描述
Turbo Rate Limiter is a powerful yet easy-to-use security plugin that helps protect your WordPress site from various types of abuse by limiting the rate at which visitors can make requests.
Features
- URI-based filtering – Set rate limits for specific URLs, paths, or patterns
- Multiple match types – Exact match, contains, starts with, ends with, or regex
- Flexible time windows – Configure rate limits per second, minute, or hour
- Multiple actions – Return HTTP 429, redirect to URL, or redirect to page
- Test mode – Preview rate limiting behavior without blocking visitors
- Debug panel – Visual debug panel for administrators
- Cloudflare support – Full IPv4 and IPv6 proxy detection
- Localization ready – Translations available for multiple languages
Use Cases
- API protection – Limit API calls to prevent abuse
- Login protection – Prevent brute force attacks on login pages
- Form spam prevention – Limit form submission rates
- Resource protection – Protect heavy database queries
- CDN compatibility – Works with Cloudflare and other proxies
Arbitrary section
Developer API
Turbo Rate Limiter provides hooks and filters for developers:
// Add trusted proxy IPs
add_filter('turbo_rate_limiter_trusted_proxies', function() {
return [
'173.245.48.0/20',
'2400:cb00::/32',
// More ranges...
];
});
// Access rate limiter instance
$rate_limiter = TURBORL_Rate_Limiter::get_instance();
For full API documentation, see docs/developer-api.md.
屏幕截图
Plugin settings page showing all configuration options.
Debug panel displaying rate limit statistics and logs.
Filter form for testing and debugging rate limiting rules.
安装
Automatic Installation
- Go to Plugins > Add New
- Search for “Turbo Rate Limiter”
- Click “Install Now” and activate the plugin
Manual Installation
- Upload the
turbo-rate-limiterfolder to/wp-content/plugins/ - Activate the plugin through the ‘Plugins’ menu in WordPress
- Go to Settings > Turbo Rate Limiter to configure
Configuration
- Navigate to Settings > Turbo Rate Limiter
- Click “Add New Filter” to create your first rate limit rule
- Configure the URI pattern, match type, request limit, and action
- Enable the filter and save
常见问题
-
Does this work with caching plugins?
-
Yes, with an important caveat: this plugin enforces rate limits only for requests that reach WordPress. If a page is served before WordPress loads (for example, by CDN or server-level/full-page cache), that request can bypass plugin-level checks. For full coverage, pair this plugin with edge/server rate limiting and exclude sensitive routes from full-page cache where needed.
-
Will this block legitimate traffic?
-
Configure your filters carefully. Use the test mode to preview behavior before enabling blocking. We recommend starting with generous limits and adjusting based on your site’s traffic patterns.
-
Does it work with Cloudflare?
-
Yes! The plugin fully supports Cloudflare and other reverse proxies. Configure your trusted proxies in the developer documentation to enable proper IP detection.
-
Can I whitelist specific IPs?
-
Currently, you can configure trusted proxies for IP detection. For IP whitelisting to bypass rate limiting, you would need to modify the plugin code or request this as a feature.
-
What happens when a rate limit is exceeded?
-
You can configure the action: return HTTP 429 (Too Many Requests), redirect to a custom URL, or redirect to a specific WordPress page.
-
Will this slow down my site?
-
The plugin is optimized for performance with compiled filter caching and transient storage. The impact on page load time is minimal.
评价
此插件暂无评价。
贡献者及开发者
更新日志
1.0.2
- Preserve encoded Unicode request URIs in the rate limiter.
1.0.1
- Removed the unused cleanup cron because WordPress already expires rate-limit transients automatically.
1.0.0
- Initial release
- URI-based rate limiting with multiple match types
- Configurable time windows and request limits
- Test mode for safe configuration
- Debug panel for administrators
- Full IPv4 and IPv6 Cloudflare support
- Localization support for multiple languages