WP-Safety

Advanced IP Blocker Security & Risk Analysis

wordpress.org/plugins/advanced-ip-blocker

A complete WordPress security firewall: blocks IPs, bots & countries. Includes an intelligent WAF, Threat Scoring, Geo-Challenge, and 2FA.

1K active installs v8.9.12 PHP 8.1+ WP 6.7+ Updated Apr 15, 2026
2fafirewallip-blockersecuritywaf
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Advanced IP Blocker Safe to Use in 2026?

Generally Safe

Score 100/100

Advanced IP Blocker has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The advanced-ip-blocker plugin v8.9.3 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL query sanitization and output escaping, with a high percentage of prepared statements and properly escaped outputs respectively. The absence of known CVEs and a clean vulnerability history further contribute to a generally stable security profile. However, a significant concern arises from the large attack surface, particularly the high number of AJAX handlers and REST API routes that lack proper authentication or capability checks. This presents a substantial risk of unauthorized actions if these entry points are exploited. The taint analysis also highlights a concerning number of flows with unsanitized paths, specifically 13 critical severity flows, indicating potential for exploitation even without explicit CVEs. This suggests that while the plugin is good at preventing common issues like raw SQL, it may be susceptible to more complex vulnerabilities related to data handling and input validation.

Key Concerns

  • High number of unprotected AJAX handlers
  • High number of unprotected REST API routes
  • 13 critical severity taint flows
  • 20 flows with unsanitized paths
Vulnerabilities
None known

Advanced IP Blocker Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Advanced IP Blocker Release Timeline

v8.9.12Current
v8.9.11
v8.9.10
v8.9.9
v8.9.8
v8.9.7
v8.9.6
v8.9.5
v8.9.4
v8.9.3
v8.9.2
v8.9.1
v8.9.0
v8.8.9
v8.8.8
v8.8.7
v8.8.6
v8.8.5
v8.8.4
v8.8.3
Code Analysis
Analyzed Mar 16, 2026

Advanced IP Blocker Code Analysis

Dangerous Functions
0
Raw SQL Queries
43
142 prepared
Unescaped Output
69
1000 escaped
Nonce Checks
54
Capability Checks
62
File Operations
9
External Requests
26
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

77% prepared185 total queries

Output Escaping

94% escaped1069 total outputs
Data Flows · Security
20 unsanitized

Data Flow Analysis

25 flows20 with unsanitized paths
display_status_tab (includes\class-advaipbl-admin-pages.php:2541)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
33 unprotected

Advanced IP Blocker Attack Surface

Entry Points38
Unprotected33

AJAX Handlers 34

authwp_ajax_advaipbl_run_deep_scanincludes\class-advaipbl-main.php:240
authwp_ajax_advaipbl_check_server_reputationincludes\class-advaipbl-main.php:241
authwp_ajax_advaipbl_clear_audit_logincludes\class-advaipbl-main.php:242
authwp_ajax_advaipbl_run_fim_scanincludes\class-advaipbl-main.php:243
authwp_ajax_advaipbl_test_outbound_connectionincludes\class-advaipbl-main.php:321
authwp_ajax_advaipbl_add_ip_to_whitelistincludes\class-advaipbl-main.php:322
authwp_ajax_advaipbl_verify_api_keyincludes\class-advaipbl-main.php:323
authwp_ajax_advaipbl_get_free_api_keyincludes\class-advaipbl-main.php:324
authwp_ajax_advaipbl_update_geoip_dbincludes\class-advaipbl-main.php:325
authwp_ajax_advaipbl_get_dashboard_statsincludes\class-advaipbl-main.php:326
authwp_ajax_advaipbl_export_settings_ajaxincludes\class-advaipbl-main.php:327
authwp_ajax_advaipbl_handle_telemetry_noticeincludes\class-advaipbl-main.php:328
authwp_ajax_advaipbl_reset_threat_scoreincludes\class-advaipbl-main.php:329
authwp_ajax_advaipbl_get_score_historyincludes\class-advaipbl-main.php:330
authwp_ajax_advaipbl_delete_signatureincludes\class-advaipbl-main.php:331
authwp_ajax_advaipbl_get_signature_detailsincludes\class-advaipbl-main.php:332
authwp_ajax_advaipbl_whitelist_signatureincludes\class-advaipbl-main.php:333
authwp_ajax_advaipbl_get_lockdown_detailsincludes\class-advaipbl-main.php:334
authwp_ajax_advaipbl_get_advanced_rulesincludes\class-advaipbl-main.php:346
authwp_ajax_advaipbl_save_advanced_ruleincludes\class-advaipbl-main.php:347
authwp_ajax_advaipbl_delete_advanced_ruleincludes\class-advaipbl-main.php:348
authwp_ajax_advaipbl_reorder_rulesincludes\class-advaipbl-main.php:349
authwp_ajax_advaipbl_bulk_delete_advanced_rulesincludes\class-advaipbl-main.php:350
authwp_ajax_advaipbl_verify_abuseipdb_keyincludes\class-advaipbl-main.php:351
authwp_ajax_advaipbl_bulk_import_whitelistincludes\class-advaipbl-main.php:352
authwp_ajax_advaipbl_bulk_export_whitelistincludes\class-advaipbl-main.php:353
authwp_ajax_advaipbl_bulk_import_blocked_ipsincludes\class-advaipbl-main.php:354
authwp_ajax_advaipbl_bulk_export_blocked_ipsincludes\class-advaipbl-main.php:355
authwp_ajax_advaipbl_2fa_generateincludes\class-advaipbl-main.php:463
authwp_ajax_advaipbl_2fa_activateincludes\class-advaipbl-main.php:464
authwp_ajax_advaipbl_2fa_deactivateincludes\class-advaipbl-main.php:465
authwp_ajax_advaipbl_close_user_sessionincludes\class-advaipbl-session-manager.php:12
authwp_ajax_advaipbl_close_all_user_sessionsincludes\class-advaipbl-session-manager.php:13
authwp_ajax_advaipbl_close_sessions_by_roleincludes\class-advaipbl-session-manager.php:14

REST API Routes 3

GET/wp-json/advaipbl/v1/live-attacksincludes\class-advaipbl-live-feed-manager.php:29
GET/wp-json/advaipbl/v1/live-feed-nonceincludes\class-advaipbl-live-feed-manager.php:35
GET/wp-json/advaipbl/v1/live-feed-nonceincludes\class-advaipbl-main.php:269

Shortcodes 1

[advaipbl_live_feed] includes\class-advaipbl-main.php:275
WordPress Hooks 116
actionafter_setup_themeadvanced-ip-blocker.php:93
actionplugins_loadedadvanced-ip-blocker.php:117
actionwp_loginincludes\class-advaipbl-audit-logger.php:20
actionwp_login_failedincludes\class-advaipbl-audit-logger.php:21
actionactivated_pluginincludes\class-advaipbl-audit-logger.php:24
actiondeactivated_pluginincludes\class-advaipbl-audit-logger.php:25
actionuser_registerincludes\class-advaipbl-audit-logger.php:28
actiondeleted_userincludes\class-advaipbl-audit-logger.php:29
actionadvaipbl_daily_eventincludes\class-advaipbl-audit-logger.php:35
filtercron_schedulesincludes\class-advaipbl-cron-manager.php:18
actionadvaipbl_threat_score_decay_eventincludes\class-advaipbl-cron-manager.php:21
actionadvaipbl_signature_analysis_eventincludes\class-advaipbl-cron-manager.php:22
actionadvaipbl_scheduled_scan_eventincludes\class-advaipbl-cron-manager.php:23
actionadvaipbl_update_spamhaus_list_eventincludes\class-advaipbl-cron-manager.php:24
actionadvaipbl_daily_fim_scanincludes\class-advaipbl-cron-manager.php:34
actionadvaipbl_cloudflare_cleanup_eventincludes\class-advaipbl-cron-manager.php:35
actionadvaipbl_cloudflare_sync_eventincludes\class-advaipbl-cron-manager.php:36
actionadvaipbl_update_community_list_eventincludes\class-advaipbl-cron-manager.php:37
actionadvaipbl_community_report_event_v2includes\class-advaipbl-cron-manager.php:38
filterwp_mail_content_typeincludes\class-advaipbl-file-verifier.php:202
filterauthenticateincludes\class-advaipbl-main.php:181
actionadmin_initincludes\class-advaipbl-main.php:183
actionadmin_noticesincludes\class-advaipbl-main.php:187
actioninitincludes\class-advaipbl-main.php:221
actioninitincludes\class-advaipbl-main.php:223
actioninitincludes\class-advaipbl-main.php:224
actioninitincludes\class-advaipbl-main.php:225
actioninitincludes\class-advaipbl-main.php:226
actioninitincludes\class-advaipbl-main.php:227
actionplugins_loadedincludes\class-advaipbl-main.php:228
actioninitincludes\class-advaipbl-main.php:229
actioninitincludes\class-advaipbl-main.php:230
actioninitincludes\class-advaipbl-main.php:231
actioninitincludes\class-advaipbl-main.php:232
actioninitincludes\class-advaipbl-main.php:233
actioninitincludes\class-advaipbl-main.php:234
actioninitincludes\class-advaipbl-main.php:235
actioninitincludes\class-advaipbl-main.php:236
filterstatus_headerincludes\class-advaipbl-main.php:237
actionadvaipbl_community_report_event_v2includes\class-advaipbl-main.php:238
actionadvaipbl_update_community_list_eventincludes\class-advaipbl-main.php:239
actionadmin_initincludes\class-advaipbl-main.php:248
actioninitincludes\class-advaipbl-main.php:257
filterthe_author_loginincludes\class-advaipbl-main.php:258
filterget_the_author_loginincludes\class-advaipbl-main.php:259
actionwp_login_failedincludes\class-advaipbl-main.php:260
actionlogin_initincludes\class-advaipbl-main.php:261
actionlogin_initincludes\class-advaipbl-main.php:262
actionwp_loginincludes\class-advaipbl-main.php:263
filterrest_endpointsincludes\class-advaipbl-main.php:264
filteroembed_response_dataincludes\class-advaipbl-main.php:265
filterauthenticateincludes\class-advaipbl-main.php:266
actionrest_api_initincludes\class-advaipbl-main.php:267
actionrest_api_initincludes\class-advaipbl-main.php:268
actionadmin_bar_menuincludes\class-advaipbl-main.php:279
actionadvaipbl_purge_old_logs_eventincludes\class-advaipbl-main.php:282
actionadvaipbl_cloudflare_cleanup_eventincludes\class-advaipbl-main.php:283
actionadvaipbl_send_telemetry_data_eventincludes\class-advaipbl-main.php:285
actionadvaipbl_update_geoip_db_eventincludes\class-advaipbl-main.php:286
actionadvaipbl_clear_expired_blocks_eventincludes\class-advaipbl-main.php:287
actionadvaipbl_cleanup_expired_cache_eventincludes\class-advaipbl-main.php:288
actionadvaipbl_daily_fim_scanincludes\class-advaipbl-main.php:289
actionadmin_noticesincludes\class-advaipbl-main.php:292
actionadmin_initincludes\class-advaipbl-main.php:293
actionadmin_initincludes\class-advaipbl-main.php:294
actionadmin_initincludes\class-advaipbl-main.php:295
actionadmin_initincludes\class-advaipbl-main.php:296
actionadmin_menuincludes\class-advaipbl-main.php:297
actionadmin_initincludes\class-advaipbl-main.php:298
actionadmin_initincludes\class-advaipbl-main.php:299
actionadmin_post_advaipbl_refresh_spamhausincludes\class-advaipbl-main.php:302
actionadmin_noticesincludes\class-advaipbl-main.php:303
actionadmin_noticesincludes\class-advaipbl-main.php:304
actionadmin_headincludes\class-advaipbl-main.php:308
actionadmin_enqueue_scriptsincludes\class-advaipbl-main.php:319
actionadmin_footerincludes\class-advaipbl-main.php:320
actionadmin_post_advaipbl_import_settingsincludes\class-advaipbl-main.php:335
actionadmin_post_advaipbl_clear_location_cache_actionincludes\class-advaipbl-main.php:336
actionadmin_post_advaipbl_send_test_emailincludes\class-advaipbl-main.php:337
actionadmin_post_advaipbl_send_test_pushincludes\class-advaipbl-main.php:338
actionadmin_post_advaipbl_run_manual_scanincludes\class-advaipbl-main.php:339
actionadmin_post_advaipbl_wizard_step_1includes\class-advaipbl-main.php:341
actionadmin_post_advaipbl_wizard_step_2includes\class-advaipbl-main.php:342
actionadmin_post_advaipbl_wizard_step_3includes\class-advaipbl-main.php:343
actionadmin_post_advaipbl_wizard_step_4includes\class-advaipbl-main.php:344
filterxmlrpc_enabledincludes\class-advaipbl-main.php:358
actionlogin_enqueue_scriptsincludes\class-advaipbl-main.php:364
actionlogin_formincludes\class-advaipbl-main.php:365
filterauthenticateincludes\class-advaipbl-main.php:366
actionshow_user_profileincludes\class-advaipbl-main.php:457
actionedit_user_profileincludes\class-advaipbl-main.php:458
actionpersonal_options_updateincludes\class-advaipbl-main.php:459
actionedit_user_profile_updateincludes\class-advaipbl-main.php:460
filterauthenticateincludes\class-advaipbl-main.php:468
actionlogin_form_advaipbl_validate_2faincludes\class-advaipbl-main.php:469
actionlogin_form_advaipbl_validate_2fa_backupincludes\class-advaipbl-main.php:470
actionlogin_form_loginincludes\class-advaipbl-main.php:471
filterwp_mail_content_typeincludes\class-advaipbl-main.php:3731
filterlogin_messageincludes\class-advaipbl-main.php:6217
filterlogin_messageincludes\class-advaipbl-main.php:6276
filterwp_mail_content_typeincludes\class-advaipbl-main.php:6488
actionadvaipbl_send_summary_emailincludes\class-advaipbl-notification-manager.php:22
actionadvaipbl_send_signature_summary_emailincludes\class-advaipbl-notification-manager.php:23
actionadvaipbl_abuseipdb_limit_emailincludes\class-advaipbl-notification-manager.php:24
filterwp_mail_content_typeincludes\class-advaipbl-notification-manager.php:181
filterwp_mail_content_typeincludes\class-advaipbl-notification-manager.php:290
filterwp_mail_content_typeincludes\class-advaipbl-notification-manager.php:345
filterwp_mail_content_typeincludes\class-advaipbl-notification-manager.php:388
filterwp_mail_content_typeincludes\class-advaipbl-notification-manager.php:578
filterwp_mail_content_typeincludes\class-advaipbl-notification-manager.php:606
filterwp_mail_content_typeincludes\class-advaipbl-notification-manager.php:680
filterwp_mail_content_typeincludes\class-advaipbl-notification-manager.php:765
actionsend_headersincludes\class-advaipbl-security-headers.php:15
actionadmin_initincludes\class-advaipbl-security-headers.php:16
actionadmin_post_advaipbl_usm_save_settingsincludes\class-advaipbl-session-manager.php:15
filterwp_mail_content_typeincludes\class-advaipbl-site-scanner.php:636

Scheduled Events 27

advaipbl_update_spamhaus_list_event
advaipbl_send_telemetry_data_event
advaipbl_cloudflare_sync_event
advaipbl_threat_score_decay_event
advaipbl_signature_analysis_event
advaipbl_purge_old_logs_event
advaipbl_send_summary_email
advaipbl_send_signature_summary_email
advaipbl_send_telemetry_data_event
advaipbl_update_geoip_db_event
advaipbl_clear_expired_blocks_event
advaipbl_cleanup_expired_cache_event
advaipbl_daily_fim_scan
advaipbl_scheduled_scan_event
advaipbl_scheduled_scan_event
advaipbl_community_report_event_v2
advaipbl_update_spamhaus_list_event
advaipbl_update_community_list_event
advaipbl_community_report_event_v2
advaipbl_cloudflare_cleanup_event
advaipbl_cloudflare_sync_event
advaipbl_update_community_list_event
advaipbl_send_summary_email
advaipbl_cloudflare_cleanup_event
advaipbl_purge_old_logs_event
advaipbl_update_geoip_db_event
advaipbl_cleanup_expired_cache_event
Maintenance & Trust

Advanced IP Blocker Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 15, 2026
PHP min version8.1
Downloads30K

Community Trust

Rating94/100
Number of ratings15
Active installs1K
Alternatives

Advanced IP Blocker Alternatives

Atomic Edge Security

Atomic Edge Security

atomic-edge-security

A
100

Connect your WordPress site to Atomic Edge for enterprise-grade WAF protection, real-time analytics, and advanced security tools.

10 No CVEs
Wordfence Security – Firewall, Malware Scan, and Login Security

Wordfence Security – Firewall, Malware Scan, and Login Security

wordfence

A
96

Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.

5.0M 12 CVEs
Limit Login Attempts Reloaded – Login Security, 2FA, Brute Force Protection & Firewall

Limit Login Attempts Reloaded – Login Security, 2FA, Brute Force Protection & Firewall

limit-login-attempts-reloaded

A
98

Stop password guessing attacks, secure WooCommerce, block bad IPs, block by countries (Pro), and add email 2FA. Lightweight with better performance.

2.0M 4 CVEs
Shield: Blocks Bots, Protects Users, and Prevents Security Breaches

Shield: Blocks Bots, Protects Users, and Prevents Security Breaches

wp-simple-firewall

B
83

Shield stops bot attacks before they hack your site. Bots CAN be stopped. Shield stops them.

40K 11 CVEs
Login Security, FireWall, Malware removal by CleanTalk

Login Security, FireWall, Malware removal by CleanTalk

security-malware-firewall

A
86

Brute force, Login security & Two Factor Auth (2FA). Limit login. Malware & Vulnerabilities scan. FireWall. Enterprise ready security plugin.

30K 5 CVEs
Developer Profile

Advanced IP Blocker Developer Profile

IniLerm

1 plugin · 1K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Advanced IP Blocker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/advanced-ip-blocker/assets/css/advaipbl-live-feed.css/wp-content/plugins/advanced-ip-blocker/assets/js/advaipbl-live-feed.js/wp-content/plugins/advanced-ip-blocker/assets/js/advaipbl-firewall-rules.js/wp-content/plugins/advanced-ip-blocker/assets/js/advaipbl-settings.js/wp-content/plugins/advanced-ip-blocker/assets/css/advaipbl-settings.css
Version Parameters
advanced-ip-blocker/assets/css/advaipbl-live-feed.css?ver=advanced-ip-blocker/assets/js/advaipbl-live-feed.js?ver=advanced-ip-blocker/assets/js/advaipbl-firewall-rules.js?ver=advanced-ip-blocker/assets/js/advaipbl-settings.js?ver=advanced-ip-blocker/assets/css/advaipbl-settings.css?ver=

HTML / DOM Fingerprints

CSS Classes
advaipbl-live-feed-containeradvaipbl-firewall-rule-tableadvaipbl-settings-form
Data Attributes
data-advaipbl-nonce
JS Globals
advaipbl_live_feed_params
REST Endpoints
/wp-json/advaipbl/v1/live-attacks/wp-json/advaipbl/v1/live-feed-nonce
Shortcode Output
[advaipbl_live_feed]
FAQ

Frequently Asked Questions about Advanced IP Blocker