Описание
Turbo Rate Limiter is a powerful yet easy-to-use security plugin that helps protect your WordPress site from various types of abuse by limiting the rate at which visitors can make requests.
Features
- URI-based filtering — Set rate limits for specific URLs, paths, or patterns
- Multiple match types — Exact match, contains, starts with, ends with, or regex
- Flexible time windows — Configure rate limits per second, minute, or hour
- Multiple actions — Return HTTP 429, redirect to URL, or redirect to page
- Test mode — Preview rate limiting behavior without blocking visitors
- Debug panel — Visual debug panel for administrators
- Cloudflare support — Full IPv4 and IPv6 proxy detection
- Localization ready — Translations available for multiple languages
Use Cases
- API protection — Limit API calls to prevent abuse
- Login protection — Prevent brute force attacks on login pages
- Form spam prevention — Limit form submission rates
- Resource protection — Protect heavy database queries
- CDN compatibility — Works with Cloudflare and other proxies
Arbitrary section
Developer API
Turbo Rate Limiter provides hooks and filters for developers:
// Add trusted proxy IPs
add_filter('turbo_rate_limiter_trusted_proxies', function() {
return [
'173.245.48.0/20',
'2400:cb00::/32',
// More ranges...
];
});
// Access rate limiter instance
$rate_limiter = TURBORL_Rate_Limiter::get_instance();
For full API documentation, see docs/developer-api.md.
Скриншоты
Plugin settings page showing all configuration options.
Debug panel displaying rate limit statistics and logs.
Filter form for testing and debugging rate limiting rules.
Установка
Automatic Installation
- Go to Plugins > Add New
- Search for «Turbo Rate Limiter»
- Click «Install Now» and activate the plugin
Manual Installation
- Upload the
turbo-rate-limiterfolder to/wp-content/plugins/ - Activate the plugin through the ‘Plugins’ menu in WordPress
- Go to Settings > Turbo Rate Limiter to configure
Configuration
- Navigate to Settings > Turbo Rate Limiter
- Click «Add New Filter» to create your first rate limit rule
- Configure the URI pattern, match type, request limit, and action
- Enable the filter and save
Часто задаваемые вопросы
-
Does this work with caching plugins?
-
Yes, with an important caveat: this plugin enforces rate limits only for requests that reach WordPress. If a page is served before WordPress loads (for example, by CDN or server-level/full-page cache), that request can bypass plugin-level checks. For full coverage, pair this plugin with edge/server rate limiting and exclude sensitive routes from full-page cache where needed.
-
Will this block legitimate traffic?
-
Configure your filters carefully. Use the test mode to preview behavior before enabling blocking. We recommend starting with generous limits and adjusting based on your site’s traffic patterns.
-
Does it work with Cloudflare?
-
Yes! The plugin fully supports Cloudflare and other reverse proxies. Configure your trusted proxies in the developer documentation to enable proper IP detection.
-
Can I whitelist specific IPs?
-
Currently, you can configure trusted proxies for IP detection. For IP whitelisting to bypass rate limiting, you would need to modify the plugin code or request this as a feature.
-
What happens when a rate limit is exceeded?
-
You can configure the action: return HTTP 429 (Too Many Requests), redirect to a custom URL, or redirect to a specific WordPress page.
-
Will this slow down my site?
-
The plugin is optimized for performance with compiled filter caching and transient storage. The impact on page load time is minimal.
Отзывы
Нет отзывов об этом плагине.
Участники и разработчики
«Turbo Rate Limiter» — проект с открытым исходным кодом. В развитие плагина внесли свой вклад следующие участники:
Участники
«Turbo Rate Limiter» переведён на 1 язык. Благодарим переводчиков за их работу.
Перевести «Turbo Rate Limiter» на ваш язык.
Заинтересованы в разработке?
Посмотрите код, проверьте SVN репозиторий, или подпишитесь на журнал разработки по RSS.
Журнал изменений
1.0.2
- Preserve encoded Unicode request URIs in the rate limiter.
1.0.1
- Removed the unused cleanup cron because WordPress already expires rate-limit transients automatically.
1.0.0
- Initial release
- URI-based rate limiting with multiple match types
- Configurable time windows and request limits
- Test mode for safe configuration
- Debug panel for administrators
- Full IPv4 and IPv6 Cloudflare support
- Localization support for multiple languages