{"id":282613,"date":"2026-03-24T12:39:01","date_gmt":"2026-03-24T12:39:01","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/rate-limiter\/"},"modified":"2026-03-26T04:25:13","modified_gmt":"2026-03-26T04:25:13","slug":"turbo-rate-limiter","status":"publish","type":"plugin","link":"https:\/\/cor.wordpress.org\/plugins\/turbo-rate-limiter\/","author":10105400,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.2","stable_tag":"1.0.2","tested":"6.9.4","requires":"5.0","requires_php":"7.4","requires_plugins":null,"header_name":"Turbo Rate Limiter","header_author":"Abdul-Hameed Riad","header_description":"A WordPress rate limiter with URI-based filters, customizable limits, and test mode.","assets_banners_color":"3c3e55","last_updated":"2026-03-26 04:25:13","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/github.com\/ahriad","rating":0,"author_block_rating":0,"active_installs":0,"downloads":246,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"ahriad","date":"2026-03-24 12:38:36"},"1.0.1":{"tag":"1.0.1","author":"ahriad","date":"2026-03-25 14:34:45"},"1.0.2":{"tag":"1.0.2","author":"ahriad","date":"2026-03-26 04:25:13"}},"upgrade_notice":{"1.0.2":"<p>This release preserves encoded Unicode request URIs in the rate limiter.<\/p>","1.0.1":"<p>This release removes the unused cleanup cron.<\/p>","1.0.0":"<p>Initial release of Turbo Rate Limiter.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.jpg":{"filename":"icon-128x128.jpg","revision":3491018,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.jpg":{"filename":"icon-256x256.jpg","revision":3491018,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.jpg":{"filename":"banner-1544x500.jpg","revision":3491018,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.jpg":{"filename":"banner-772x250.jpg","revision":3491018,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0","1.0.1","1.0.2"],"block_files":[],"assets_screenshots":{"screenshot-1.jpg":{"filename":"screenshot-1.jpg","revision":3489985,"resolution":"1","location":"assets","locale":"","width":2466,"height":1309},"screenshot-2.jpg":{"filename":"screenshot-2.jpg","revision":3489985,"resolution":"2","location":"assets","locale":"","width":704,"height":877},"screenshot-3.jpg":{"filename":"screenshot-3.jpg","revision":3489985,"resolution":"3","location":"assets","locale":"","width":1809,"height":1370}},"screenshots":{"1":"<p>Plugin settings page showing all configuration options.<\/p>","2":"<p>Debug panel displaying rate limit statistics and logs.<\/p>","3":"<p>Filter form for testing and debugging rate limiting rules.<\/p>"}},"plugin_section":[],"plugin_tags":[1556,13866,171765,600,2419],"plugin_category":[54],"plugin_contributors":[258525],"plugin_business_model":[],"class_list":["post-282613","plugin","type-plugin","status-publish","hentry","plugin_tags-api","plugin_tags-ddos","plugin_tags-rate-limit","plugin_tags-security","plugin_tags-spam-protection","plugin_category-security-and-spam-protection","plugin_contributors-ahriad","plugin_committers-ahriad"],"banners":{"banner":"https:\/\/ps.w.org\/turbo-rate-limiter\/assets\/banner-772x250.jpg?rev=3491018","banner_2x":"https:\/\/ps.w.org\/turbo-rate-limiter\/assets\/banner-1544x500.jpg?rev=3491018","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/turbo-rate-limiter\/assets\/icon-128x128.jpg?rev=3491018","icon_2x":"https:\/\/ps.w.org\/turbo-rate-limiter\/assets\/icon-256x256.jpg?rev=3491018","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/turbo-rate-limiter\/assets\/screenshot-1.jpg?rev=3489985","caption":"<p>Plugin settings page showing all configuration options.<\/p>"},{"src":"https:\/\/ps.w.org\/turbo-rate-limiter\/assets\/screenshot-2.jpg?rev=3489985","caption":"<p>Debug panel displaying rate limit statistics and logs.<\/p>"},{"src":"https:\/\/ps.w.org\/turbo-rate-limiter\/assets\/screenshot-3.jpg?rev=3489985","caption":"<p>Filter form for testing and debugging rate limiting rules.<\/p>"}],"raw_content":"<!--section=description-->\n<p>Turbo Rate Limiter is a powerful yet easy-to-use security plugin that helps protect your WordPress site from various types of abuse by limiting the rate at which visitors can make requests.<\/p>\n\n<h3>Features<\/h3>\n\n<ul>\n<li><strong>URI-based filtering<\/strong> - Set rate limits for specific URLs, paths, or patterns<\/li>\n<li><strong>Multiple match types<\/strong> - Exact match, contains, starts with, ends with, or regex<\/li>\n<li><strong>Flexible time windows<\/strong> - Configure rate limits per second, minute, or hour<\/li>\n<li><strong>Multiple actions<\/strong> - Return HTTP 429, redirect to URL, or redirect to page<\/li>\n<li><strong>Test mode<\/strong> - Preview rate limiting behavior without blocking visitors<\/li>\n<li><strong>Debug panel<\/strong> - Visual debug panel for administrators<\/li>\n<li><strong>Cloudflare support<\/strong> - Full IPv4 and IPv6 proxy detection<\/li>\n<li><strong>Localization ready<\/strong> - Translations available for multiple languages<\/li>\n<\/ul>\n\n<h3>Use Cases<\/h3>\n\n<ul>\n<li><strong>API protection<\/strong> - Limit API calls to prevent abuse<\/li>\n<li><strong>Login protection<\/strong> - Prevent brute force attacks on login pages<\/li>\n<li><strong>Form spam prevention<\/strong> - Limit form submission rates<\/li>\n<li><strong>Resource protection<\/strong> - Protect heavy database queries<\/li>\n<li><strong>CDN compatibility<\/strong> - Works with Cloudflare and other proxies<\/li>\n<\/ul>\n\n<h3>Arbitrary section<\/h3>\n\n<h3>Developer API<\/h3>\n\n<p>Turbo Rate Limiter provides hooks and filters for developers:<\/p>\n\n<pre><code>\/\/ Add trusted proxy IPs\nadd_filter('turbo_rate_limiter_trusted_proxies', function() {\n    return [\n        '173.245.48.0\/20',\n        '2400:cb00::\/32',\n        \/\/ More ranges...\n    ];\n});\n\n\/\/ Access rate limiter instance\n$rate_limiter = TURBORL_Rate_Limiter::get_instance();\n<\/code><\/pre>\n\n<p>For full API documentation, see docs\/developer-api.md.<\/p>\n\n<!--section=installation-->\n<h3>Automatic Installation<\/h3>\n\n<ol>\n<li>Go to Plugins &gt; Add New<\/li>\n<li>Search for \"Turbo Rate Limiter\"<\/li>\n<li>Click \"Install Now\" and activate the plugin<\/li>\n<\/ol>\n\n<h3>Manual Installation<\/h3>\n\n<ol>\n<li>Upload the <code>turbo-rate-limiter<\/code> folder to <code>\/wp-content\/plugins\/<\/code><\/li>\n<li>Activate the plugin through the 'Plugins' menu in WordPress<\/li>\n<li>Go to Settings &gt; Turbo Rate Limiter to configure<\/li>\n<\/ol>\n\n<h3>Configuration<\/h3>\n\n<ol>\n<li>Navigate to Settings &gt; Turbo Rate Limiter<\/li>\n<li>Click \"Add New Filter\" to create your first rate limit rule<\/li>\n<li>Configure the URI pattern, match type, request limit, and action<\/li>\n<li>Enable the filter and save<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20this%20work%20with%20caching%20plugins%3F\"><h3>Does this work with caching plugins?<\/h3><\/dt>\n<dd><p>Yes, with an important caveat: this plugin enforces rate limits only for requests that reach WordPress. If a page is served before WordPress loads (for example, by CDN or server-level\/full-page cache), that request can bypass plugin-level checks. For full coverage, pair this plugin with edge\/server rate limiting and exclude sensitive routes from full-page cache where needed.<\/p><\/dd>\n<dt id=\"will%20this%20block%20legitimate%20traffic%3F\"><h3>Will this block legitimate traffic?<\/h3><\/dt>\n<dd><p>Configure your filters carefully. Use the test mode to preview behavior before enabling blocking. We recommend starting with generous limits and adjusting based on your site's traffic patterns.<\/p><\/dd>\n<dt id=\"does%20it%20work%20with%20cloudflare%3F\"><h3>Does it work with Cloudflare?<\/h3><\/dt>\n<dd><p>Yes! The plugin fully supports Cloudflare and other reverse proxies. Configure your trusted proxies in the developer documentation to enable proper IP detection.<\/p><\/dd>\n<dt id=\"can%20i%20whitelist%20specific%20ips%3F\"><h3>Can I whitelist specific IPs?<\/h3><\/dt>\n<dd><p>Currently, you can configure trusted proxies for IP detection. For IP whitelisting to bypass rate limiting, you would need to modify the plugin code or request this as a feature.<\/p><\/dd>\n<dt id=\"what%20happens%20when%20a%20rate%20limit%20is%20exceeded%3F\"><h3>What happens when a rate limit is exceeded?<\/h3><\/dt>\n<dd><p>You can configure the action: return HTTP 429 (Too Many Requests), redirect to a custom URL, or redirect to a specific WordPress page.<\/p><\/dd>\n<dt id=\"will%20this%20slow%20down%20my%20site%3F\"><h3>Will this slow down my site?<\/h3><\/dt>\n<dd><p>The plugin is optimized for performance with compiled filter caching and transient storage. The impact on page load time is minimal.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.2<\/h4>\n\n<ul>\n<li>Preserve encoded Unicode request URIs in the rate limiter.<\/li>\n<\/ul>\n\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Removed the unused cleanup cron because WordPress already expires rate-limit transients automatically.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release<\/li>\n<li>URI-based rate limiting with multiple match types<\/li>\n<li>Configurable time windows and request limits<\/li>\n<li>Test mode for safe configuration<\/li>\n<li>Debug panel for administrators<\/li>\n<li>Full IPv4 and IPv6 Cloudflare support<\/li>\n<li>Localization support for multiple languages<\/li>\n<\/ul>","raw_excerpt":"Protect your WordPress site from brute force attacks, API abuse, and DDoS attacks with customizable rate limiting rules.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cor.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/282613","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cor.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/cor.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/cor.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=282613"}],"author":[{"embeddable":true,"href":"https:\/\/cor.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/ahriad"}],"wp:attachment":[{"href":"https:\/\/cor.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=282613"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/cor.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=282613"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/cor.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=282613"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/cor.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=282613"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/cor.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=282613"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/cor.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=282613"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}