01
DEFINE YOUR
TRUSTED IPS
Add individual IPs or CIDR ranges to your allowlist. Single and office networks supported.
SCOPE: IP + CIDR
// module.hero.ip-whitelister
04
WHO CAN SEE
YOUR WORDPRESS
SITE RIGHT NOW_
Staging environments, client previews, and internal tools should never be publicly accessible. IP Whitelister restricts WordPress access to approved IPs and CIDR ranges — without the lockout risk.
[ IP WHITELISTER ] PLUGIN · V1.0.0 WORDPRESS NATIVE FROM $9.00 / YEAR
// CIDR SUPPORT · PROXY-AWARE · ADMIN LOCKOUT PROTECTION · CANTSTOP.DEV
// problem.statement
THE PROBLEM WITH OPEN WORDPRESS ENVIRONMENTS
Staging sites, client previews, and internal tools are often accessible to anyone with the URL. Search engines index them. Clients stumble onto unfinished builds. Competitors find your work before launch. Without IP-level access control, your private environment isn't private.
STAGING VISIBILITY PUBLICLY ACCESSIBLE BY DEFAULT
CLIENT PREVIEW CONTROL NONE WITHOUT IP RESTRICTION
ADMIN EXPOSURE OPEN TO ANY IP THAT FINDS IT
┌──────────────────────────────────────┐ │ ACCESS LOG — UNPROTECTED SITE │ │ │ │ [09:14:02] 203.0.113.45 — GET / │ │ STATUS: 200 OK ← CLIENT? BOT? ? │ │ [09:14:08] 198.51.100.7 — GET / │ │ STATUS: 200 OK ← WHO IS THIS? │ │ [09:14:11] 192.0.2.88 — GET /wp- │ │ admin STATUS: 200 OK ← !!! │ │ [09:14:19] 203.0.113.45 — GET / │ │ staging/ STATUS: 200 OK │ │ │ │ AUTHORIZED VISITORS: UNKNOWN │ │ UNAUTHORIZED VISITORS: UNKNOWN │ │ CLIENT SAW UNFINISHED WORK: LIKELY │ └──────────────────────────────────────┘
// solution.introduced
APPROVED IPS
ONLY. EVERYONE
ELSE: BLOCKED._
IP Whitelister gives WordPress operators controlled perimeter access without the lockout anxiety. Define trusted IPs and CIDR ranges. Block everything else before it reaches sensitive content. Built-in admin safeguards ensure you can always recover access — even if a rule is misconfigured.
DEFINE YOUR
02
EVERYONE ELSE
IS BLOCKED
Non-approved traffic is blocked instantly and routed to your denied screen.
BLOCK: INSTANT
03
YOU STAY
IN CONTROL
Admin bypass and lockout protection preserve recovery access for authorized operators.
SAFETY: BUILT-IN
┌─────────────────────────────────────────────────┐ │ ACCESS LOG — IP WHITELISTER ACTIVE │ │ │ │ [09:14:02] 203.0.113.45 — GET / │ │ IP CHECK: NOT ON ALLOWLIST │ │ STATUS: 403 BLOCKED → DENIED SCREEN │ │ │ │ [09:14:08] 10.0.0.45 — GET / │ │ IP CHECK: ✓ TRUSTED — OFFICE VPN │ │ STATUS: 200 OK → ACCESS GRANTED │ │ │ │ [09:14:11] 192.168.1.1 — GET /wp-admin │ │ IP CHECK: ✓ TRUSTED — ADMIN IP │ │ STATUS: 200 OK → ACCESS GRANTED │ │ │ │ UNAUTHORIZED VISITORS: 0 REACHED CONTENT │ └─────────────────────────────────────────────────┘
// module.specs
PLUGINIP WHITELISTER
VERSIONv1.0.0
LICENSEFROM $9.00/YR
TYPEWORDPRESS PLUGIN
USE CASES
- Internal-only staging environments
- Client preview sites behind trusted network ranges
- Operational hardening for WordPress installs
IMPLEMENTATION NOTES
- Configurable blocked-access messaging included.
- Supports optional role-based whitelist bypass.
// module.features
IP + CIDR ACCESS ENFORCEMENT
Lock down WordPress access with explicit IP and CIDR allowlists that keep restricted environments truly restricted — not just obscure.
- Allow trusted single IPs and full CIDR ranges to support individuals, offices, and VPN networks simultaneously
- Block non-approved traffic before it reaches sensitive admin or client-preview content at the perimeter
- Keep perimeter policy clear and maintainable as your infrastructure evolves and team configurations change
SUPPORT .......... SINGLE IPS · CIDR RANGES · OFFICE/VPN NETWORKS
SCREEN.01
WHITELIST.SETTINGS.PANEL
ADMIN/LOGIN SAFETY GUARDRAILS
Enforce stricter access policy with confidence — built-in safeguards reduce self-lockout risk so security improvements do not become operational emergencies.
- Preserve critical admin and login recovery pathways while hardening access rules against unauthorized entry
- Reduce fear-driven hesitation that delays security improvements by making strict controls safely reversible
- Lower emergency support incidents tied to accidental lockout scenarios through built-in bypass intelligence
LOCKOUT RISK .......... MITIGATED / RECOVERY PATHS PRESERVED
┌──────────────────────────────────────┐ │ LOCKOUT PROTECTION LOGIC │ │ │ │ RULE APPLIED: BLOCK ALL │ │ EXCEPT: [YOUR IP LIST] │ │ │ │ YOUR CURRENT IP: DETECTED ✓ │ │ ↓ │ │ ADMIN BYPASS: ACTIVE │ │ WP-LOGIN: PROTECTED NOT BLOCKED │ │ │ │ RESULT: RESTRICTIONS APPLY │ │ TO EVERYONE ELSE │ │ YOUR ACCESS: PRESERVED │ │ │ │ SELF-LOCKOUT RISK: MINIMIZED │ └──────────────────────────────────────┘
TRUSTED ROLE BYPASS + CONTROLLED UX
Control who can bypass restrictions and what blocked visitors see — so security policy stays strict while user experience stays clean.
- Configure trusted-role bypass for approved internal workflows without opening access broadly to all users
- Show a custom denied-access message that explains restrictions without exposing sensitive infrastructure details
- Reduce support churn when outside users hit protected environments with a clear, professional blocked state
UX CONTROLS .......... CUSTOM DENY MESSAGE · ROLE BYPASS · CLEAN BLOCK STATE
SCREEN.02
ACCESS.DENIED.EXPERIENCE
// module.showcase
WHAT ACCESS CONTROL LOOKS LIKE_
IP Whitelister operates inside WordPress admin and delivers a clean denied-access experience for blocked visitors. No exposed error pages, no information leakage.
SCREEN.01
WHITELIST.SETTINGS.PANEL
Capture settings where IP and CIDR allowlist entries are configured and validated.
SCREEN.02
ACCESS.DENIED.EXPERIENCE
Capture the blocked visitor experience with the configured denial message.
// ip-whitelister · status check ────────────────────────────────────────────────────────── INCOMING IP ............. 203.0.113.45 CIDR MATCH CHECK ........ NO MATCH FOUND ROLE BYPASS ............. NOT APPLICABLE RESULT .................. ■ ACCESS DENIED DENY MESSAGE ............ CUSTOM / CONFIGURED ────────────────────────────────────────────────────────── INCOMING IP ............. 10.0.0.45 CIDR MATCH CHECK ........ ✓ MATCH: 10.0.0.0/8 RESULT .................. ✓ ACCESS GRANTED ──────────────────────────────────────────────────────────
// module.use-cases
WHO THIS IS FOR_
[ USE CASE 01 ]
WORDPRESS DEVELOPERS
Building client sites on staging environments that must stay hidden until launch day — without relying on obscure URLs or server-level config.
WHAT THEY NEEDSTAGING LOCKDOWN
WHAT THEY GETIP-GATED ACCESS
ZERO SERVER CONFIG
[ USE CASE 02 ]
AGENCIES + STUDIOS
Managing client preview environments where only the client's office network should have access — not the public, not search engines, not competitors.
WHAT THEY NEEDCLIENT-ONLY PREVIEWS
WHAT THEY GETCIDR RANGE CONTROL
TRUSTED NETWORK BYPASS
[ USE CASE 03 ]
SITE OPERATORS + ADMINS
Running internal WordPress tools, intranets, or admin-only environments that should never be reachable from outside the office or VPN.
WHAT THEY NEEDPERIMETER CONTROL
WHAT THEY GETALLOWLIST ENFORCEMENT
PROXY-AWARE DETECTION
// module.pricing
YEARLY LICENSE TIERS_
At $9/year, IP Whitelister costs less than a single support call triggered by an exposed staging environment.
1 SITE
$9.00/YR
1 SITE LICENSE
BEST VALUE
2-5 SITES
$10.00/YR
UP TO 5 SITES
MOST POPULAR
6-10 SITES
$30.00/YR
UP TO 10 SITES
UNLIMITED
$50.00/YR
NO SITE LIMIT
// UNLIMITED TIER RECOMMENDED FOR AGENCIES MANAGING CLIENT SITES
ALL TIERS: YEARLY LICENSE · WP 6.0+ REQUIRED · INCLUDES UPDATES + SUPPORT · CANTSTOP.DEV
// module.faq
COMMON QUESTIONS_
[ Q ]
What if I accidentally lock myself out of wp-admin?
IP Whitelister includes built-in admin lockout protection. It detects your current IP during configuration and preserves login and recovery pathways so you can always regain access — even if a rule is misconfigured.
[ Q ]
Does it work with Cloudflare or other CDNs?
Yes. IP Whitelister is proxy-aware and evaluates trusted forwarding headers (like CF-Connecting-IP) to ensure allowlist decisions use the real client IP — not the CDN edge IP.
[ Q ]
Can I allow an entire office network instead of listing individual IPs?
Yes. CIDR notation is fully supported so you can allowlist ranges like 10.0.0.0/8 for an internal network or 203.0.113.0/24 for an office block — a single rule covers your whole team.
[ Q ]
What do blocked visitors see?
A configurable denied-access page with a message you control. No exposed error codes, no server details, and no information that helps an attacker understand your environment.
[ Q ]
Does this protect the wp-login page?
Yes. WordPress login and admin paths are covered by allowlist enforcement. Built-in admin bypass safeguards ensure authorized users do not lose access.
[ Q ]
Can specific WordPress roles bypass the restriction?
Yes. Trusted roles can be configured to bypass allowlist enforcement — useful for internal workflows where certain users need access from variable IP addresses.
STOP LEAVING
STAGING OPEN._
IP Whitelister restricts WordPress access to approved IPs and CIDR ranges. From $9/year.
YEARLY LICENSE · WP 6.0+ · CIDR SUPPORT · PROXY-AWARE · UPDATES INCLUDED · CANTSTOP.DEV
// module.cross-sell
MORE WOOCOMMERCE + WORDPRESS TOOLING
[ COMPANY CARDS — $69/YR ]
Stored-value company purchase cards for WooCommerce checkout.
[ VIEW PLUGIN → ][ GOODINVOICES — $19/YR ]
Generate invoices and labels from WooCommerce in a single click.
[ VIEW PLUGIN → ][ ORDER SORT — FREE ]
Filter WooCommerce orders by product category. Free download, no license.
[ VIEW PLUGIN → ]IP WHITELISTER · PLUGIN · V1.0.0
FROM $9.00 / YEAR