for extreme performance and scalability. This eliminates memory overhead even with thousands of blocked IPs.
-*   **Compatibility: Verified full compatibility with WordPress 6.9.
-*   **UI Enhancement: Added help icons and direct documentation links to advanced settings for easier configuration.
-*   **Improvement: The setup wizard now automatically enables the Server-Level Firewall (.htaccess) for stronger default protection.
-= 8.6.2 =
-*   **NEW MAJOR FEATURE: Community Defense Network (Beta). Launched our collaborative threat intelligence network. You can now opt-in to share anonymized attack reports and protect your site with a global blocklist generated from verified community data.
-*   **Enhancement: Increased default block duration to 24 hours (1440 mins) for stronger protection and better data quality for the community network.
-*   **Performance: Optimized the wp_options storage for the community blocklist to prevent autoloading, ensuring zero impact on site load time.
-*   **Security Hardening: Updated default WAF rules to include protection against Scrapy, Go-http-client, and common log/backup file scanners (.sql, .log).
-*   **Improvement: The "Clean Expired IPs" cron job now automatically syncs removals with Cloudflare and Htaccess, ensuring that temporary bans are lifted correctly across all firewalls.
-*   **Fix: Resolved a display issue where the "Settings" tab content could be malformed if certain options were disabled.
-= 8.6.1 =
-*   **NEW MAJOR FEATURE: Cloud Edge Defense. Introducing cloud-based blocking. Integrate seamlessly with Cloudflare to sync your "Manually Blocked" and "Permanent" IPs directly to the Cloudflare Firewall (WAF). This stops attackers at the network edge, reducing server load to zero.
-*   **NEW MAJOR FEATURE: Server-Level Firewall. Added a high-performance module that writes blocking rules and file hardening directives (wp-config.php, .git, etc.) directly to your .htaccess file. Includes automatic backups and dual-stack Apache support.
-*   **Critical Fix: Resolved a false positive issue affecting legitimate iOS users (iCloud Private Relay) and social media link previews, which were incorrectly flagged as "Bot Impersonators".
-*   **Enhancement: Completely redesigned the Settings experience with a new "Help Center" approach, providing direct links to documentation for complex features.
-*   **Enhancement: Updated the Setup Wizard to include Server-Level Firewall activation and better guidance for advanced integrations.
-*   **Performance: Optimized the IP blocking logic to handle bulk actions efficiently by updating external firewalls (Htaccess/Cloudflare) only once per batch.
-*   **Telemetría: Updated data points to track adoption of Cloudflare and Htaccess features.
-= 8.6.0 =
-*   **NEW MAJOR FEATURE: Server-Level Firewall (.htaccess).** Introducing the ultimate performance upgrade. You can now write blocking rules directly to your server's `.htaccess` file. This blocks threats before WordPress loads, saving massive server resources. Includes automatic backups, proxy awareness (`SetEnvIF`), and support for Apache 2.2/2.4.
-*   **Feature: File Hardening.** Easily block access to sensitive system files (`wp-config.php`, `readme.html`, etc.) at the server level.
-*   **Feature: Auto-Synchronization.** Automatically syncs your "Manually Blocked" and "Permanent" IPs from the database to the server firewall.
-*   **Feature: Temporary Block Offloading.** Optionally push temporary blocks (like 404 abusers or failed logins) to the server firewall for the duration of their ban.
-*   **Critical Fix: Bot Verification.** Resolved a false positive issue where legitimate iOS users (using iCloud Private Relay) or social media app browsers (Instagram/Facebook in-app) were being blocked as "Bot Impersonators". The verification logic has been refined to exclude social bots from strict DNS checks while maintaining security for search engine crawlers.
-*   **Enhancement:** Updated Telemetry receiver to track the adoption of the new firewall features.
-*   **UI/UX:** Integrated the new firewall controls into the main Settings tab for a streamlined experience.
 == Upgrade Notice ==
+= 8.8.9 =
+**SECURITY UPDATE:** Patches a vulnerability in the Settings exporter where the "Template (No API Keys)" file was accidentally leaking Cloudflare and AbuseIPDB API keys. Update immediately if you plan to export your configuration templates to share with others.
+= 8.8.8 =
+**CRITICAL UPDATE:** Fixes a `.htaccess` synchronization bug with the Bulk Import tool. Resolves a regression where Bulk Imports stopped pushing new blocks to Cloudflare. Update immediately to ensure imported IPs are actively blocking threats at both the server level and the cloud edge.
+= 8.8.7 =
+**FEATURE & UX UPDATE:** Overhauled the Bulk Import Blocked IPs functionality. Includes a new `bulk_import` filtering type and smarter, safer defaults (24 hours instead of Permanent).
+= 8.8.6 =
+**SECURITY UPDATE:** Introduces V2 authenticated synchronization for threat intelligence endpoints and shifts blocklist distribution to Cloudflare Edge. Recommended update for all users.
+= 8.8.5 =
+**CRITICAL UPDATE:** Fixes infinite loading conflicts with Elementor and background AJAX requests. Also resolves Cloudflare synchronization timeouts. Update immediately.
+= 8.8.4 =
+**CRITICAL UPDATE:** Fixes automatic Spamhaus updates and Bulk Import display issues. Update immediately.
+= 8.8.3 =
+**NEW FEATURES:** Impersonator Detection & Bulk Whitelist Import! Also fixes a critical issue with Security Log visibility and improves notification logic.
+= 8.8.2 =
+**FEATURE UPDATE:** Granular Site Scanner controls! You can now selectively enable/disable specific security checks (SSL, Updates, etc.) to prevent false positives.
+= 8.9.0 =
+**MAJOR UPDATE:** This release launches the AIB Cloud Network V3 and the powerful "Whitelist Login Countries" feature. Update immediately to connect to the new, more secure threat intelligence network infrastructure and take absolute control over your login page access.

advanced-ip-blocker/trunk/uninstall.php

-                      r3476940
+                      r3481949
 if ( ! empty( $settings_option['delete_data_on_uninstall'] ) && '1' === $settings_option['delete_data_on_uninstall'] ) {
+    // --- 0. UNREGISTER FROM CENTRAL SERVER ---
+    // Must be done before options are deleted from the database
+    $api_token = $settings_option['api_token_v3'] ?? '';
+    if (!empty($api_token)) {
+        wp_remote_post('https://advaipbl.com/wp-json/aib-api/v3/unregister', [
+            'headers' => [
+                'Authorization' => 'Bearer ' . $api_token,
+                'Content-Type'  => 'application/json',
+                'Accept'        => 'application/json'
+            ],
+            'timeout' => 10,
+            'blocking' => false // No need to wait for response during uninstall
+        ]);
+    }
     global $wpdb;
 …
+    }
     // --- 3. Borrar Transients ---
+    // --- 4. Borrar Transients ---
     // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
     $wpdb->query( $wpdb->prepare( "DELETE FROM {$wpdb->options} WHERE `option_name` LIKE %s OR `option_name` LIKE %s", $wpdb->esc_like( '_transient_advaipbl_' ) . '%', $wpdb->esc_like( '_transient_timeout_advaipbl_' ) . '%' ) );
     // --- 4. Borrar Metadatos de Usuario de 2FA ---
+    // --- 5. Borrar Metadatos de Usuario de 2FA ---
     // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
     $wpdb->query( $wpdb->prepare( "DELETE FROM {$wpdb->usermeta} WHERE `meta_key` LIKE %s", $wpdb->esc_like( '_advaipbl_2fa_' ) . '%' ) );

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory

Context Navigation

Changeset 3481949

Legend:

advanced-ip-blocker/trunk/advanced-ip-blocker.php

advanced-ip-blocker/trunk/css/advaipbl-styles.css

advanced-ip-blocker/trunk/includes/class-advaipbl-action-handler.php

advanced-ip-blocker/trunk/includes/class-advaipbl-admin-pages.php

advanced-ip-blocker/trunk/includes/class-advaipbl-ajax-handler.php

advanced-ip-blocker/trunk/includes/class-advaipbl-community-manager.php

advanced-ip-blocker/trunk/includes/class-advaipbl-main.php

advanced-ip-blocker/trunk/includes/class-advaipbl-settings-manager.php

advanced-ip-blocker/trunk/includes/class-advaipbl-site-scanner.php

advanced-ip-blocker/trunk/js/admin-settings.js

advanced-ip-blocker/trunk/languages/advanced-ip-blocker-es_ES.po

advanced-ip-blocker/trunk/languages/advanced-ip-blocker.pot

advanced-ip-blocker/trunk/readme.txt

advanced-ip-blocker/trunk/uninstall.php

Download in other formats: