[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ff49HtptTXhNROpQsDf9IkDXvWGm1-WtovugYEQcFTcw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":14,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":36,"analysis":138,"fingerprints":237},"ais-ip-blocker","AIS: IP Blocker","2.2.0","AIS TECHNOLABS","https:\u002F\u002Fprofiles.wordpress.org\u002Faistechnolabspvtltd\u002F","\u003Cp>IP Blocker for WordPress allows you to block the malicious IP Addresses, Spammers and Hackers. Now, You can block IP addresses according to your conditions.\u003C\u002Fp>\n\u003Cp>By blocking the Unwanted or Spammy IP Addresses, you can prevent hacking attempts on your wordpress website.\u003C\u002Fp>\n\u003Cp>Admin can get also mail notification when some-one’s IP get blocked.\u003C\u002Fp>\n\u003Cp>The blocked IPs won’t be able to scrap the precious content too from your WordPress Site. You can choose to either display the blocked message or an empty page to the blocked users. And anytime you can delete that IP from the blocking list if you know that it’s not performing malicious activities.\u003C\u002Fp>\n\u003Ch4>Plugin Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Block Unlimited IP Addresses from accessing your website\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Display predefined message or a blank page to the blocked user\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free 24X7 Support\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic IP Blocking on Suspicious Activity, Auto-blocking if hits more url within stipulated time\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n","Blocks malicious IP Addresses, Spammers and Hackers from accessing page without compromising the performance of your WordPress Website.",10,1808,0,"","6.0.11","6.0",[18,19,20,21,22],"blacklist","block-hackers","block-ip","ip-blocker","security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fais-ip-blocker.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"aistechnolabspvtltd",6,210,88,30,86,"2026-04-04T07:07:39.189Z",[37,58,79,102,120],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":24,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":55,"download_link":56,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":57},"crowdsec","CrowdSec","2.13.1","CrowdSec - lightweight and collaborative security engine","https:\u002F\u002Fprofiles.wordpress.org\u002Fcrowdsec\u002F","\u003Cp>The CrowdSec plugin proactively blocks requests coming from known attackers.\u003Cbr \u002F>\nIt does so by either directly using CrowdSec Blocklists Integration or by connecting to your CrowdSec Security Engine.\u003C\u002Fp>\n\u003Ch4>Key Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Instant CrowdSec Blocklist\u003C\u002Fstrong>: Quickly block known WordPress attackers in a few clicks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detect and block\u003C\u002Fstrong> admin bruteforce attempts and scans of your WordPress Site.\u003C\u002Fli>\n\u003Cli>Remediation metrics: Enabling you to see the efficiency of the protection.\u003C\u002Fli>\n\u003Cli>(Console Users) Plug any of your existing Blocklist Integrations.\u003C\u002Fli>\n\u003Cli>(CrowdSec Security Engine Users) Apply decisions and subscribed blocklist of your security engine within WordPress.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Block aggressive IPs\u003C\u002Fli>\n\u003Cli>Display a captcha for less aggressive IPs\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin blocks detected attackers or displays them a captcha to check they are not bots.",2000,58196,5,"2026-01-09T01:11:00.000Z","6.9.4","4.9","7.2",[53,38,54,21,22],"captcha","hacker-protection","https:\u002F\u002Fgithub.com\u002Fcrowdsecurity\u002Fcs-wordpress-bouncer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcrowdsec.2.13.1.zip","2026-03-15T15:16:48.613Z",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":49,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":77,"download_link":78,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":57},"advanced-ip-blocker","Advanced IP Blocker","8.9.2","IniLerm","https:\u002F\u002Fprofiles.wordpress.org\u002Finilerm\u002F","\u003Cp>\u003Cstrong>Advanced IP Blocker\u003C\u002Fstrong> is your all-in-one security solution to safeguard your WordPress website from a wide range of threats. This plugin provides a comprehensive suite of tools to automatically detect and block malicious activity, including brute-force attacks, vulnerability scanning, and spam bots. With its intuitive interface, you can easily manage whitelists, blocklists, and view detailed security logs to understand exactly how your site is being protected.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Important Note on PHP Version:\u003C\u002Fstrong>\u003Cbr \u002F>\n  To ensure maximum security and access to all features, we strongly recommend using \u003Cstrong>PHP 8.1 or higher\u003C\u002Fstrong>. Some advanced features (like the local MaxMind database or full 2FA management via WP-CLI) require PHP 8.1.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n*   \u003Cstrong>(NEW) Country Selector Copy\u002FPaste:\u003C\u002Fstrong> Say goodbye to manually selecting 50+ countries. You can now instantly copy and paste a raw list of 2-letter country codes directly into Geoblocking, Geo-Challenge, and Whitelist Login fields.\u003Cbr \u002F>\n*   \u003Cstrong>(NEW) AIB Cloud Network V3:\u003C\u002Fstrong> Upgrade to the next-generation distributed threat intelligence network. The new API V3 provides secure, individual API Keys per site, drastically improving synchronization reliability, threat telemetry, and global network stability.\u003Cbr \u002F>\n*   \u003Cstrong>(NEW) Whitelist Login Countries:\u003C\u002Fstrong> Take absolute control over administrative access. Easily restrict your WordPress login page and XML-RPC to only allow connections from specific, whitelisted countries, instantly blocking unauthorized foreign login attempts.\u003Cbr \u002F>\n*   \u003Cstrong>(IMPROVED) Bulk Import\u002FExport for Blocked IPs & Whitelist:\u003C\u002Fstrong> Seamlessly import massive lists of IPs via CSV or manual entry. The system now features a bulletproof “Bulk Import” type, strict duration inheritance, and intelligent conflict resolution.\u003Cbr \u002F>\n*   \u003Cstrong>(NEW) Internal Security & Forensics:\u003C\u002Fstrong> A complete audit suite solely for WordPress. Track every sensitive event (plugin installs, settings changes, user logins) and monitor your critical files for unauthorized modifications with the integrated File Integrity Monitor.\u003Cbr \u002F>\n*   \u003Cstrong>(NEW) Activity Audit Log:\u003C\u002Fstrong> Gain complete visibility into what’s happening on your site. Who deactivated a plugin? Who changed a setting? The Audit Log answers these questions with timestamped, immutable records.\u003Cbr \u002F>\n*   \u003Cstrong>(NEW) Deep Scan Email Reports:\u003C\u002Fstrong> Get a weekly security summary delivered to your inbox, detailing pending updates, vulnerability status, and recent attack trends.\u003Cbr \u002F>\n*   \u003Cstrong>Username Blocking & Rules:\u003C\u002Fstrong> Gain granular control over login security. Creating Advanced Rules to block, challenge, or score specific usernames (e.g., “admin”, “test”).\u003Cbr \u002F>\n*   \u003Cstrong>Enhanced Lockdown Notifications:\u003C\u002Fstrong> Distributed Lockdowns (404\u002F403) now fully support Email and Push notifications, ensuring you never miss a critical security event.\u003Cbr \u002F>\n*   \u003Cstrong>Improved Logging:\u003C\u002Fstrong> New “Endpoint Challenge” event type provides deeper visibility into challenges served during automated lockdowns.\u003Cbr \u002F>\n*   \u003Cstrong>Server IP Reputation Check. Instantly audit your web server’s IP address against major blacklists (Spamhaus, AbuseIPDB) to diagnose SEO and email delivery issues.\u003Cbr \u002F>\n*   **HTTP Security Headers.\u003C\u002Fstrong> Easily configure essential security headers like HSTS, X-Frame-Options, and Permissions-Policy to harden your site against clickjacking, sniffing, and other browser-based attacks. Includes a “Report-Only” mode for CSP.\u003Cbr \u002F>\n*   \u003Cstrong>Site Health & Vulnerability Scanner. Audit your WordPress environment instantly. Detects outdated plugins, insecure PHP versions, and checks your installed plugins against a database of 30,000+ known vulnerabilities.\u003Cbr \u002F>\n*   **PERFORMANCE BOOST: High-Speed Community Database. Migrated the “Community Defense Network” blocklist to a dedicated, indexed database table. This allows checking thousands of malicious IPs in microseconds with zero impact on site memory usage.\u003Cbr \u002F>\n*   **WordPress 6.9 Ready. Fully tested and compatible with the latest WordPress core update.\u003Cbr \u002F>\n*   **Community Defense Network. Join forces with other WordPress admins. The plugin now shares anonymous attack data to build a global, real-time blocklist of verified threats. Protect your site with community-powered intelligence.\u003Cbr \u002F>\n*   **Auto-Cleaning Logic. Smart expiration handling ensures your blocklists stay fresh and performant, automatically removing stale IPs from both the database and external firewalls (Cloudflare\u002F.htaccess).\u003Cbr \u002F>\n*   **Cloud Edge Defense (Cloudflare). Connect your site directly to Cloudflare’s global network. Automatically sync your blocklists to the cloud to stop attackers before they reach your server. Zero server load protection.\u003Cbr \u002F>\n*   **Server-Level Firewall (.htaccess). Extreme performance upgrade. Write blocking rules and file hardening protections directly to your .htaccess file. Blocks threats instantly without loading PHP or WordPress.\u003Cbr \u002F>\n*   **IMPROVED: Smart Bot Verification. Enhanced logic to correctly identify legitimate traffic from iOS devices (iCloud Private Relay) and social media previews, eliminating false positives while keeping impostors out.\u003Cbr \u002F>\n*   **File Hardening.\u003C\u002Fstrong> Protect your most sensitive files (\u003Ccode>wp-config.php\u003C\u002Fcode>, \u003Ccode>readme.html\u003C\u002Fcode>, \u003Ccode>.git\u003C\u002Fcode>) at the server level with a single click.\u003Cbr \u002F>\n*   \u003Cstrong>AbuseIPDB Integration.\u003C\u002Fstrong> Proactively block attackers before they strike. The plugin can now check visitor IPs against AbuseIPDB’s real-time, crowdsourced database of malicious IPs and block those with a high abuse score on their very first request.\u003Cbr \u002F>\n*   \u003Cstrong>Edge Firewall Mode!\u003C\u002Fstrong> Protect any PHP file or standalone application within your WordPress directory (even if it’s not part of WordPress). Ideal for securing custom scripts, legacy applications, or folders like \u003Ccode>\u002Fscan\u002F\u003C\u002Fcode>. (Requires manual configuration).\u003Cbr \u002F>\n*   \u003Cstrong>Advanced Rules Engine!\u003C\u002Fstrong> Create powerful, custom security rules with multiple conditions (IP, Country, ASN, URI, User-Agent) and actions (Block, Challenge, or add Threat Score).\u003Cbr \u002F>\n*   \u003Cstrong>Known Bot Verification.\u003C\u002Fstrong> A powerful new security layer that uses reverse DNS lookups to verify legitimate crawlers like Googlebot and Bingbot. This completely neutralizes attackers who try to bypass security rules by faking their User-Agent, assigning high threat scores to impostors.\u003Cbr \u002F>\n*   \u003Cstrong>Onboarding Setup Wizard.\u003C\u002Fstrong> A brand new step-by-step wizard that guides new users through the essential security configurations (IP whitelisting, WAF, and bot traps) in under a minute, ensuring a strong security posture from day one.\u003Cbr \u002F>\n*   \u003Cstrong>Major Refactor: Codebase Modernization.\u003C\u002Fstrong> The entire plugin architecture has been refactored into a modern, modular structure. Logic for admin pages, AJAX, actions, and settings is now handled by dedicated classes, making the plugin more stable, performant, and easier to maintain and extend in the future.\u003Cbr \u002F>\n*   \u003Cstrong>Advanced IP Spoofing Protection.\u003C\u002Fstrong> A zero-trust “Trusted Proxies” system ensures the plugin always identifies the true visitor IP, even behind complex setups like Cloudflare or a custom reverse proxy. It neutralizes attacks that attempt to fake their IP, preventing block evasion and the framing of innocent users.\u003Cbr \u002F>\n*   \u003Cstrong>Geo-Challenge.\u003C\u002Fstrong> A smarter way to handle traffic from high-risk countries. Instead of a hard block, it presents a quick, invisible JavaScript challenge that stops bots but is seamless for human visitors. This reduces unwanted traffic without affecting potential legitimate users.\u003Cbr \u002F>\n*   \u003Cstrong>ENHANCEMENT: Full Bulk-Action Support.\u003C\u002Fstrong> IP management is now faster than ever. Both the Whitelist and the Blocked IPs list now support full bulk actions, allowing you to select and remove multiple entries at once, or unblock all IPs with a single click.\u003Cbr \u002F>\n*   \u003Cstrong>Endpoint Lockdown Mode:\u003C\u002Fstrong> Automatically shields \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>xmlrpc.php\u003C\u002Fcode> with a JavaScript challenge during sustained distributed attacks, preventing server overload.\u003Cbr \u002F>\n*   \u003Cstrong>Two-Factor Authentication (2FA):\u003C\u002Fstrong> Secure user accounts with industry-standard TOTP authentication, backup codes, role enforcement, and a central admin management dashboard.\u003Cbr \u002F>\n*   \u003Cstrong>IP Trust & Threat Scoring System:\u003C\u002Fstrong> An intelligent defense that assigns “threat points” to IPs for malicious actions, blocking them only when they reach a configurable score. More accurate and context-aware than simple rules.\u003Cbr \u002F>\n*   \u003Cstrong>Attack Signature Engine (Beta):\u003C\u002Fstrong> Proactively stops distributed botnet attacks by identifying and blocking the attacker’s “fingerprint” (signature) instead of just individual IPs.\u003Cbr \u002F>\n*   \u003Cstrong>Web Application Firewall (WAF):\u003C\u002Fstrong> Block malicious requests (SQLi, XSS, etc.) with a customizable ruleset.\u003Cbr \u002F>\n*   \u003Cstrong>And much more:\u003C\u002Fstrong> Rate Limiting, Country & ASN Blocking (with Spamhaus support), ASN Whitelisting, Push Notifications, Google reCAPTCHA, Honeypots, Active User Session Management, and Full WP-CLI Support.\u003C\u002Fp>\n","A complete WordPress security firewall: blocks IPs, bots & countries. Includes an intelligent WAF, Threat Scoring, Geo-Challenge, 2FA, and Anti-Sp …",1000,20374,94,15,"2026-03-15T09:30:00.000Z","6.7","8.1",[74,75,21,22,76],"country-block","firewall","waf","https:\u002F\u002Fadvaipbl.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-ip-blocker.8.9.2.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":68,"num_ratings":89,"last_updated":90,"tested_up_to":49,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":97,"download_link":98,"security_score":99,"vuln_count":100,"unpatched_count":13,"last_vuln_date":101,"fetched_at":57},"block-wp-login","Block wp-login","1.5.5","Oliver Campion","https:\u002F\u002Fprofiles.wordpress.org\u002Fdomainsupport\u002F","\u003Ch4>Block Access to wp-login.php\u003C\u002Fh4>\n\u003Cp>This plugin does the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Locates wp-login.php in your WordPress installation and duplicates it\u003C\u002Fli>\n\u003Cli>Locates .htaccess and inserts lines to block the default wp-login.php and creates a new secret address to use for legitimate login\u003C\u002Fli>\n\u003Cli>Will email the site admin if an administrator signs in with an un-recognised IP address\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>When installed your server will return “403 Forbidden“ when attempts are made to access the default wp-login.php file. This has two benefits; it prevents hackers from using brute force methods to hack your website and it reduces the load on the server when such brute force attacks are launched on your site as WordPress isn’t run at all.\u003C\u002Fp>\n\u003Cp>Please note, this plugin uses .htaccess so is only compatible with Apache web servers, it is not compatible with Nginx web servers.\u003C\u002Fp>\n","This plugin completely blocks access to wp-login.php and creates a new secret login URL",600,19911,9,"2025-12-04T12:47:00.000Z","3.5.0","5.6",[19,94,95,22,96],"login-security","secure","security-plugin","https:\u002F\u002Fwebd.uk\u002Fsupport\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-wp-login.1.5.5.zip",99,1,"2019-06-27 00:00:00",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":24,"num_ratings":112,"last_updated":113,"tested_up_to":49,"requires_at_least":114,"requires_php":14,"tags":115,"homepage":14,"download_link":119,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":57},"country-access-blocker","Country Access Blocker","1.6","Valeri Kluger","https:\u002F\u002Fprofiles.wordpress.org\u002Fvalerikluger\u002F","\u003Cp>Country Access Blocker lets you restrict or allow access to your WordPress site based on visitor countries.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\n* Block visitors from specific countries\u003Cbr \u002F>\n* Clean, GDPR-compliant country list\u003Cbr \u002F>\n* Easy admin interface to configure blocked countries\u003Cbr \u002F>\n* Enable or disable IP-based country blocking with one checkbox\u003Cbr \u002F>\n* No external dependencies or WooCommerce required\u003Cbr \u002F>\n* Uses ip-api.com free API for geolocation\u003C\u002Fp>\n\u003Cp>This plugin is ideal if you want to restrict access from certain countries or comply with geo-based regulations.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support or bug reports, please open an issue on the plugin’s GitHub repository or contact the author.\u003C\u002Fp>\n","Block or allow website visitors from specific countries based on IP geolocation.",500,1743,2,"2026-01-24T22:53:00.000Z","5.0",[116,20,117,118,21],"block-country","country-blocker","geo-blocking","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcountry-access-blocker.1.6.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":130,"num_ratings":112,"last_updated":131,"tested_up_to":49,"requires_at_least":114,"requires_php":51,"tags":132,"homepage":136,"download_link":137,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":57},"anti-fake-orders-ip-blocker","Anti Fake Orders & IP Blocker","1.0.1","Shohanur Rahman Shohan","https:\u002F\u002Fprofiles.wordpress.org\u002Fshohanur007\u002F","\u003Cp>Anti Fake Orders & IP Blocker helps WooCommerce store owners prevent fraudulent orders by monitoring checkout behaviour patterns and automatically blocking suspicious activities.\u003C\u002Fp>\n\u003Cp>Fake orders can waste your time, increase processing costs, and damage your business reputation. This plugin provides powerful tools to identify and block these threats before they impact your business.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fproshohan.com\u002Fanti-fake-orders-ip-blocker\u002F\" rel=\"nofollow ugc\">Live Demo\u003C\u002Fa> \u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fproshohan.com\u002F\" rel=\"nofollow ugc\">Need Help?\u003C\u002Fa>        \u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdevelopershohan\" rel=\"nofollow ugc\">About Author\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Smart IP Blocking System\u003C\u002Fstrong>: Block specific IP addresses manually or let the system automatically detect and block suspicious ones based on behaviour patterns\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Domain Filtering\u003C\u002Fstrong>: Block orders from disposable email services and known suspicious domains\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Account Security\u003C\u002Fstrong>: Block problematic users who repeatedly place fake orders\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bot Detection Technology\u003C\u002Fstrong>: Identify automated checkout attempts using timing analysis to detect inhuman checkout speeds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Intelligent Auto-Blocking\u003C\u002Fstrong>: Configure rules to automatically block IPs after multiple suspicious attempts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comprehensive Logging System\u003C\u002Fstrong>: Track all blocked attempts with detailed information for security analysis\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible Blocking Duration\u003C\u002Fstrong>: Set temporary blocks that automatically expire after your specified timeframe\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Real-World Applications\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Prevent Card Testing Fraud\u003C\u002Fstrong>: Stop criminals from testing stolen credit cards on your store\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reduce Chargeback Rates\u003C\u002Fstrong>: Block known fraudulent behaviour patterns before orders are placed\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Save Processing Time\u003C\u002Fstrong>: Eliminate hours wasted verifying and processing fake orders\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protect Inventory Management\u003C\u002Fstrong>: Prevent inventory allocation to orders that will never complete\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Checkout Process\u003C\u002Fstrong>: Maintain a smooth checkout for legitimate customers while blocking suspicious ones\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Technical Implementation\u003C\u002Fh3>\n\u003Cp>The plugin works behind the scenes during the WooCommerce checkout process:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>behaviour Analysis\u003C\u002Fstrong>: Monitors user interaction patterns during checkout\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Time-Based Detection\u003C\u002Fstrong>: Measures checkout completion time to identify automated bots\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database Verification\u003C\u002Fstrong>: Checks IPs and emails against your custom blocklists and known suspicious patterns\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Actions\u003C\u002Fstrong>: Choose between blocking, flagging for review, or logging suspicious activity\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Developer-Friendly\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Clean, well-documented code\u003C\u002Fli>\n\u003Cli>Hooks and filters for customization\u003C\u002Fli>\n\u003Cli>Performance-optimized with minimal impact on checkout speed\u003C\u002Fli>\n\u003Cli>Compatible with major WooCommerce extensions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage Instructions\u003C\u002Fh3>\n\u003Ch3>Basic Configuration\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>Set Detection Sensitivity\u003C\u002Fstrong>: Adjust the “Minimum Checkout Time” setting to determine how quickly a checkout can be completed before being flagged as suspicious.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Configure Blocking Rules\u003C\u002Fstrong>: Define how many suspicious attempts should trigger an automatic block.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Customize Block Message\u003C\u002Fstrong>: Set a custom message to display when a checkout is blocked.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Advanced Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>IP Whitelist\u003C\u002Fstrong>: Add trusted IP addresses that should never be blocked, useful for testing or for known legitimate customers who might trigger false positives.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Email Domain Filtering\u003C\u002Fstrong>: Block entire email domains known for fraudulent activity.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Temporary Blocking\u003C\u002Fstrong>: Set block durations to automatically expire after a set number of hours.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manual Review System\u003C\u002Fstrong>: Flag suspicious orders for review instead of blocking them outright.\u003C\u002Fp>\n\u003Ch3>Integration with Other Security Measures\u003C\u002Fh3>\n\u003Cp>This plugin works well alongside other security plugins like Wordfence or Sucuri to provide comprehensive store protection.\u003C\u002Fp>\n","Protect your WooCommerce store from fake orders by blocking suspicious IPs, emails, and detecting bot checkout activity.",400,1265,60,"2026-02-11T20:07:00.000Z",[133,134,21,22,135],"fake-order","fraud-prevention","woocommerce","https:\u002F\u002Fproshohan.com\u002Fanti-fake-orders-ip-blocker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fanti-fake-orders-ip-blocker.1.0.1.zip",{"attackSurface":139,"codeSignals":159,"taintFlows":201,"riskAssessment":227,"analyzedAt":236},{"hooks":140,"ajaxHandlers":155,"restRoutes":156,"shortcodes":157,"cronEvents":158,"entryPointCount":13,"unprotectedCount":13},[141,147,151],{"type":142,"name":143,"callback":144,"file":145,"line":146},"action","admin_init","ais_ipBlocker_register_settings","ip-blocker.php",17,{"type":142,"name":148,"callback":149,"file":145,"line":150},"admin_menu","ais_ipBlocker_admin_actions",161,{"type":142,"name":152,"callback":153,"file":145,"line":154},"init","ais_ipBlocker_init_function",163,[],[],[],[],{"dangerousFunctions":160,"sqlUsage":161,"outputEscaping":172,"fileOperations":13,"externalRequests":13,"nonceChecks":100,"capabilityChecks":100,"bundledLibraries":197},[],{"prepared":13,"raw":162,"locations":163},3,[164,167,169],{"file":145,"line":165,"context":166},67,"$wpdb->get_results() with variable interpolation",{"file":145,"line":168,"context":166},211,{"file":145,"line":170,"context":171},279,"$wpdb->query() with variable interpolation",{"escaped":30,"rawEcho":173,"locations":174},12,[175,178,180,181,183,185,187,189,191,193,194,195],{"file":145,"line":176,"context":177},87,"raw output",{"file":145,"line":179,"context":177},93,{"file":145,"line":99,"context":177},{"file":145,"line":182,"context":177},105,{"file":145,"line":184,"context":177},115,{"file":145,"line":186,"context":177},138,{"file":145,"line":188,"context":177},139,{"file":145,"line":190,"context":177},140,{"file":145,"line":192,"context":177},141,{"file":145,"line":192,"context":177},{"file":145,"line":192,"context":177},{"file":145,"line":196,"context":177},230,[198],{"name":199,"version":25,"knownCves":200},"DataTables",[],[202,219],{"entryPoint":203,"graph":204,"unsanitizedCount":13,"severity":218},"ais_ipBlocker_plugin_options (ip-blocker.php:22)",{"nodes":205,"edges":215},[206,210],{"id":207,"type":208,"label":209,"file":145,"line":184},"n0","source","$_SERVER['REQUEST_URI']",{"id":211,"type":212,"label":213,"file":145,"line":184,"wp_function":214},"n1","sink","echo() [XSS]","echo",[216],{"from":207,"to":211,"sanitized":217},true,"low",{"entryPoint":220,"graph":221,"unsanitizedCount":13,"severity":218},"\u003Cip-blocker> (ip-blocker.php:0)",{"nodes":222,"edges":225},[223,224],{"id":207,"type":208,"label":209,"file":145,"line":184},{"id":211,"type":212,"label":213,"file":145,"line":184,"wp_function":214},[226],{"from":207,"to":211,"sanitized":217},{"summary":228,"deductions":229},"The 'ais-ip-blocker' v2.2.0 plugin exhibits a generally good security posture based on the static analysis and vulnerability history provided. The lack of known CVEs and a clean vulnerability history suggest a commitment to security or a lack of exploitable flaws discovered to date. The plugin also demonstrates good practices by having no recorded external HTTP requests, file operations, or unescaped output in critical areas.  It's positive to see nonce and capability checks are present, indicating an attempt to secure certain functionalities.",[230,232,234],{"reason":231,"points":69},"Raw SQL queries without prepared statements",{"reason":233,"points":30},"Significant portion of output not properly escaped",{"reason":235,"points":162},"Bundled library (DataTables) may have unpatched vulnerabilities","2026-03-16T23:15:22.692Z",{"wat":238,"direct":253},{"assetPaths":239,"generatorPatterns":245,"scriptPaths":246,"versionParams":247},[240,241,242,243,244],"\u002Fwp-content\u002Fplugins\u002Fais-ip-blocker\u002Fcss\u002Fbootstrap.css","\u002Fwp-content\u002Fplugins\u002Fais-ip-blocker\u002Fcss\u002FipBlocker.css","\u002Fwp-content\u002Fplugins\u002Fais-ip-blocker\u002Fjs\u002Fjquery.dataTables.min.js","\u002Fwp-content\u002Fplugins\u002Fais-ip-blocker\u002Fjs\u002FdataTables.bootstrap4.min.js","\u002Fwp-content\u002Fplugins\u002Fais-ip-blocker\u002Fjs\u002Fip-blocker.js",[],[244,242,243],[248,249,250,251,252],"ais-ip-blocker\u002Fcss\u002Fbootstrap.css?ver=","ais-ip-blocker\u002Fcss\u002FipBlocker.css?ver=","ais-ip-blocker\u002Fjs\u002Fjquery.dataTables.min.js?ver=","ais-ip-blocker\u002Fjs\u002FdataTables.bootstrap4.min.js?ver=","ais-ip-blocker\u002Fjs\u002Fip-blocker.js?ver=",{"cssClasses":254,"htmlComments":255,"htmlAttributes":262,"restEndpoints":267,"jsGlobals":268,"shortcodeOutput":269},[4],[256,257,258,259,260,261],"\u003C!--Start of Block IP -->","\u003C!----- Start of include css -->","\u003C!----- End of include css -->","\u003C!----- Start of include scripts -->","\u003C!----- End of include scripts -->","\u003C!-- Invalid nonce. you can throw an error here. -->",[263,264,265,266],"name=\"ipBlockOptionName[user-hit-count]\"","name=\"ipBlockOptionName[time-in-min]\"","name=\"ipBlockOptionName[display-content]\"","name=\"ipBlockOptionName[notification-mail]\"",[],[],[270],"IP Blocker"]