چۈشەندۈرۈش

Ad blockers affect publisher revenues. Revenue Shield is an advanced solution designed for publishers to recover lost ad revenue by asking users to whitelist your site, while also providing powerful security hardening and WAF features.

🛑 REVENUE SHIELD ENGINE

Free (Lite) Features:
* Smart Detection: Detects basic adblockers via DOM element checks.
* Customizable Warning: Change the warning title and message to fit your brand.
* Dismissible Popups: Allow users to close the warning and continue reading by simply clicking «Skip» or pressing the ESC key.

PRO Features:
* Hard-Lock Engine: Removes the «Skip» button and disables the ESC key.
* Polymorphic Anti-Tamper: Randomizes HTML/CSS/JS variables per reload to defeat AdBlock static rules and Inspect Element bypassing.
* Content Blurring: Adds a premium frosted-glass blur over your entire website content.
* AdBlock Redirect: Instantly redirect adblock users to a specific URL instead of a popup.
* rDNS SEO Bot Verification: Uses cached Reverse DNS lookup to securely verify real Google/Bing bots.

🔒 SYSTEM HARDENING & SECURITY

Free (Lite) Features:
* Customizable Brute Force Protection: Limit malicious login attempts based on IP with adjustable max retries and lockout durations.
* Hide WP Version: Removes your WordPress version from the source code.
* Disable File Editor: Prevents editing theme/plugin files directly from the dashboard.
* Custom DB Logging: Threat logs and statistics are stored in custom, highly optimized database tables to prevent wp_options bloat and ensure maximum server performance.

PRO Features:
* Enterprise WAF Engine: Scans GET, POST, COOKIE, and User-Agent parameters. Automatically decodes Base64/URL payloads to detect hidden XSS, SQLi, and LFI attacks.
* Malicious File Upload Protection: Scans the $_FILES array to block dangerous extensions (.php, .phtml, .svg, .exe) uploaded via forms or comments.
* Geo-Blocking: Block specific countries from accessing your WordPress login portal using ISO country codes.
* Manual IP Blacklist: Instantly block specific malicious IP addresses at the server level.
* Hide Login Page: Change your wp-login.php path to a secret custom URL (e.g., /my-secret-door).
* DDoS Rate Limiting: Blocks IPs making excessive requests (e.g., >120 requests per minute).
* Block Empty User-Agents: Blocks primitive scrapers and bad bots that send no browser identity.
* Disable XML-RPC: Blocks the WordPress XML-RPC endpoints to prevent pingback attacks.
* CSV Export: Easily export your Threat Logs to a CSV file for enterprise reporting.

ئورنىتىش

Upload the revenue-shield folder to the /wp-content/plugins/ directory.
Activate the plugin through the ›Plugins‹ menu in WordPress.
Navigate to the Revenue Shield menu in your WordPress admin dashboard.
Customize your warning message and toggle on your desired Security levels.

FAQ

How does the Brute Force protection block attackers?: The plugin uses the standard WordPress Transients API to log failed attempts. You can customize the maximum number of retries and the lockout duration directly from the settings panel. Blocked IPs and targeted usernames are also recorded in your Threat Logs.
Is the plugin heavy on my server?: No. The rules are written in native PHP and heavily utilize caching/transients. As of version 1.1.8, all logs and stats are routed to custom database tables, ensuring zero database bottlenecks even under heavy DDoS or Brute Force attacks.

باھالاشلار

بۇ قىستۇرمىغا تېخى باھا يېزىلمىدى.

تۆھپىكار ۋە ئىجادكار

«Revenue Shield» كودى ئوچۇق يۇمشاق دېتال. تۆۋەندىكى كىشىلەر بۇ قىستۇرمىغا تۆھپە قوشقان.

«Revenue Shield» نى تىلىڭىزغا تەرجىمە قىلىڭ

ئىجادىيەتكە قىزىقامسىز؟

كودقا كۆز يۈگۈرتۈپ، SVN خەزىنە تەكشۈرۈپ ياكى RSSئارقىلىق ئىجادىيەت خاتىرىسىگە مۇشتەرى بولغىلى بولىدۇ.

ئۆزگىرىش خاتىرىسى

1.1.8

Feature: Added Custom Database Tables (wp_revshield_logs and wp_revshield_stats) to prevent wp_options bloat and ensure enterprise-level performance during heavy bot attacks.
Feature: Added Malicious File Upload Protection (PRO) to block dangerous extensions (.php, .exe, .svg) in $_FILES.
Feature: Added Manual IP Blacklist (PRO) to instantly block specific IPs.
Feature: Added Geo-Blocking (PRO) to restrict login page access by country code.
Feature: Added CSV Export and Pagination for Threat Logs.
Enhancement: Advanced WAF Engine now decodes and inspects Base64 and URL-encoded payloads for hidden SQLi/XSS attacks.

1.1.7

Feature: Limit Login Attempts is now fully customizable. You can set Max Retries and Lockout Time directly from the UI.
Feature: Brute Force lockouts are now automatically recorded and displayed in the Threat Logs tab.
Enhancement: Upgraded the Enterprise WAF Engine with broader, OWASP-level regex rules covering more SQLi, XSS, LFI, and Bad Bot patterns.
Fix: Resolved a rolling-window logic bug in the DDoS Rate Limiting engine where the block timer would reset incorrectly on continuous requests.

1.1.6

Fix: Resolved a JavaScript DOM race condition that prevented the AdBlock warning from displaying on certain browsers (e.g., Opera).
Fix: Improved mobile responsiveness and fixed screen overflow issues for the warning modal.

1.1.5

Feature: Added Enterprise WAF Engine for PRO users (SQLi & XSS payload detection).
Feature: Added Polymorphic Anti-Tamper Engine to defeat advanced adblockers.
Feature: Added True rDNS SEO Bot Verification.
Feature: Added Content Blurring, Hide Login Page, DDoS Rate Limiting, and Empty UA Blocking.
Tweak: Optimized codebase and improved Freemius premium integration.

1.1.4

Fix: Codebase fully refactored to meet strict WordPress.org Plugin Directory guidelines.
Tweak: Removed short prefixes and implemented strict wp_enqueue standards.
Tweak: Updated plugin slug for better repository synchronization.

1.1.3

Initial release of Revenue Shield.