[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fb1ix_X7jUChPKSCpfqisyMPOHW7e2Q2k8wOMVlj6ZdI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":47,"crawl_stats":38,"alternatives":49,"analysis":144,"fingerprints":375},"advanced-country-blocker","Advanced Country Blocker","2.3.2","brstefanovic","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrstefanovic\u002F","\u003Cp>\u003Cstrong>Advanced Country Blocker\u003C\u002Fstrong> helps you secure your WordPress site by restricting access based on the visitor’s geolocation (country) or IP address. Upon activation, the plugin detects the activating admin’s country and automatically sets that as the only allowed country. All other visitors from different countries are blocked, unless they use a secret key parameter to temporarily whitelist their IP. Country detection uses the privacy-friendly ip-api.com service by default but can be switched to a fully offline MaxMind GeoLite2 (or compatible) database file once you configure a local copy.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automatically allows the admin’s country\u003C\u002Fstrong> on plugin activation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible IP-to-country lookups\u003C\u002Fstrong> – start with the built-in ip-api.com integration and optionally switch to an offline MaxMind GeoLite2 Country (or compatible) \u003Ccode>.mmdb\u003C\u002Fcode> database file.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Allowlist or blacklist mode\u003C\u002Fstrong> – choose whether the country list acts as an allowlist or blocklist without re-entering countries.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Temporary access\u003C\u002Fstrong> via a customizable secret URL parameter (e.g., \u003Ccode>?MySecretKey=1\u003C\u002Fcode>).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CAPTCHA Challenge\u003C\u002Fstrong> – allow blocked visitors to solve a CAPTCHA to gain temporary access (supports Google reCAPTCHA v2\u002Fv3, hCaptcha, Cloudflare Turnstile).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time Activity Monitor\u003C\u002Fstrong> – live dashboard showing active visitors, recent blocks, and traffic statistics.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics Dashboard\u003C\u002Fstrong> – comprehensive charts and statistics about blocked attempts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Manual blacklisting and safelisting of IPs\u003C\u002Fstrong> for added security and to accommodate uptime monitors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optional email alerts\u003C\u002Fstrong> when new visitors are blocked.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin bypass\u003C\u002Fstrong> so logged-in admins can always access the site (toggleable in the code).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed logging\u003C\u002Fstrong> of blocked attempts in a custom database table, displayed in the WP admin.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom response controls\u003C\u002Fstrong> – personalise the block page title\u002Fmessage, choose the HTTP status (403, 410, 451) or redirect to any URL.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic log cleanup\u003C\u002Fstrong> with configurable retention plus a one-click “Clear Logs” button.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Use the plugin settings page (\u003Cstrong>Country Blocker\u003C\u002Fstrong> menu in WP admin) to configure the list of allowed countries, blacklisted countries, blacklisted IPs, and whether email alerts are enabled.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is open-sourced software licensed under the \u003Ca href=\"https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-3.0.html\" rel=\"nofollow ugc\">GPLv3 or later\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>By default this plugin contacts the ip-api.com geolocation service to detect visitor countries. You can disable all external lookups by switching the IP lookup method to the local MaxMind database in the settings.\u003C\u002Fp>\n","An advanced security plugin that blocks website visitors by country, with additional features like blacklisting, logging blocked attempts, admin bypas &hellip;",2000,11570,100,6,"2026-02-06T09:04:00.000Z","6.9.4","5.0","7.2",[20,21,22,23,24],"blocking","country","geolocation","ip-blocking","security","https:\u002F\u002Fsparkcan.com\u002Facb.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-country-blocker.2.3.2.zip",99,1,0,"2026-02-06 20:24:09","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":14},"CVE-2026-1675","advanced-country-blocker-unauthenticated-authorization-bypass-via-insecure-default-secret-key","Advanced Country Blocker \u003C= 2.3.1 - Unauthenticated Authorization Bypass via Insecure Default Secret Key","The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass key created during installation without requiring users to change it. This makes it possible for unauthenticated attackers to bypass the geolocation blocking mechanism by appending the key to any URL on sites where the administrator has not changed the default value.",null,"\u003C=2.3.1","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Initialization of a Resource with an Insecure Default","2026-02-12 16:48:42",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F30747988-83f9-41f9-9bc5-1f533bc4cb94?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":14,"trust_score":27,"computed_at":48},"2026-04-04T07:18:13.819Z",[50,68,87,107,125],{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":13,"num_ratings":60,"last_updated":61,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":62,"homepage":66,"download_link":67,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"workflowdone-geo-blocker","WorkflowDone Geo Blocker","1.0.4","workflowdone","https:\u002F\u002Fprofiles.wordpress.org\u002Fworkflowdone\u002F","\u003Cp>\u003Cstrong>WorkflowDone Geo Blocker\u003C\u002Fstrong> is a simple yet powerful WordPress plugin that allows you to block access to your website based on visitors’ geographical locations. Perfect for compliance, content licensing, or security purposes.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Country Blocking\u003C\u002Fstrong> – Block visitors from specific countries\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Whitelisting\u003C\u002Fstrong> – Allow specific IP addresses regardless of country\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO-Friendly\u003C\u002Fstrong> – Automatically allows major search engine crawlers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Block Page\u003C\u002Fstrong> – Customize the message shown to blocked visitors\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Caching\u003C\u002Fstrong> – Efficient caching to minimize geo-lookup requests\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Setup\u003C\u002Fstrong> – Simple configuration with no technical knowledge required\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Select which countries you want to block\u003C\u002Fli>\n\u003Cli>Optionally add IP addresses that should always be allowed\u003C\u002Fli>\n\u003Cli>Enable geo-blocking\u003C\u002Fli>\n\u003Cli>Visitors from blocked countries see a friendly block page\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Become a Supporter\u003C\u002Fh4>\n\u003Cp>Love this plugin? Become a supporter and unlock all features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Whitelist Mode\u003C\u002Fstrong> – Allow only specific countries instead of blocking\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Bypass\u003C\u002Fstrong> – Skip geo-blocking for logged-in administrators\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Access Logging\u003C\u002Fstrong> – Log blocked access attempts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Ranges (CIDR)\u003C\u002Fstrong> – Whitelist entire IP ranges\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Block Pages\u003C\u002Fstrong> – Create custom HTML pages or redirects\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Support Email\u003C\u002Fstrong> – Display contact email on block page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>URL Exclusions\u003C\u002Fstrong> – Skip blocking for specific URLs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Crawler Rules\u003C\u002Fstrong> – Add your own crawler patterns\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority Support\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>One-time payment of $10, lifetime access!\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fworkflowdone.com\u002Fproduct\u002Fadvanced-geo-blocker-pro\u002F\" rel=\"nofollow ugc\">Become a Supporter\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>This plugin uses third-party geo-location services to determine visitor countries:\u003Cbr \u002F>\n* ip-api.com – \u003Ca href=\"https:\u002F\u002Fip-api.com\u002Fdocs\u002Flegal\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003Cbr \u002F>\n* ipinfo.io – \u003Ca href=\"https:\u002F\u002Fipinfo.io\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Only IP addresses are sent to these services to determine the country. No other personal data is transmitted.\u003C\u002Fp>\n\u003Cp>The plugin caches geo-location results locally to minimize external requests.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, please contact: support@workflowdone.com\u003C\u002Fp>\n\u003Cp>Website: \u003Ca href=\"https:\u002F\u002Fworkflowdone.com\" rel=\"nofollow ugc\">workflowdone.com\u003C\u002Fa>\u003C\u002Fp>\n","Block website access based on visitor's geographical location. Simple and effective geo-blocking for WordPress.",40,641,3,"2026-02-12T17:52:00.000Z",[63,64,65,23,24],"country-blocking","geo-restriction","geoblocking","https:\u002F\u002Fworkflowdone.com\u002Fgeo-blocker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fworkflowdone-geo-blocker.zip",{"slug":69,"name":70,"version":71,"author":72,"author_profile":73,"description":74,"short_description":75,"active_installs":76,"downloaded":77,"rating":13,"num_ratings":28,"last_updated":78,"tested_up_to":79,"requires_at_least":17,"requires_php":18,"tags":80,"homepage":85,"download_link":86,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"geo-blocker","Geo Blocker – Control Site Access by Region and IP","1.0.0","Mohamed Shili","https:\u002F\u002Fprofiles.wordpress.org\u002Fmedshi8\u002F","\u003Cp>🔐 Block or allow visitors by country. Track access attempts. View analytics. Stay in control — effortlessly.\u003C\u002Fp>\n\u003Ch3>🧠 Description\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Geo Blocker\u003C\u002Fstrong> gives you full control over who can access your WordPress site — based on visitor country and IP. Whether you’re protecting content, reducing attack surface, or managing regional access, this plugin does it with precision and clarity.\u003C\u002Fp>\n\u003Cp>🎯 Designed for performance, security, and ease of use.\u003Cbr \u002F>\n📊 Built-in analytics and access logs.\u003Cbr \u002F>\n🧭 Never get locked out — admin-safe bypass included.\u003C\u002Fp>\n\u003Ch3>🚀 Features\u003C\u002Fh3>\n\u003Ch3>✅ Access Control That Makes Sense\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Block Selected Countries\u003C\u002Fstrong> – deny access to specific regions  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Allow Selected Countries\u003C\u002Fstrong> – restrict site only to approved countries  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🧩 Smart Blocking Actions\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>📜 Show custom message  \u003C\u002Fli>\n\u003Cli>🔁 Redirect to a URL  \u003C\u002Fli>\n\u003Cli>🚫 Send HTTP 403 Forbidden response  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🌐 Visual Country Selector\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Flag icons & search bar for quick targeting  \u003C\u002Fli>\n\u003Cli>Filter by continent (Africa, Asia, Europe, etc.)  \u003C\u002Fli>\n\u003Cli>One-click select\u002Fdeselect all  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📈 Analytics Dashboard\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Summary cards: total visits, blocks, IPs  \u003C\u002Fli>\n\u003Cli>Hourly charts for real-time insights  \u003C\u002Fli>\n\u003Cli>Filter by date range & data type (accesses, unique IPs, etc.)  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📋 Detailed Logs\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>See IP, country, URL, status, user agent  \u003C\u002Fli>\n\u003Cli>Filters out common junk (favicon, robots.txt)  \u003C\u002Fli>\n\u003Cli>Admin visits are auto-ignored to reduce noise  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🛠️ Admin-Proof Bypass URL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Special URL with bypass parameter to access login anytime  \u003C\u002Fli>\n\u003Cli>Prevents accidental lockouts  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔄 Data Export & Log Management\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Export logs in CSV or JSON  \u003C\u002Fli>\n\u003Cli>Clear logs with a single click  \u003C\u002Fli>\n\u003Cli>Sort & search logs in the UI\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🌐 External Services\u003C\u002Fh3>\n\u003Cp>This plugin uses a third-party API to determine the visitor’s country based on their IP address.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service used:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fipwho.is\" rel=\"nofollow ugc\">IPWho.is\u003C\u002Fa>  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose:\u003C\u002Fstrong> To perform IP geolocation and detect the country of each visitor, allowing the plugin to block or allow access accordingly.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data sent:\u003C\u002Fstrong> The visitor’s IP address is sent to the IPWho.is API on page load when geo-blocking is active.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Service:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fipwhois.io\u002Fterms\" rel=\"nofollow ugc\">https:\u002F\u002Fipwhois.io\u002Fterms\u003C\u002Fa>  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Policy:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fipwhois.io\u002Fprivacy\" rel=\"nofollow ugc\">https:\u002F\u002Fipwhois.io\u002Fprivacy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🖥️ Screenshots\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>📊 Dashboard Overview\u003C\u002Fstrong> – See country blocks, allowed hits & total attempts   \u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔧 Blocking Rules\u003C\u002Fstrong> – Choose block mode, action type, and targets. Enable or disable countries visually\u003C\u002Fli>\n\u003Cli>\u003Cstrong>📉 Analytics Graphs\u003C\u002Fstrong> – View access by time, state, and IP 5. \u003Cstrong>📑 Logs Table\u003C\u002Fstrong> – Deep insights with full logs of visitor attempts. Export CSV\u002FJSON logs with one click\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>📦 Installation\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Upload the plugin folder to \u003Ccode>\u002Fwp-content\u002Fplugins\u002Fgeo-blocker\u003C\u002Fcode>  \u003C\u002Fli>\n\u003Cli>Activate via \u003Cstrong>Plugins \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Installed Plugins\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Go to \u003Cstrong>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Geo Blocker\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Enable Geo Blocking using the toggle  \u003C\u002Fli>\n\u003Cli>Choose between \u003Cstrong>block\u003C\u002Fstrong> or \u003Cstrong>allow\u003C\u002Fstrong> mode  \u003C\u002Fli>\n\u003Cli>Select countries using the visual interface  \u003C\u002Fli>\n\u003Cli>Pick your blocking action (message, redirect, or 403)  \u003C\u002Fli>\n\u003Cli>Save settings — done!\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>❓ Frequently Asked Questions\u003C\u002Fh3>\n\u003Ch3>How does Geo Blocker detect country?\u003C\u002Fh3>\n\u003Cp>It uses the reliable \u003Cstrong>IpWhoIs API\u003C\u002Fstrong> to fetch country data based on the visitor’s IP.\u003C\u002Fp>\n\u003Ch3>Will it slow down my site?\u003C\u002Fh3>\n\u003Cp>Nope. It’s optimized with \u003Cstrong>transient caching\u003C\u002Fstrong> and smart triggers — no unnecessary lookups.\u003C\u002Fp>\n\u003Ch3>Can I lock myself out?\u003C\u002Fh3>\n\u003Cp>No. There’s a \u003Cstrong>login bypass URL\u003C\u002Fstrong> generated for administrators — shown right on the dashboard.\u003C\u002Fp>\n\u003Ch3>Can I block specific pages?\u003C\u002Fh3>\n\u003Cp>Not yet — current version works site-wide. Per-page rules may come in a future update.\u003C\u002Fp>\n\u003Ch3>Can I export visitor logs?\u003C\u002Fh3>\n\u003Cp>Yes. Logs can be exported in \u003Cstrong>CSV or JSON\u003C\u002Fstrong> format directly from the Logs tab.\u003C\u002Fp>\n\u003Ch3>Does it work with caching plugins?\u003C\u002Fh3>\n\u003Cp>Yes, but you may need to \u003Cstrong>exclude the plugin’s logic\u003C\u002Fstrong> from caching. Dynamic geo checks should not be cached.\u003C\u002Fp>\n\u003Ch3>🗂️ Changelog\u003C\u002Fh3>\n\u003Ch4>1.0.0\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>🎉 Initial release with all core features\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🛡️ Additional Notes\u003C\u002Fh3>\n\u003Ch3>Emergency Bypass\u003C\u002Fh3>\n\u003Cp>Every admin gets a custom bypass link to avoid accidental lockouts. It’s always visible in the dashboard.\u003C\u002Fp>\n\u003Ch3>Blocking Actions\u003C\u002Fh3>\n\u003Cp>Choose the experience blocked users receive:\u003Cbr \u002F>\n– Custom message\u003Cbr \u002F>\n– Redirect to another URL\u003Cbr \u002F>\n– Send 403 Forbidden header\u003C\u002Fp>\n\u003Ch3>Logs & Privacy\u003C\u002Fh3>\n\u003Cp>Logs are stored locally in your WordPress database. The plugin sends only the visitor’s IP to IPWho.is — no personally identifiable information is shared or stored externally.\u003C\u002Fp>\n\u003Ch3>💡 Enjoying Geo Blocker? Try Our Other Free Plugins\u003C\u002Fh3>\n\u003Cp>Looking for even more control and peace of mind? Check out our other tools:\u003C\u002Fp>\n\u003Cp>🔕 \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnotification-blocker\u002F\" rel=\"ugc\">Notification Blocker\u003C\u002Fa>\u003C\u002Fstrong> – Hide annoying plugin notices from your dashboard without hacking core files.\u003C\u002Fp>\n\u003Cp>🛡️ \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffortress-login-pro\u002F\" rel=\"ugc\">Fortress Login Pro\u003C\u002Fa>\u003C\u002Fstrong> – Obscure your login page, add brute-force protection, and block unauthorized access attempts with ease.\u003C\u002Fp>\n\u003Cp>If you like Geo Blocker, you’ll probably find these just as helpful. Try them out!\u003C\u002Fp>\n","🔐 Block or allow visitors by country. Track access attempts. View analytics. Stay in control — effortlessly.",700,1677,"2025-05-18T22:09:00.000Z","6.8.5",[81,82,83,22,84],"access-control","country-restriction","geo-blocking","ip-blocker","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgeo-blocker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgeo-blocker.1.0.0.zip",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":97,"num_ratings":28,"last_updated":98,"tested_up_to":16,"requires_at_least":99,"requires_php":100,"tags":101,"homepage":105,"download_link":106,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"block-website-access-by-region-lite","Country Blocker and Geoblocker FREE","1.0.8","Simple Tools","https:\u002F\u002Fprofiles.wordpress.org\u002Fjimmyredline80\u002F","\u003Cp>\u003Cstrong>Country Blocker\u003C\u002Fstrong> is the easiest way to block website visitors by country, region, or IP address. No API keys required, no complicated setup – just activate, select countries to block, and protect your site instantly.\u003C\u002Fp>\n\u003Cp>Perfect for compliance, security, and content licensing:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>GDPR compliance\u003C\u002Fstrong> – Block EU countries to avoid cookie consent requirements\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CCPA compliance\u003C\u002Fstrong> – Block California traffic if you can’t meet data privacy requirements\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gambling & gaming sites\u003C\u002Fstrong> – Restrict access from prohibited jurisdictions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Streaming & licensed content\u003C\u002Fstrong> – Enforce geographic licensing restrictions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Financial services\u003C\u002Fstrong> – Block countries you’re not licensed to operate in\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reduce spam & attacks\u003C\u002Fstrong> – Block high-risk countries and VPN traffic\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Choose Country Blocker?\u003C\u002Fh3>\n\u003Cp>✅ \u003Cstrong>One-click setup\u003C\u002Fstrong> – No API keys or database downloads to start blocking\u003Cbr \u002F>\n✅ \u003Cstrong>Actually works\u003C\u002Fstrong> – Automatic failover across 4 geolocation providers ensures reliability\u003Cbr \u002F>\n✅ \u003Cstrong>VPN & proxy detection\u003C\u002Fstrong> – Optional blocking of VPNs, proxies, data centers, and hosting providers\u003Cbr \u002F>\n✅ \u003Cstrong>SEO friendly\u003C\u002Fstrong> – Automatically allows Google, Bing, and other search engine crawlers\u003Cbr \u002F>\n✅ \u003Cstrong>Won’t lock you out\u003C\u002Fstrong> – WordPress admin and login pages always remain accessible\u003Cbr \u002F>\n✅ \u003Cstrong>Privacy focused\u003C\u002Fstrong> – Minimal data storage with IP hashing for security\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Blocking & Access Control:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Block visitors from any country with a simple checkbox (250+ countries)\u003Cbr \u002F>\n* Optional VPN, proxy, and datacenter detection and blocking\u003Cbr \u002F>\n* Search engine crawler bypass (Google, Bing, DuckDuckGo, etc.)\u003Cbr \u002F>\n* Choose to allow or block visitors when country cannot be determined\u003Cbr \u002F>\n* Emergency bypass URL parameter for troubleshooting\u003Cbr \u002F>\n* WordPress admin and login pages are never blocked\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Geolocation & Accuracy:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Works instantly without API keys\u003Cbr \u002F>\n* Automatic failover across 4 free geolocation APIs\u003Cbr \u002F>\n* Optional MaxMind GeoLite2 database support (requires free license key)\u003Cbr \u002F>\n* Cloudflare IP detection support\u003Cbr \u002F>\n* Supports proxy headers (X-Forwarded-For, X-Real-IP, CF-Connecting-IP)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Logging & Monitoring:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Track all blocked and allowed access attempts\u003Cbr \u002F>\n* View visitor country codes and decision reasons\u003Cbr \u002F>\n* Automatic log cleanup (configurable retention period)\u003Cbr \u002F>\n* Rate limiting to prevent log spam\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy & Security:\u003C\u002Fstrong>\u003Cbr \u002F>\n* IP addresses are hashed by default for privacy\u003Cbr \u002F>\n* GDPR and CCPA friendly minimal data storage\u003Cbr \u002F>\n* Configurable data retention policies\u003Cbr \u002F>\n* No tracking scripts or external cookies\u003C\u002Fp>\n\u003Ch3>Pro Version\u003C\u002Fh3>\n\u003Cp>Need more granular control? \u003Cstrong>Country Blocker Pro\u003C\u002Fstrong> includes:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Region-Level Blocking:\u003C\u002Fstrong>\u003Cbr \u002F>\n* 🇺🇸 Block specific US states (all 50 states + DC, Puerto Rico, Guam, US Virgin Islands)\u003Cbr \u002F>\n* 🇨🇦 Block Canadian provinces and territories\u003Cbr \u002F>\n* 🇬🇧 Block UK regions (England, Scotland, Wales, Northern Ireland)\u003Cbr \u002F>\n* 🇦🇺 Block Australian states and territories\u003Cbr \u002F>\n* 🇩🇪 Block German states (Bundesländer)\u003Cbr \u002F>\n* 🇮🇳 Block Indian states and union territories\u003Cbr \u002F>\n* 🇨🇳 Block Chinese provinces and municipalities\u003Cbr \u002F>\n* 🌍 Block entire continents with one click\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advanced Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n* IP whitelist – Never block specific IPs (supports CIDR notation)\u003Cbr \u002F>\n* IP blacklist – Always block specific IPs regardless of location\u003Cbr \u002F>\n* Custom block page with full color customization\u003Cbr \u002F>\n* Custom CSS editor for complete design control\u003Cbr \u002F>\n* Redirect blocked visitors to any URL\u003Cbr \u002F>\n* Advanced logging with CSV export\u003Cbr \u002F>\n* Smart log retention and database optimization\u003Cbr \u002F>\n* Priority email support\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.plugins-for-wp.com\u002Fproduct\u002Fcountry-blocker-and-geoblocker-pro\u002F\" rel=\"nofollow ugc\">Get Country Blocker Pro \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to external services for geolocation functionality and optional feedback collection. By using this plugin, you acknowledge that data will be sent to these third-party services.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>1. IP Geolocation Services\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>To determine a visitor’s country, the plugin sends the visitor’s IP address to one or more of the following geolocation providers (in failover order):\u003C\u002Fp>\n\u003Cp>\u003Cstrong>ipwhois.is\u003C\u002Fstrong>\u003Cbr \u002F>\n* Service: IP geolocation lookup\u003Cbr \u002F>\n* Data sent: Visitor IP address\u003Cbr \u002F>\n* When: On each unique visitor’s first page load (cached for 24 hours)\u003Cbr \u002F>\n* Terms of Service: https:\u002F\u002Fipwhois.io\u002Fterms\u003Cbr \u002F>\n* Privacy Policy: https:\u002F\u002Fipwhois.io\u002Fprivacy\u003C\u002Fp>\n\u003Cp>\u003Cstrong>ip-api.com\u003C\u002Fstrong>\u003Cbr \u002F>\n* Service: IP geolocation lookup (fallback provider)\u003Cbr \u002F>\n* Data sent: Visitor IP address\u003Cbr \u002F>\n* When: If ipwhois.is fails\u003Cbr \u002F>\n* Terms of Service: https:\u002F\u002Fip-api.com\u002Fdocs\u002Flegal\u003Cbr \u002F>\n* Privacy Policy: https:\u002F\u002Fip-api.com\u002Fprivacy\u003C\u002Fp>\n\u003Cp>\u003Cstrong>ipapi.co\u003C\u002Fstrong>\u003Cbr \u002F>\n* Service: IP geolocation lookup (fallback provider)\u003Cbr \u002F>\n* Data sent: Visitor IP address\u003Cbr \u002F>\n* When: If previous providers fail\u003Cbr \u002F>\n* Terms of Service: https:\u002F\u002Fipapi.co\u002Fterms\u002F\u003Cbr \u002F>\n* Privacy Policy: https:\u002F\u002Fipapi.co\u002Fprivacy\u002F\u003C\u002Fp>\n\u003Cp>\u003Cstrong>ipinfo.io\u003C\u002Fstrong>\u003Cbr \u002F>\n* Service: IP geolocation lookup (fallback provider)\u003Cbr \u002F>\n* Data sent: Visitor IP address\u003Cbr \u002F>\n* When: If previous providers fail\u003Cbr \u002F>\n* Terms of Service: https:\u002F\u002Fipinfo.io\u002Fterms-of-service\u003Cbr \u002F>\n* Privacy Policy: https:\u002F\u002Fipinfo.io\u002Fprivacy-policy\u003C\u002Fp>\n\u003Cp>\u003Cstrong>2. Deactivation Feedback Service\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When you deactivate the plugin, you have the option to submit feedback about why you’re deactivating. This is completely optional.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Simple tools for wp Feedback API\u003C\u002Fstrong>\u003Cbr \u002F>\n* Service: Plugin deactivation feedback collection\u003Cbr \u002F>\n* Data sent (only if you submit feedback): Plugin slug, your site URL, deactivation reason, optional text feedback, WordPress version, PHP version, plugin version\u003Cbr \u002F>\n* When: Only when you voluntarily submit the deactivation survey form\u003Cbr \u002F>\n* Endpoint: https:\u002F\u002Fplugins-for-wp.com\u002Fwp-json\u002Fssp-feedback\u002Fv1\u002Fsubmit\u003Cbr \u002F>\n* Privacy: No personal data or visitor information is collected. Only technical site information and your voluntary feedback are sent.\u003Cbr \u002F>\n* Purpose: To help us improve the plugin based on user feedback\u003C\u002Fp>\n\u003Cp>\u003Cstrong>3. Optional: MaxMind GeoLite2 Database\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you provide a MaxMind license key in settings, the plugin will download the GeoLite2 database to your server for local geolocation lookups, reducing external API calls.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>MaxMind GeoLite2\u003C\u002Fstrong>\u003Cbr \u002F>\n* Service: Geolocation database download\u003Cbr \u002F>\n* Data sent: Your MaxMind license key\u003Cbr \u002F>\n* When: Once per week when you configure a license key\u003Cbr \u002F>\n* Downloaded to: wp-content\u002Fuploads\u002FGeoLite2-City.mmdb\u003Cbr \u002F>\n* Terms: https:\u002F\u002Fwww.maxmind.com\u002Fen\u002Fgeolite2\u002Feula\u003Cbr \u002F>\n* Privacy: https:\u002F\u002Fwww.maxmind.com\u002Fen\u002Fprivacy-policy\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Data Retention:\u003C\u002Fstrong>\u003Cbr \u002F>\nThe plugin stores minimal data on your WordPress database: hashed IP addresses (for rate limiting), country codes, access decisions (blocked\u002Fallowed), and timestamps. You can configure automatic log cleanup in settings. The plugin does not track individual visitors or create profiles.\u003C\u002Fp>\n\u003Ch3>Privacy & Data Usage\u003C\u002Fh3>\n\u003Cp>This plugin is designed with privacy in mind:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>IP addresses are hashed by default before storage\u003C\u002Fli>\n\u003Cli>Only country codes and access decisions are logged, not full visitor profiles\u003C\u002Fli>\n\u003Cli>Logs can be automatically cleaned up after a configurable retention period\u003C\u002Fli>\n\u003Cli>No cookies are set on the visitor’s browser\u003C\u002Fli>\n\u003Cli>No tracking scripts are loaded\u003C\u002Fli>\n\u003Cli>Geolocation lookups are cached to minimize external API calls\u003C\u002Fli>\n\u003Cli>Deactivation feedback is completely optional and only submitted if you choose to provide it\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For GDPR compliance, the plugin blocks visitors from specified countries, which may reduce your data collection obligations. However, you should still review your complete privacy obligations with a legal professional.\u003C\u002Fp>\n","Block visitors by country in one click. Geo blocker with VPN detection, IP blocking & country restrictions. GDPR & CCPA compliance made easy.",90,1273,20,"2026-02-19T00:25:00.000Z","5.6","7.4",[102,103,83,24,104],"country-blocker","gdpr","vpn-blocker","https:\u002F\u002Fplugins-for-wp.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-website-access-by-region-lite.zip",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":13,"num_ratings":28,"last_updated":117,"tested_up_to":79,"requires_at_least":17,"requires_php":118,"tags":119,"homepage":123,"download_link":124,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"anti-browser-ddos-protection","Anti Browser DDoS Protection","2.26","sourcecode347","https:\u002F\u002Fprofiles.wordpress.org\u002Fsourcecode347\u002F","\u003Cp>The \u003Cstrong>Anti Browser DDoS Protection\u003C\u002Fstrong> plugin provides robust protection against denial-of-service (DoS) attacks on your WordPress site. It implements IP-based rate limiting, with configurable settings for subscribers, non-logged-in users, and verified bots, while excluding administrators and other non-subscriber roles. It features advanced bot detection to identify and limit suspicious bots, immediate blocking of malicious bots by User Agent, and supports Cloudflare for accurate client IP detection. Static assets (e.g., CSS, JS, images) are excluded to maintain site performance. An intuitive admin panel allows you to configure rate limits, bot exclusions, trusted bot IP ranges (with automatic duplicate removal), blocked bots by User Agent, log expiration settings, and view logs for blocked IPs, banned IPs, and high traffic bots with auto-refresh every 30 seconds, all with User Agent details and timestamps. You can export \u003Cstrong>Excluded Bots\u003C\u002Fstrong>, \u003Cstrong>Bot IP Ranges\u003C\u002Fstrong>, and \u003Cstrong>Blocked Bots\u003C\u002Fstrong> lists to .txt files and import new entries to append to existing lists without duplicates. Daily bar charts for Blocked IPs, Banned IPs, and High Traffic Bots are displayed above the logs for quick visual insights.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Rate limiting based on IP for subscribers and non-logged-in users, with configurable maximum requests and time window.\u003C\u002Fli>\n\u003Cli>Excludes non-subscriber logged-in users (e.g., administrators, editors) from rate limiting.\u003C\u002Fli>\n\u003Cli>Advanced bot detection to identify suspicious bots (bots using trusted User Agents but from unverified IPs).\u003C\u002Fli>\n\u003Cli>Suspicious bots are subject to the same rate limiting as regular users and logged with User Agent in the Blocked IPs Log.\u003C\u002Fli>\n\u003Cli>Immediate blocking of malicious bots by User Agent (e.g., MJ12bot, SemrushBot, DotBot by default) with customizable settings and logging.\u003C\u002Fli>\n\u003Cli>Configurable rate limiting for verified excluded bots (default: 100 requests per minute), with logging for bots exceeding this limit.\u003C\u002Fli>\n\u003Cli>High Traffic Excluded Bots Log to track verified bots with excessive requests, including IP, User Agent, and timestamp.\u003C\u002Fli>\n\u003Cli>Admin panel to configure maximum requests, time window, excluded bots, trusted bot IP ranges, blocked bots (User Agents), blocks before ban, ban duration, high traffic bot limits, and log expiration (days).\u003C\u002Fli>\n\u003Cli>Export \u003Cstrong>Excluded Bots\u003C\u002Fstrong>, \u003Cstrong>Bot IP Ranges\u003C\u002Fstrong>, and \u003Cstrong>Blocked Bots\u003C\u002Fstrong> lists to .txt files for backup or transfer.\u003C\u002Fli>\n\u003Cli>Import .txt files for \u003Cstrong>Excluded Bots\u003C\u002Fstrong>, \u003Cstrong>Bot IP Ranges\u003C\u002Fstrong>, and \u003Cstrong>Blocked Bots\u003C\u002Fstrong> to append new entries to existing lists, with automatic duplicate removal.\u003C\u002Fli>\n\u003Cli>Automatic removal of duplicate IP ranges in the \u003Cstrong>Bot IP Ranges\u003C\u002Fstrong> field on save, keeping the first occurrence.\u003C\u002Fli>\n\u003Cli>Support for Cloudflare real IP detection using \u003Ccode>CF-Connecting-IP\u003C\u002Fcode> and \u003Ccode>X-Forwarded-For\u003C\u002Fcode> headers.\u003C\u002Fli>\n\u003Cli>Excludes static assets (CSS, JS, images, fonts, etc.) from rate limiting to optimize performance.\u003C\u002Fli>\n\u003Cli>Logs blocked IPs, banned IPs, and high traffic bots with IP, User Agent, and timestamps using the WordPress timezone, viewable in the admin panel with options to clear logs and auto-refresh every 30 seconds.\u003C\u002Fli>\n\u003Cli>Daily bar charts for Blocked IPs, Banned IPs, and High Traffic Bots displayed above the logs in the admin panel for visual statistics.\u003C\u002Fli>\n\u003Cli>Automatic log expiration (Blocked IPs, Banned IPs, High Traffic Bots) after a configurable number of days (default: 5 days), with hourly cleanup via WordPress Scheduler.\u003C\u002Fli>\n\u003Cli>All error messages and logs prefixed with “Anti Browser DDoS Protection: ” for clarity.\u003C\u002Fli>\n\u003Cli>Donate link in the admin panel to support the project.\u003C\u002Fli>\n\u003Cli>Automatic cleanup of transients, blocked IPs, banned IPs, high traffic bots, blocked bots, bot IP ranges, and log expiration settings on plugin deactivation to prevent database bloat.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Ideal for WordPress sites seeking enhanced security against automated attacks, with seamless integration for Cloudflare users, advanced bot management, efficient log management, visual charts for statistics, and easy export\u002Fimport for bot lists.\u003C\u002Fp>\n\u003Ch3>Plugin Assets img\u002F\u003C\u002Fh3>\n\u003Ch3>Icon Image\u003C\u002Fh3>\n\u003Cp>Normal: icon-128×128.png\u003Cbr \u002F>\nHigh-DPI (Retina): icon-256×256.png\u003C\u002Fp>\n\u003Ch3>Bugs\u003C\u002Fh3>\n\u003Cp>Caching plugins such as WP Super Cache, W3 Total Cache, and others may bypass the DDoS protection provided by Anti Browser DDoS Protection, serving cached pages without triggering the plugin’s checks for blocked bots, rate limiting, or banned IPs.\u003Cbr \u002F>\n– \u003Cstrong>Solution\u003C\u002Fstrong>: Disable all WordPress caching plugins to ensure full DDoS protection. Instead, enable Browser Caching using a service like Cloudflare to improve performance without compromising security.\u003Cbr \u002F>\n   Enable standard type Caching and Configure Cloudflare Browser Cache TTL (e.g., 8 days) via \u003Cstrong>Caching > Configuration\u003C\u002Fstrong> in the Cloudflare dashboard.- \u003Cstrong>Cloudflare Compatibility\u003C\u002Fstrong>: Ensure Cloudflare is configured to pass \u003Ccode>CF-Connecting-IP\u003C\u002Fcode> headers for accurate IP detection. Check your Cloudflare dashboard if logged IPs are incorrect.\u003Cbr \u002F>\n– \u003Cstrong>Bot IP Ranges\u003C\u002Fstrong>: Update the \u003Cstrong>Bot IP Ranges\u003C\u002Fstrong> field every 6 months (next update: March 2026) using official sources (e.g., Google, Bing, Yandex documentation). Duplicate ranges are automatically removed on save. Export to .txt for backup or import from .txt to append new ranges.\u003Cbr \u002F>\n– \u003Cstrong>Blocked Bots\u003C\u002Fstrong>: Add malicious bots to the \u003Cstrong>Blocked Bots (User Agents)\u003C\u002Fstrong> field (e.g., MJ12bot, SemrushBot, DotBot) to block them immediately. Blocked bots are logged with their IP and User Agent. Export to .txt for backup or import from .txt to append new entries.\u003Cbr \u002F>\n– \u003Cstrong>Excluded Bots\u003C\u002Fstrong>: Add trusted bots (e.g., Googlebot, Bingbot) to the \u003Cstrong>Excluded Bots\u003C\u002Fstrong> field to exempt them from regular rate limiting (if from verified IPs). Export to .txt for backup or import from .txt to append new entries.\u003Cbr \u002F>\n– \u003Cstrong>High Traffic Bots\u003C\u002Fstrong>: Verified bots exceeding the configured limit (default: 100 requests per minute) are logged for monitoring but not blocked. Check the High Traffic Excluded Bots Log regularly.\u003Cbr \u002F>\n– \u003Cstrong>Log Expiration\u003C\u002Fstrong>: Set the \u003Cstrong>Log Expires (Days)\u003C\u002Fstrong> setting to control how long logs are retained (default: 5 days). Cleanup runs hourly via WordPress Scheduler. Logs older than the specified days are automatically deleted.\u003Cbr \u002F>\n– \u003Cstrong>Timezone\u003C\u002Fstrong>: Set the WordPress timezone correctly (e.g., \u003Ccode>Europe\u002FAthens\u003C\u002Fcode> for Greece) in Settings > General > Timezone to ensure accurate timestamp display in logs and charts.\u003Cbr \u002F>\n– \u003Cstrong>Performance\u003C\u002Fstrong>: For high-traffic sites, clear the Blocked IPs Log, Banned IPs Log, and High Traffic Excluded Bots Log regularly, or set a lower \u003Cstrong>Log Expires (Days)\u003C\u002Fstrong> value to prevent database growth.\u003Cbr \u002F>\n– \u003Cstrong>Customization\u003C\u002Fstrong>: Contact the author for additional features like custom error pages, email notifications for high traffic bots, or advanced logging.\u003Cbr \u002F>\n– \u003Cstrong>Support the Project\u003C\u002Fstrong>: If you find this plugin useful, consider supporting its development via the \u003Ca href=\"https:\u002F\u002Fbuy.stripe.com\u002FbIY5o70SSfam8Qo7ss\" rel=\"nofollow ugc\">donation link\u003C\u002Fa> in the admin panel or plugin page.\u003C\u002Fp>\n","Protects WordPress from DDoS with rate limiting, bot detection, blocking, Cloudflare support, logs, charts, and bot list export\u002Fimport.",60,422,"2025-09-19T04:53:00.000Z","8.3",[120,121,23,122,24],"bot-blocking","ddos-protection","rate-limiting","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fanti-browser-ddos-protection.2.26.zip",{"slug":126,"name":127,"version":128,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":97,"downloaded":133,"rating":29,"num_ratings":29,"last_updated":134,"tested_up_to":135,"requires_at_least":136,"requires_php":100,"tags":137,"homepage":141,"download_link":142,"security_score":143,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"nohackme-defender","NoHackMe Defender","1.1.0","Roman","https:\u002F\u002Fprofiles.wordpress.org\u002Fneedtome\u002F","\u003Cp>The NoHackMe Defender plugin ensures the security of your WordPress site by blocking IP addresses when receiving suspicious requests, or when too many requests are received from a single IP over a certain period. The plugin offers comprehensive protection mechanisms including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Hacking protection: Blocks IP addresses that send suspicious data.\u003C\u002Fli>\n\u003Cli>Parsing protection: Prevents malicious parsing attempts on your website.\u003C\u002Fli>\n\u003Cli>DoS protection: Stops denial-of-service attacks by limiting excessive requests.\u003C\u002Fli>\n\u003Cli>Password brute force protection: Prevents repeated login attempts to guess passwords.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Explore our instructional videos to see the NoHackMe Defender plugin in action and learn how to configure settings and manage blocked IP addresses efficiently:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyoutu.be\u002Fl6LFvNn7RE8\" rel=\"nofollow ugc\">Protect Your WordPress Site for Free – Installing and Configuring NoHackMe Defender Plugin\u003C\u002Fa>: A thorough guide on activating and configuring the NoHackMe Defender plugin, including its free version features.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FDqTvUfLmmGQ\" rel=\"nofollow ugc\">How to Protect Your Site from Hackers, Parsing, and DoS – Testing WordPress Plugin NoHackMe Defender\u003C\u002Fa>: Demonstrates the plugin’s effectiveness in blocking suspicious requests and securing your site.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyoutu.be\u002F35G8wi02-70\" rel=\"nofollow ugc\">Premium Protection for WordPress Sites – A Breakdown of the Paid Features of NoHackMe Defender Plugin\u003C\u002Fa>: Explores the advanced features available in the premium version of the plugin.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>For more information and a live demonstration, visit our \u003Ca href=\"https:\u002F\u002Fneedtome.com\u002Fnohackme\u002F\" rel=\"nofollow ugc\">Plugin Demo Page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Special thanks to our sponsors for supporting the development of this plugin:\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fmalinovsky.io\" rel=\"nofollow ugc\">malinovsky.io\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fgloap.net\" rel=\"nofollow ugc\">gloap.net\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fgloapm.com\" rel=\"nofollow ugc\">gloapm.com\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fimgai.art\" rel=\"nofollow ugc\">imgai.art\u003C\u002Fa>\u003C\u002Fp>\n","Enhance your WordPress security by blocking IPs that send too many or suspicious requests.",1028,"2024-06-26T04:39:00.000Z","6.5.8","6.0",[138,139,23,140,24],"anti-hack","firewall","protection","https:\u002F\u002Fneedtome.com\u002Fnohackme\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnohackme-defender.1.1.0.zip",92,{"attackSurface":145,"codeSignals":234,"taintFlows":263,"riskAssessment":366,"analyzedAt":374},{"hooks":146,"ajaxHandlers":211,"restRoutes":226,"shortcodes":227,"cronEvents":228,"entryPointCount":233,"unprotectedCount":29},[147,153,157,161,163,166,170,174,180,184,188,192,196,200,203,207],{"type":148,"name":149,"callback":150,"file":151,"line":152},"action","init","advcb_ensure_cleanup_schedule","advanced-country-blocking.php",309,{"type":148,"name":154,"callback":155,"file":151,"line":156},"admin_notices","advcb_insecure_secret_key_notice",320,{"type":148,"name":158,"callback":159,"file":151,"line":160},"wp_enqueue_scripts","closure",463,{"type":148,"name":158,"callback":159,"file":151,"line":162},503,{"type":148,"name":149,"callback":164,"file":151,"line":165},"advcb_block_non_allowed_countries",535,{"type":148,"name":167,"callback":168,"file":151,"line":169},"admin_init","advcb_register_settings",738,{"type":148,"name":171,"callback":172,"file":151,"line":173},"advcb_cleanup_logs_event","advcb_cleanup_logs",757,{"type":175,"name":176,"callback":177,"priority":178,"file":151,"line":179},"filter","registration_errors","advcb_restrict_registration_by_country",10,798,{"type":175,"name":176,"callback":181,"priority":182,"file":151,"line":183},"advcb_log_blocked_registration_attempt",11,831,{"type":148,"name":185,"callback":186,"file":151,"line":187},"admin_menu","advcb_register_options_page",877,{"type":148,"name":149,"callback":189,"priority":190,"file":151,"line":191},"advcb_track_visitor_activity",5,1826,{"type":148,"name":193,"callback":194,"priority":178,"file":151,"line":195},"advcb_block_recorded","advcb_record_live_block",1860,{"type":148,"name":197,"callback":198,"priority":178,"file":151,"line":199},"advcb_record_block","advcb_trigger_block_record_hook",1868,{"type":148,"name":154,"callback":201,"file":151,"line":202},"advcb_geoip_admin_notices",3577,{"type":148,"name":204,"callback":205,"file":151,"line":206},"admin_post_advcb_geoip_download","advcb_handle_geoip_download",3762,{"type":148,"name":208,"callback":209,"file":151,"line":210},"admin_post_advcb_geoip_upload","advcb_handle_geoip_upload",3877,[212,217,221,223],{"action":213,"nopriv":214,"callback":213,"hasNonce":215,"hasCapCheck":215,"file":151,"line":216},"advcb_get_live_monitor_data",false,true,1916,{"action":218,"nopriv":214,"callback":219,"hasNonce":215,"hasCapCheck":214,"file":151,"line":220},"advcb_verify_captcha","advcb_verify_captcha_challenge",2713,{"action":218,"nopriv":215,"callback":219,"hasNonce":215,"hasCapCheck":214,"file":151,"line":222},2714,{"action":224,"nopriv":214,"callback":224,"hasNonce":215,"hasCapCheck":215,"file":151,"line":225},"advcb_get_dashboard_stats",3128,[],[],[229,231],{"hook":171,"callback":171,"file":151,"line":230},300,{"hook":171,"callback":171,"file":151,"line":232},312,4,{"dangerousFunctions":235,"sqlUsage":236,"outputEscaping":251,"fileOperations":190,"externalRequests":190,"nonceChecks":14,"capabilityChecks":261,"bundledLibraries":262},[],{"prepared":97,"raw":190,"locations":237},[238,241,244,247,249],{"file":151,"line":239,"context":240},1627,"$wpdb->query() with variable interpolation",{"file":151,"line":242,"context":243},1641,"$wpdb->get_var() with variable interpolation",{"file":151,"line":245,"context":246},1907,"$wpdb->get_results() with variable interpolation",{"file":151,"line":248,"context":243},3113,{"file":151,"line":250,"context":243},3114,{"escaped":252,"rawEcho":60,"locations":253},138,[254,257,259],{"file":151,"line":255,"context":256},331,"raw output",{"file":151,"line":258,"context":256},2084,{"file":151,"line":260,"context":256},3324,8,[],[264,286,338,347,358],{"entryPoint":265,"graph":266,"unsanitizedCount":28,"severity":40},"advcb_handle_geoip_download (advanced-country-blocking.php:3636)",{"nodes":267,"edges":283},[268,273,277],{"id":269,"type":270,"label":271,"file":151,"line":272},"n0","source","$_POST",3751,{"id":274,"type":275,"label":276,"file":151,"line":272},"n1","transform","→ advcb_save_geoip_database_content()",{"id":278,"type":279,"label":280,"file":151,"line":281,"wp_function":282},"n2","sink","file_put_contents() [File Write]",3611,"file_put_contents",[284,285],{"from":269,"to":274,"sanitized":214},{"from":274,"to":278,"sanitized":214},{"entryPoint":287,"graph":288,"unsanitizedCount":28,"severity":40},"\u003Cadvanced-country-blocking> (advanced-country-blocking.php:0)",{"nodes":289,"edges":330},[290,293,296,299,304,306,309,313,315,319,324,326,328],{"id":269,"type":270,"label":291,"file":151,"line":292},"$_POST['advcb_captcha_secret_key']",1272,{"id":274,"type":279,"label":294,"file":151,"line":292,"wp_function":295},"echo() [XSS]","echo",{"id":278,"type":270,"label":297,"file":151,"line":298},"$_GET",1631,{"id":300,"type":279,"label":301,"file":151,"line":302,"wp_function":303},"n3","get_results() [SQLi]",1635,"get_results",{"id":305,"type":270,"label":297,"file":151,"line":298},"n4",{"id":307,"type":279,"label":294,"file":151,"line":308,"wp_function":295},"n5",1717,{"id":310,"type":270,"label":311,"file":151,"line":312},"n6","$_SERVER",383,{"id":314,"type":279,"label":280,"file":151,"line":281,"wp_function":282},"n7",{"id":316,"type":270,"label":317,"file":151,"line":318},"n8","$_FILES",3776,{"id":320,"type":279,"label":321,"file":151,"line":322,"wp_function":323},"n9","file_get_contents() [SSRF\u002FLFI]",3838,"file_get_contents",{"id":325,"type":270,"label":271,"file":151,"line":272},"n10",{"id":327,"type":275,"label":276,"file":151,"line":272},"n11",{"id":329,"type":279,"label":280,"file":151,"line":281,"wp_function":282},"n12",[331,332,333,334,335,336,337],{"from":269,"to":274,"sanitized":215},{"from":278,"to":300,"sanitized":215},{"from":305,"to":307,"sanitized":215},{"from":310,"to":314,"sanitized":215},{"from":316,"to":320,"sanitized":215},{"from":325,"to":327,"sanitized":214},{"from":327,"to":329,"sanitized":214},{"entryPoint":339,"graph":340,"unsanitizedCount":29,"severity":346},"advcb_options_page (advanced-country-blocking.php:882)",{"nodes":341,"edges":344},[342,343],{"id":269,"type":270,"label":291,"file":151,"line":292},{"id":274,"type":279,"label":294,"file":151,"line":292,"wp_function":295},[345],{"from":269,"to":274,"sanitized":215},"low",{"entryPoint":348,"graph":349,"unsanitizedCount":29,"severity":346},"advcb_block_logs_page (advanced-country-blocking.php:1619)",{"nodes":350,"edges":355},[351,352,353,354],{"id":269,"type":270,"label":297,"file":151,"line":298},{"id":274,"type":279,"label":301,"file":151,"line":302,"wp_function":303},{"id":278,"type":270,"label":297,"file":151,"line":298},{"id":300,"type":279,"label":294,"file":151,"line":308,"wp_function":295},[356,357],{"from":269,"to":274,"sanitized":215},{"from":278,"to":300,"sanitized":215},{"entryPoint":359,"graph":360,"unsanitizedCount":29,"severity":346},"advcb_handle_geoip_upload (advanced-country-blocking.php:3764)",{"nodes":361,"edges":364},[362,363],{"id":269,"type":270,"label":317,"file":151,"line":318},{"id":274,"type":279,"label":321,"file":151,"line":322,"wp_function":323},[365],{"from":269,"to":274,"sanitized":215},{"summary":367,"deductions":368},"The advanced-country-blocker plugin exhibits a generally strong security posture with several positive indicators. The absence of unpatched vulnerabilities, a high percentage of SQL queries using prepared statements, and robust output escaping (98%) are commendable. The plugin also demonstrates good use of nonces and capability checks, with no immediately obvious unprotected entry points.\n\nHowever, there are a couple of areas that warrant attention. The presence of two taint flows with unsanitized paths, despite not being classified as critical or high severity, suggests potential avenues for exploitation if input is not handled meticulously. While the number of file operations and external HTTP requests is not excessively high, these are common vectors for more complex attacks. The single medium-severity vulnerability in its history, even though patched, points to a past weakness in initialization logic, indicating that careful review of such components is necessary.\n\nOverall, the plugin is well-maintained and adheres to many security best practices. The limited number and severity of past issues are positive. The primary area for vigilance lies in the identified unsanitized taint flows, which should be thoroughly investigated and mitigated to ensure continued security. The plugin's strengths lie in its proactive patching and good implementation of core WordPress security features.",[369,372],{"reason":370,"points":371},"Taint flows with unsanitized paths",7,{"reason":373,"points":190},"Past medium vulnerability (initialization)","2026-03-16T18:36:43.338Z",{"wat":376,"direct":389},{"assetPaths":377,"generatorPatterns":382,"scriptPaths":383,"versionParams":384},[378,379,380,381],"\u002Fwp-content\u002Fplugins\u002Fadvanced-country-blocker\u002Fcss\u002Fadvcb-admin.css","\u002Fwp-content\u002Fplugins\u002Fadvanced-country-blocker\u002Fcss\u002Fadvcb-public.css","\u002Fwp-content\u002Fplugins\u002Fadvanced-country-blocker\u002Fjs\u002Fadvcb-admin.js","\u002Fwp-content\u002Fplugins\u002Fadvanced-country-blocker\u002Fjs\u002Fadvcb-public.js",[],[381],[385,386,387,388],"advanced-country-blocker\u002Fcss\u002Fadvcb-admin.css?ver=","advanced-country-blocker\u002Fcss\u002Fadvcb-public.css?ver=","advanced-country-blocker\u002Fjs\u002Fadvcb-admin.js?ver=","advanced-country-blocker\u002Fjs\u002Fadvcb-public.js?ver=",{"cssClasses":390,"htmlComments":391,"htmlAttributes":392,"restEndpoints":393,"jsGlobals":394,"shortcodeOutput":395},[],[],[],[],[],[]]