[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0H--boy5mLdo8LpOnJDpuaOhK5ho-_geVxLKX4JiWCc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":35,"analysis":134,"fingerprints":429},"anti-browser-ddos-protection","Anti Browser DDoS Protection","2.26","sourcecode347","https:\u002F\u002Fprofiles.wordpress.org\u002Fsourcecode347\u002F","\u003Cp>The \u003Cstrong>Anti Browser DDoS Protection\u003C\u002Fstrong> plugin provides robust protection against denial-of-service (DoS) attacks on your WordPress site. It implements IP-based rate limiting, with configurable settings for subscribers, non-logged-in users, and verified bots, while excluding administrators and other non-subscriber roles. It features advanced bot detection to identify and limit suspicious bots, immediate blocking of malicious bots by User Agent, and supports Cloudflare for accurate client IP detection. Static assets (e.g., CSS, JS, images) are excluded to maintain site performance. An intuitive admin panel allows you to configure rate limits, bot exclusions, trusted bot IP ranges (with automatic duplicate removal), blocked bots by User Agent, log expiration settings, and view logs for blocked IPs, banned IPs, and high traffic bots with auto-refresh every 30 seconds, all with User Agent details and timestamps. You can export \u003Cstrong>Excluded Bots\u003C\u002Fstrong>, \u003Cstrong>Bot IP Ranges\u003C\u002Fstrong>, and \u003Cstrong>Blocked Bots\u003C\u002Fstrong> lists to .txt files and import new entries to append to existing lists without duplicates. Daily bar charts for Blocked IPs, Banned IPs, and High Traffic Bots are displayed above the logs for quick visual insights.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Rate limiting based on IP for subscribers and non-logged-in users, with configurable maximum requests and time window.\u003C\u002Fli>\n\u003Cli>Excludes non-subscriber logged-in users (e.g., administrators, editors) from rate limiting.\u003C\u002Fli>\n\u003Cli>Advanced bot detection to identify suspicious bots (bots using trusted User Agents but from unverified IPs).\u003C\u002Fli>\n\u003Cli>Suspicious bots are subject to the same rate limiting as regular users and logged with User Agent in the Blocked IPs Log.\u003C\u002Fli>\n\u003Cli>Immediate blocking of malicious bots by User Agent (e.g., MJ12bot, SemrushBot, DotBot by default) with customizable settings and logging.\u003C\u002Fli>\n\u003Cli>Configurable rate limiting for verified excluded bots (default: 100 requests per minute), with logging for bots exceeding this limit.\u003C\u002Fli>\n\u003Cli>High Traffic Excluded Bots Log to track verified bots with excessive requests, including IP, User Agent, and timestamp.\u003C\u002Fli>\n\u003Cli>Admin panel to configure maximum requests, time window, excluded bots, trusted bot IP ranges, blocked bots (User Agents), blocks before ban, ban duration, high traffic bot limits, and log expiration (days).\u003C\u002Fli>\n\u003Cli>Export \u003Cstrong>Excluded Bots\u003C\u002Fstrong>, \u003Cstrong>Bot IP Ranges\u003C\u002Fstrong>, and \u003Cstrong>Blocked Bots\u003C\u002Fstrong> lists to .txt files for backup or transfer.\u003C\u002Fli>\n\u003Cli>Import .txt files for \u003Cstrong>Excluded Bots\u003C\u002Fstrong>, \u003Cstrong>Bot IP Ranges\u003C\u002Fstrong>, and \u003Cstrong>Blocked Bots\u003C\u002Fstrong> to append new entries to existing lists, with automatic duplicate removal.\u003C\u002Fli>\n\u003Cli>Automatic removal of duplicate IP ranges in the \u003Cstrong>Bot IP Ranges\u003C\u002Fstrong> field on save, keeping the first occurrence.\u003C\u002Fli>\n\u003Cli>Support for Cloudflare real IP detection using \u003Ccode>CF-Connecting-IP\u003C\u002Fcode> and \u003Ccode>X-Forwarded-For\u003C\u002Fcode> headers.\u003C\u002Fli>\n\u003Cli>Excludes static assets (CSS, JS, images, fonts, etc.) from rate limiting to optimize performance.\u003C\u002Fli>\n\u003Cli>Logs blocked IPs, banned IPs, and high traffic bots with IP, User Agent, and timestamps using the WordPress timezone, viewable in the admin panel with options to clear logs and auto-refresh every 30 seconds.\u003C\u002Fli>\n\u003Cli>Daily bar charts for Blocked IPs, Banned IPs, and High Traffic Bots displayed above the logs in the admin panel for visual statistics.\u003C\u002Fli>\n\u003Cli>Automatic log expiration (Blocked IPs, Banned IPs, High Traffic Bots) after a configurable number of days (default: 5 days), with hourly cleanup via WordPress Scheduler.\u003C\u002Fli>\n\u003Cli>All error messages and logs prefixed with “Anti Browser DDoS Protection: ” for clarity.\u003C\u002Fli>\n\u003Cli>Donate link in the admin panel to support the project.\u003C\u002Fli>\n\u003Cli>Automatic cleanup of transients, blocked IPs, banned IPs, high traffic bots, blocked bots, bot IP ranges, and log expiration settings on plugin deactivation to prevent database bloat.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Ideal for WordPress sites seeking enhanced security against automated attacks, with seamless integration for Cloudflare users, advanced bot management, efficient log management, visual charts for statistics, and easy export\u002Fimport for bot lists.\u003C\u002Fp>\n\u003Ch3>Plugin Assets img\u002F\u003C\u002Fh3>\n\u003Ch3>Icon Image\u003C\u002Fh3>\n\u003Cp>Normal: icon-128×128.png\u003Cbr \u002F>\nHigh-DPI (Retina): icon-256×256.png\u003C\u002Fp>\n\u003Ch3>Bugs\u003C\u002Fh3>\n\u003Cp>Caching plugins such as WP Super Cache, W3 Total Cache, and others may bypass the DDoS protection provided by Anti Browser DDoS Protection, serving cached pages without triggering the plugin’s checks for blocked bots, rate limiting, or banned IPs.\u003Cbr \u002F>\n– \u003Cstrong>Solution\u003C\u002Fstrong>: Disable all WordPress caching plugins to ensure full DDoS protection. Instead, enable Browser Caching using a service like Cloudflare to improve performance without compromising security.\u003Cbr \u002F>\n   Enable standard type Caching and Configure Cloudflare Browser Cache TTL (e.g., 8 days) via \u003Cstrong>Caching > Configuration\u003C\u002Fstrong> in the Cloudflare dashboard.- \u003Cstrong>Cloudflare Compatibility\u003C\u002Fstrong>: Ensure Cloudflare is configured to pass \u003Ccode>CF-Connecting-IP\u003C\u002Fcode> headers for accurate IP detection. Check your Cloudflare dashboard if logged IPs are incorrect.\u003Cbr \u002F>\n– \u003Cstrong>Bot IP Ranges\u003C\u002Fstrong>: Update the \u003Cstrong>Bot IP Ranges\u003C\u002Fstrong> field every 6 months (next update: March 2026) using official sources (e.g., Google, Bing, Yandex documentation). Duplicate ranges are automatically removed on save. Export to .txt for backup or import from .txt to append new ranges.\u003Cbr \u002F>\n– \u003Cstrong>Blocked Bots\u003C\u002Fstrong>: Add malicious bots to the \u003Cstrong>Blocked Bots (User Agents)\u003C\u002Fstrong> field (e.g., MJ12bot, SemrushBot, DotBot) to block them immediately. Blocked bots are logged with their IP and User Agent. Export to .txt for backup or import from .txt to append new entries.\u003Cbr \u002F>\n– \u003Cstrong>Excluded Bots\u003C\u002Fstrong>: Add trusted bots (e.g., Googlebot, Bingbot) to the \u003Cstrong>Excluded Bots\u003C\u002Fstrong> field to exempt them from regular rate limiting (if from verified IPs). Export to .txt for backup or import from .txt to append new entries.\u003Cbr \u002F>\n– \u003Cstrong>High Traffic Bots\u003C\u002Fstrong>: Verified bots exceeding the configured limit (default: 100 requests per minute) are logged for monitoring but not blocked. Check the High Traffic Excluded Bots Log regularly.\u003Cbr \u002F>\n– \u003Cstrong>Log Expiration\u003C\u002Fstrong>: Set the \u003Cstrong>Log Expires (Days)\u003C\u002Fstrong> setting to control how long logs are retained (default: 5 days). Cleanup runs hourly via WordPress Scheduler. Logs older than the specified days are automatically deleted.\u003Cbr \u002F>\n– \u003Cstrong>Timezone\u003C\u002Fstrong>: Set the WordPress timezone correctly (e.g., \u003Ccode>Europe\u002FAthens\u003C\u002Fcode> for Greece) in Settings > General > Timezone to ensure accurate timestamp display in logs and charts.\u003Cbr \u002F>\n– \u003Cstrong>Performance\u003C\u002Fstrong>: For high-traffic sites, clear the Blocked IPs Log, Banned IPs Log, and High Traffic Excluded Bots Log regularly, or set a lower \u003Cstrong>Log Expires (Days)\u003C\u002Fstrong> value to prevent database growth.\u003Cbr \u002F>\n– \u003Cstrong>Customization\u003C\u002Fstrong>: Contact the author for additional features like custom error pages, email notifications for high traffic bots, or advanced logging.\u003Cbr \u002F>\n– \u003Cstrong>Support the Project\u003C\u002Fstrong>: If you find this plugin useful, consider supporting its development via the \u003Ca href=\"https:\u002F\u002Fbuy.stripe.com\u002FbIY5o70SSfam8Qo7ss\" rel=\"nofollow ugc\">donation link\u003C\u002Fa> in the admin panel or plugin page.\u003C\u002Fp>\n","Protects WordPress from DDoS with rate limiting, bot detection, blocking, Cloudflare support, logs, charts, and bot list export\u002Fimport.",60,422,100,1,"2025-09-19T04:53:00.000Z","6.8.5","5.0","8.3",[20,21,22,23,24],"bot-blocking","ddos-protection","ip-blocking","rate-limiting","security","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fanti-browser-ddos-protection.2.26.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":13,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},30,94,"2026-04-04T12:26:36.251Z",[36,51,73,97,115],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":27,"downloaded":44,"rating":27,"num_ratings":27,"last_updated":45,"tested_up_to":46,"requires_at_least":17,"requires_php":25,"tags":47,"homepage":48,"download_link":49,"security_score":50,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"your-web-shield","Your Web Shield","1.3.1","peterswe","https:\u002F\u002Fprofiles.wordpress.org\u002Fpeterswe\u002F","\u003Cp>Your Web Shield blocks high-risk IPs and limits request rates, providing enhanced security for your site.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin relies on the external service “Your Web Shield API” to check IP addresses for risk scoring.\u003Cbr \u002F>\nAPI Documentation: https:\u002F\u002Fwww.postman.com\u002Fywspeter\u002Fyour-web-shield\u002Frequest\u002Fuvtu6ua\u002Fip-details\u003Cbr \u002F>\nTerms of Service: https:\u002F\u002Fwww.yourwebshield.co.uk\u002Fterms\u003Cbr \u002F>\nPrivacy Policy: https:\u002F\u002Fwww.yourwebshield.co.uk\u002Fprivacy\u003C\u002Fp>\n","Your Web Shield blocks high-risk IPs and limits request rates, providing enhanced security for your site.",1137,"2024-12-30T17:37:00.000Z","6.7.5",[22,23,24],"https:\u002F\u002Fyourwebshield.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyour-web-shield.1.3.1.zip",92,{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":13,"num_ratings":61,"last_updated":62,"tested_up_to":63,"requires_at_least":17,"requires_php":64,"tags":65,"homepage":69,"download_link":70,"security_score":71,"vuln_count":14,"unpatched_count":27,"last_vuln_date":72,"fetched_at":29},"advanced-country-blocker","Advanced Country Blocker","2.3.2","brstefanovic","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrstefanovic\u002F","\u003Cp>\u003Cstrong>Advanced Country Blocker\u003C\u002Fstrong> helps you secure your WordPress site by restricting access based on the visitor’s geolocation (country) or IP address. Upon activation, the plugin detects the activating admin’s country and automatically sets that as the only allowed country. All other visitors from different countries are blocked, unless they use a secret key parameter to temporarily whitelist their IP. Country detection uses the privacy-friendly ip-api.com service by default but can be switched to a fully offline MaxMind GeoLite2 (or compatible) database file once you configure a local copy.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automatically allows the admin’s country\u003C\u002Fstrong> on plugin activation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible IP-to-country lookups\u003C\u002Fstrong> – start with the built-in ip-api.com integration and optionally switch to an offline MaxMind GeoLite2 Country (or compatible) \u003Ccode>.mmdb\u003C\u002Fcode> database file.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Allowlist or blacklist mode\u003C\u002Fstrong> – choose whether the country list acts as an allowlist or blocklist without re-entering countries.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Temporary access\u003C\u002Fstrong> via a customizable secret URL parameter (e.g., \u003Ccode>?MySecretKey=1\u003C\u002Fcode>).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CAPTCHA Challenge\u003C\u002Fstrong> – allow blocked visitors to solve a CAPTCHA to gain temporary access (supports Google reCAPTCHA v2\u002Fv3, hCaptcha, Cloudflare Turnstile).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time Activity Monitor\u003C\u002Fstrong> – live dashboard showing active visitors, recent blocks, and traffic statistics.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics Dashboard\u003C\u002Fstrong> – comprehensive charts and statistics about blocked attempts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Manual blacklisting and safelisting of IPs\u003C\u002Fstrong> for added security and to accommodate uptime monitors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optional email alerts\u003C\u002Fstrong> when new visitors are blocked.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin bypass\u003C\u002Fstrong> so logged-in admins can always access the site (toggleable in the code).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed logging\u003C\u002Fstrong> of blocked attempts in a custom database table, displayed in the WP admin.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom response controls\u003C\u002Fstrong> – personalise the block page title\u002Fmessage, choose the HTTP status (403, 410, 451) or redirect to any URL.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic log cleanup\u003C\u002Fstrong> with configurable retention plus a one-click “Clear Logs” button.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Use the plugin settings page (\u003Cstrong>Country Blocker\u003C\u002Fstrong> menu in WP admin) to configure the list of allowed countries, blacklisted countries, blacklisted IPs, and whether email alerts are enabled.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is open-sourced software licensed under the \u003Ca href=\"https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-3.0.html\" rel=\"nofollow ugc\">GPLv3 or later\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>By default this plugin contacts the ip-api.com geolocation service to detect visitor countries. You can disable all external lookups by switching the IP lookup method to the local MaxMind database in the settings.\u003C\u002Fp>\n","An advanced security plugin that blocks website visitors by country, with additional features like blacklisting, logging blocked attempts, admin bypas &hellip;",2000,11570,6,"2026-02-06T09:04:00.000Z","6.9.4","7.2",[66,67,68,22,24],"blocking","country","geolocation","https:\u002F\u002Fsparkcan.com\u002Facb.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-country-blocker.2.3.2.zip",99,"2026-02-06 20:24:09",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":83,"num_ratings":84,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":88,"tags":89,"homepage":93,"download_link":94,"security_score":95,"vuln_count":14,"unpatched_count":14,"last_vuln_date":96,"fetched_at":29},"wgpwpp","WEDOS Global (CDN Cache & Security)","1.2.2","wedos.com","https:\u002F\u002Fprofiles.wordpress.org\u002Fwedos\u002F","\u003Cp>Our WordPress plugin has a full site caching feature, a CDN Cache feature, and optional settings for the sending of security reports. Furthermore, it serves as a tool for easy activation of the WEDOS Global Protection service.\u003C\u002Fp>\n\u003Ch3>WEDOS Global (CDN Cache & Security)\u003C\u002Fh3>\n\u003Ch3>Local WordPress Cache\u003C\u002Fh3>\n\u003Cp>The WEDOS Local WordPress Cache stores your WordPress pages and content as static files which it later serves to your website visitors, thus saving the load on the web server, while also simultaneously reducing the website loading times. Utilise the local caching feature, which can be activated without any registration, and always stay close to your local WordPress website visitors.\u003C\u002Fp>\n\u003Ch3>Security Reports\u003C\u002Fh3>\n\u003Cp>Have security reports sent to you, and get information about cyberattacks and threats, as well as tips for improving your website. You can customise the reports according to your needs. You can also get useful news, tips, and recommendations for improving the overall health of your website.\u003C\u002Fp>\n\u003Ch3>Global WordPress Cache\u003C\u002Fh3>\n\u003Cp>The WEDOS Global CDN will ensure a significant increase of your WordPress loading speed, and better overall server response all around the world. This will result in improved user experience (UX), higher rankings in search results, more orders, or leads, and returning customers. Maximalising the performance of your website can help to improve its conversion rate even by up to a few percent!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>How does the Global WordPress Cache speed up your website?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Static web pages and their parts will be stored on our servers all over the world, always as close to your visitors as possible. Our global server infrastructure currently entails 120 data centres, covering all continents (except Antarctica).\u003C\u002Fli>\n\u003Cli>Thanks to the Anycast DNS technology, all DNS requests will be served from the nearest point to the request, which encompasses all types of requests, not only for the website, but also e.g. the mail server, FTP, etc.\u003C\u002Fli>\n\u003Cli>By filtering out harmful traffic, and blocking hazardous cyberattacks, our global network also provides website protection. Harmful traffic makes up up to 60% of a regular WordPress website, and bots searching for vulnerabilities are usually the reason of website slowdowns, or outages even.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The WEDOS Global (CDN Cache & Security) plugin connects your website with the WEDOS Global infrastructure, providing not only high-performance protection against a vast variety of cyberattacks, but also website speed optimisation. The infrastructure is built on thousands of physical servers, strategically placed in dozens of locations worldwide with the overall connectivity of 3,000 Gbps, ensuring not only enhanced security, and stability of your website, but also ultra-fast loading times.\u003C\u002Fp>\n\u003Ch3>Cloud WAF\u003C\u002Fh3>\n\u003Cp>By filtering traffic, and blocking harmful cyberattacks on the cloud servers, our cloud WAF (Web Application Firewall) provides protection for your WordPress websites without putting any extra load on your local resources. The protection is ensured by the use of advanced security technologies, continuous monitoring of all traffic, and data analysis of hundreds of thousands of websites.\u003C\u002Fp>\n\u003Cp>The WEDOS Cloud WAF protects your website against attempts at cracking passwords or finding vulnerabilities because it can safely distinguish whether there is an attack attempt taking place, and  in that case, put those requests through a test, which can be solved by the browser for the real users, meanwhile denying access to harmful bots.\u003C\u002Fp>\n\u003Cp>Situated on our own servers, our WAF works outside your WordPress (hosting service), so it does not put any extra load on your web server. This means that all traffic coming to your website is scanned by our WAF, even before it reaches your website. This level of protection entails blocking harmful website visits (from harmful bots), and attacks, like e.g. attempts at system breakthroughs, or hazardous scripts, without affecting the real users, or search engine bots coming to your website.\u003C\u002Fp>\n\u003Ch3>What is in it for you?\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Thousands of servers, global coverage, CDN Cache:\u003C\u002Fstrong> Utilise our worldwide infrastructure which distributes the load on servers, and reduces website loading times, regardless of the current location of your website visitors. Our servers will serve as a global CDN Cache for your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Improving your website’s overall SEO score and user experience (UX):\u003C\u002Fstrong> A fast, high-performance infrastructure positively impacts your website’s SEO score, its rankings in search results, and improves the overall user experience for your visitors. Thanks to direct connections with local internet exchange points (IXPs), your data is always as close to your visitors as possible. We have a direct connection set up with most of our most significant connectivity providers.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Anycast DNS:\u003C\u002Fstrong> Your WordPress will promptly answer website requests, from the first request for the  domain (DNS) to repeated answers, where we will serve static content directly from our servers at the location of your website visitors.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Instant access to recent technologies:\u003C\u002Fstrong> Using our plugin, your website will automatically gain access to the most recent internet technologies, and security standards, like e.g. IPv6 and HTTP\u002F3 support, even if your current hosting provider does not support those new technological advances.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Stability and support:\u003C\u002Fstrong> Our cybersecurity specialists, and our technical and customer support are there for you 24 hours a day, 7 days a week, to ensure incident-free operation, and non-stop protection for your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy and data protection:\u003C\u002Fstrong> Your data safety is a number one priority for us. Our plugin is designed to protect your data and privacy, in accordance with the most recent standards, and adheres to all EU requirements concerning GDPR. The WEDOS company is also a proud ISO certifications owner, and holds the ISO 9001 (Quality Management System), ISO 27001 (Information Security Management System), ISO 27017 (Code of practice for information security controls for cloud services), and ISO 27018 (Code of practice for protection of personally identifiable information in public clouds acting as PII processors) which ensure the quality of our services, and their reliability, guaranteed by an independent certification authority.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Become a part of a global network:\u003C\u002Fstrong> By installing the WEDOS Global (CDN Cache & Security) plugin, you increase the performance, and security of your website, as well as connect with an innovative global network that continuously challenges the limits of utter possibilities of the digital world.\u003C\u002Fp>\n\u003Ch3>Links to Documentation and Other Sources\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.wedos.com\u002Fprotection\u002F\" rel=\"nofollow ugc\">WEDOS Global\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fkb.wedos.com\u002Fen\u002Fkategorie\u002Fwedos-global-en\u002F\" rel=\"nofollow ugc\">Knowledge Base\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhelp.wedos.com\" rel=\"nofollow ugc\">Community Help\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Our WordPress plugin has a full site caching feature, a CDN Cache feature, and optional settings for the sending of security reports.",900,12754,76,4,"2024-07-26T05:55:00.000Z","6.6.5","5.6","7.4",[90,21,91,24,92],"cdn","performance","waf","https:\u002F\u002Fwww.wedos.com\u002Fprotection\u002F#wgp-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwgpwpp.1.2.2.zip",70,"2025-09-26 00:00:00",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":13,"num_ratings":107,"last_updated":108,"tested_up_to":63,"requires_at_least":17,"requires_php":64,"tags":109,"homepage":113,"download_link":114,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"workflowdone-geo-blocker","WorkflowDone Geo Blocker","1.0.4","workflowdone","https:\u002F\u002Fprofiles.wordpress.org\u002Fworkflowdone\u002F","\u003Cp>\u003Cstrong>WorkflowDone Geo Blocker\u003C\u002Fstrong> is a simple yet powerful WordPress plugin that allows you to block access to your website based on visitors’ geographical locations. Perfect for compliance, content licensing, or security purposes.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Country Blocking\u003C\u002Fstrong> – Block visitors from specific countries\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Whitelisting\u003C\u002Fstrong> – Allow specific IP addresses regardless of country\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO-Friendly\u003C\u002Fstrong> – Automatically allows major search engine crawlers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Block Page\u003C\u002Fstrong> – Customize the message shown to blocked visitors\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Caching\u003C\u002Fstrong> – Efficient caching to minimize geo-lookup requests\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Setup\u003C\u002Fstrong> – Simple configuration with no technical knowledge required\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Select which countries you want to block\u003C\u002Fli>\n\u003Cli>Optionally add IP addresses that should always be allowed\u003C\u002Fli>\n\u003Cli>Enable geo-blocking\u003C\u002Fli>\n\u003Cli>Visitors from blocked countries see a friendly block page\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Become a Supporter\u003C\u002Fh4>\n\u003Cp>Love this plugin? Become a supporter and unlock all features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Whitelist Mode\u003C\u002Fstrong> – Allow only specific countries instead of blocking\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Bypass\u003C\u002Fstrong> – Skip geo-blocking for logged-in administrators\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Access Logging\u003C\u002Fstrong> – Log blocked access attempts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Ranges (CIDR)\u003C\u002Fstrong> – Whitelist entire IP ranges\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Block Pages\u003C\u002Fstrong> – Create custom HTML pages or redirects\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Support Email\u003C\u002Fstrong> – Display contact email on block page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>URL Exclusions\u003C\u002Fstrong> – Skip blocking for specific URLs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Crawler Rules\u003C\u002Fstrong> – Add your own crawler patterns\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority Support\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>One-time payment of $10, lifetime access!\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fworkflowdone.com\u002Fproduct\u002Fadvanced-geo-blocker-pro\u002F\" rel=\"nofollow ugc\">Become a Supporter\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>This plugin uses third-party geo-location services to determine visitor countries:\u003Cbr \u002F>\n* ip-api.com – \u003Ca href=\"https:\u002F\u002Fip-api.com\u002Fdocs\u002Flegal\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003Cbr \u002F>\n* ipinfo.io – \u003Ca href=\"https:\u002F\u002Fipinfo.io\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Only IP addresses are sent to these services to determine the country. No other personal data is transmitted.\u003C\u002Fp>\n\u003Cp>The plugin caches geo-location results locally to minimize external requests.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, please contact: support@workflowdone.com\u003C\u002Fp>\n\u003Cp>Website: \u003Ca href=\"https:\u002F\u002Fworkflowdone.com\" rel=\"nofollow ugc\">workflowdone.com\u003C\u002Fa>\u003C\u002Fp>\n","Block website access based on visitor's geographical location. Simple and effective geo-blocking for WordPress.",40,641,3,"2026-02-12T17:52:00.000Z",[110,111,112,22,24],"country-blocking","geo-restriction","geoblocking","https:\u002F\u002Fworkflowdone.com\u002Fgeo-blocker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fworkflowdone-geo-blocker.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":27,"num_ratings":27,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":88,"tags":128,"homepage":132,"download_link":133,"security_score":50,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"nohackme-defender","NoHackMe Defender","1.1.0","Roman","https:\u002F\u002Fprofiles.wordpress.org\u002Fneedtome\u002F","\u003Cp>The NoHackMe Defender plugin ensures the security of your WordPress site by blocking IP addresses when receiving suspicious requests, or when too many requests are received from a single IP over a certain period. The plugin offers comprehensive protection mechanisms including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Hacking protection: Blocks IP addresses that send suspicious data.\u003C\u002Fli>\n\u003Cli>Parsing protection: Prevents malicious parsing attempts on your website.\u003C\u002Fli>\n\u003Cli>DoS protection: Stops denial-of-service attacks by limiting excessive requests.\u003C\u002Fli>\n\u003Cli>Password brute force protection: Prevents repeated login attempts to guess passwords.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Explore our instructional videos to see the NoHackMe Defender plugin in action and learn how to configure settings and manage blocked IP addresses efficiently:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyoutu.be\u002Fl6LFvNn7RE8\" rel=\"nofollow ugc\">Protect Your WordPress Site for Free – Installing and Configuring NoHackMe Defender Plugin\u003C\u002Fa>: A thorough guide on activating and configuring the NoHackMe Defender plugin, including its free version features.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FDqTvUfLmmGQ\" rel=\"nofollow ugc\">How to Protect Your Site from Hackers, Parsing, and DoS – Testing WordPress Plugin NoHackMe Defender\u003C\u002Fa>: Demonstrates the plugin’s effectiveness in blocking suspicious requests and securing your site.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyoutu.be\u002F35G8wi02-70\" rel=\"nofollow ugc\">Premium Protection for WordPress Sites – A Breakdown of the Paid Features of NoHackMe Defender Plugin\u003C\u002Fa>: Explores the advanced features available in the premium version of the plugin.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>For more information and a live demonstration, visit our \u003Ca href=\"https:\u002F\u002Fneedtome.com\u002Fnohackme\u002F\" rel=\"nofollow ugc\">Plugin Demo Page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Special thanks to our sponsors for supporting the development of this plugin:\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fmalinovsky.io\" rel=\"nofollow ugc\">malinovsky.io\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fgloap.net\" rel=\"nofollow ugc\">gloap.net\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fgloapm.com\" rel=\"nofollow ugc\">gloapm.com\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fimgai.art\" rel=\"nofollow ugc\">imgai.art\u003C\u002Fa>\u003C\u002Fp>\n","Enhance your WordPress security by blocking IPs that send too many or suspicious requests.",20,1028,"2024-06-26T04:39:00.000Z","6.5.8","6.0",[129,130,22,131,24],"anti-hack","firewall","protection","https:\u002F\u002Fneedtome.com\u002Fnohackme\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnohackme-defender.1.1.0.zip",{"attackSurface":135,"codeSignals":211,"taintFlows":315,"riskAssessment":422,"analyzedAt":428},{"hooks":136,"ajaxHandlers":183,"restRoutes":189,"shortcodes":207,"cronEvents":208,"entryPointCount":84,"unprotectedCount":27},[137,143,147,151,155,159,163,167,171,175,179],{"type":138,"name":139,"callback":140,"file":141,"line":142},"action","admin_menu","abdp_admin_menu","anti-browser-ddos-protection.php",159,{"type":138,"name":144,"callback":145,"file":141,"line":146},"admin_notices","abdp_admin_notice",175,{"type":138,"name":148,"callback":149,"file":141,"line":150},"init","closure",240,{"type":138,"name":152,"callback":153,"file":141,"line":154},"abdp_cleanup_logs_event","abdp_cleanup_expired_logs",247,{"type":138,"name":156,"callback":157,"file":141,"line":158},"admin_enqueue_scripts","abdp_enqueue_scripts",259,{"type":138,"name":160,"callback":161,"file":141,"line":162},"admin_post_abdp_export_excluded_bots","abdp_export_excluded_bots",284,{"type":138,"name":164,"callback":165,"file":141,"line":166},"admin_post_abdp_export_bot_ip_ranges","abdp_export_bot_ip_ranges",297,{"type":138,"name":168,"callback":169,"file":141,"line":170},"admin_post_abdp_export_blocked_bots","abdp_export_blocked_bots",310,{"type":138,"name":172,"callback":173,"file":141,"line":174},"rest_api_init","abdp_register_rest_endpoints",659,{"type":138,"name":176,"callback":177,"file":141,"line":178},"admin_init","abdp_register_settings",724,{"type":138,"name":180,"callback":181,"priority":14,"file":141,"line":182},"wp_loaded","abdp_rate_limit",814,[184],{"action":185,"nopriv":186,"callback":185,"hasNonce":186,"hasCapCheck":187,"file":141,"line":188},"abdp_refresh_nonce",false,true,250,[190,197,202],{"namespace":191,"route":192,"methods":193,"callback":195,"permissionCallback":149,"file":141,"line":196},"abdp\u002Fv1","\u002Fblocked-ips",[194],"GET","abdp_get_blocked_ips",661,{"namespace":191,"route":198,"methods":199,"callback":200,"permissionCallback":149,"file":141,"line":201},"\u002Fbanned-ips",[194],"abdp_get_banned_ips",669,{"namespace":191,"route":203,"methods":204,"callback":205,"permissionCallback":149,"file":141,"line":206},"\u002Fhigh-traffic-bots",[194],"abdp_get_high_traffic_bots",677,[],[209],{"hook":152,"callback":152,"file":141,"line":210},225,{"dangerousFunctions":212,"sqlUsage":213,"outputEscaping":215,"fileOperations":107,"externalRequests":27,"nonceChecks":312,"capabilityChecks":313,"bundledLibraries":314},[],{"prepared":27,"raw":27,"locations":214},[],{"escaped":216,"rawEcho":217,"locations":218},124,46,[219,222,224,226,228,230,232,234,236,238,240,242,244,246,248,250,252,254,256,258,260,262,264,266,268,270,272,274,276,278,280,282,284,286,288,290,292,294,296,298,300,302,304,306,308,310],{"file":141,"line":220,"context":221},376,"raw output",{"file":141,"line":223,"context":221},382,{"file":141,"line":225,"context":221},388,{"file":141,"line":227,"context":221},394,{"file":141,"line":229,"context":221},473,{"file":141,"line":231,"context":221},478,{"file":141,"line":233,"context":221},481,{"file":141,"line":235,"context":221},485,{"file":141,"line":237,"context":221},488,{"file":141,"line":239,"context":221},492,{"file":141,"line":241,"context":221},495,{"file":141,"line":243,"context":221},499,{"file":141,"line":245,"context":221},502,{"file":141,"line":247,"context":221},506,{"file":141,"line":249,"context":221},509,{"file":141,"line":251,"context":221},513,{"file":141,"line":253,"context":221},516,{"file":141,"line":255,"context":221},520,{"file":141,"line":257,"context":221},523,{"file":141,"line":259,"context":221},524,{"file":141,"line":261,"context":221},525,{"file":141,"line":263,"context":221},529,{"file":141,"line":265,"context":221},532,{"file":141,"line":267,"context":221},533,{"file":141,"line":269,"context":221},534,{"file":141,"line":271,"context":221},538,{"file":141,"line":273,"context":221},541,{"file":141,"line":275,"context":221},542,{"file":141,"line":277,"context":221},543,{"file":141,"line":279,"context":221},550,{"file":141,"line":281,"context":221},563,{"file":141,"line":283,"context":221},568,{"file":141,"line":285,"context":221},569,{"file":141,"line":287,"context":221},570,{"file":141,"line":289,"context":221},590,{"file":141,"line":291,"context":221},593,{"file":141,"line":293,"context":221},598,{"file":141,"line":295,"context":221},599,{"file":141,"line":297,"context":221},600,{"file":141,"line":299,"context":221},601,{"file":141,"line":301,"context":221},622,{"file":141,"line":303,"context":221},625,{"file":141,"line":305,"context":221},630,{"file":141,"line":307,"context":221},631,{"file":141,"line":309,"context":221},632,{"file":141,"line":311,"context":221},652,7,10,[],[316,390],{"entryPoint":317,"graph":318,"unsanitizedCount":27,"severity":389},"abdp_settings_page (anti-browser-ddos-protection.php:324)",{"nodes":319,"edges":379},[320,325,330,334,336,340,342,346,348,352,355,359,361,365,367,371,373,377],{"id":321,"type":322,"label":323,"file":141,"line":324},"n0","source","$_POST['abdp_max_requests']",367,{"id":326,"type":327,"label":328,"file":141,"line":324,"wp_function":329},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":331,"type":322,"label":332,"file":141,"line":333},"n2","$_POST['abdp_time_window']",368,{"id":335,"type":327,"label":328,"file":141,"line":333,"wp_function":329},"n3",{"id":337,"type":322,"label":338,"file":141,"line":339},"n4","$_POST['abdp_excluded_bots']",369,{"id":341,"type":327,"label":328,"file":141,"line":339,"wp_function":329},"n5",{"id":343,"type":322,"label":344,"file":141,"line":345},"n6","$_POST['abdp_blocked_bots']",370,{"id":347,"type":327,"label":328,"file":141,"line":345,"wp_function":329},"n7",{"id":349,"type":322,"label":350,"file":141,"line":351},"n8","$_POST",360,{"id":353,"type":327,"label":328,"file":141,"line":354,"wp_function":329},"n9",371,{"id":356,"type":322,"label":357,"file":141,"line":358},"n10","$_POST['abdp_ban_threshold']",372,{"id":360,"type":327,"label":328,"file":141,"line":358,"wp_function":329},"n11",{"id":362,"type":322,"label":363,"file":141,"line":364},"n12","$_POST['abdp_ban_duration']",373,{"id":366,"type":327,"label":328,"file":141,"line":364,"wp_function":329},"n13",{"id":368,"type":322,"label":369,"file":141,"line":370},"n14","$_POST['abdp_bot_max_requests']",374,{"id":372,"type":327,"label":328,"file":141,"line":370,"wp_function":329},"n15",{"id":374,"type":322,"label":375,"file":141,"line":376},"n16","$_POST['abdp_log_expires_days']",375,{"id":378,"type":327,"label":328,"file":141,"line":376,"wp_function":329},"n17",[380,381,382,383,384,385,386,387,388],{"from":321,"to":326,"sanitized":187},{"from":331,"to":335,"sanitized":187},{"from":337,"to":341,"sanitized":187},{"from":343,"to":347,"sanitized":187},{"from":349,"to":353,"sanitized":187},{"from":356,"to":360,"sanitized":187},{"from":362,"to":366,"sanitized":187},{"from":368,"to":372,"sanitized":187},{"from":374,"to":378,"sanitized":187},"low",{"entryPoint":391,"graph":392,"unsanitizedCount":27,"severity":389},"\u003Canti-browser-ddos-protection> (anti-browser-ddos-protection.php:0)",{"nodes":393,"edges":412},[394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411],{"id":321,"type":322,"label":323,"file":141,"line":324},{"id":326,"type":327,"label":328,"file":141,"line":324,"wp_function":329},{"id":331,"type":322,"label":332,"file":141,"line":333},{"id":335,"type":327,"label":328,"file":141,"line":333,"wp_function":329},{"id":337,"type":322,"label":338,"file":141,"line":339},{"id":341,"type":327,"label":328,"file":141,"line":339,"wp_function":329},{"id":343,"type":322,"label":344,"file":141,"line":345},{"id":347,"type":327,"label":328,"file":141,"line":345,"wp_function":329},{"id":349,"type":322,"label":350,"file":141,"line":351},{"id":353,"type":327,"label":328,"file":141,"line":354,"wp_function":329},{"id":356,"type":322,"label":357,"file":141,"line":358},{"id":360,"type":327,"label":328,"file":141,"line":358,"wp_function":329},{"id":362,"type":322,"label":363,"file":141,"line":364},{"id":366,"type":327,"label":328,"file":141,"line":364,"wp_function":329},{"id":368,"type":322,"label":369,"file":141,"line":370},{"id":372,"type":327,"label":328,"file":141,"line":370,"wp_function":329},{"id":374,"type":322,"label":375,"file":141,"line":376},{"id":378,"type":327,"label":328,"file":141,"line":376,"wp_function":329},[413,414,415,416,417,418,419,420,421],{"from":321,"to":326,"sanitized":187},{"from":331,"to":335,"sanitized":187},{"from":337,"to":341,"sanitized":187},{"from":343,"to":347,"sanitized":187},{"from":349,"to":353,"sanitized":187},{"from":356,"to":360,"sanitized":187},{"from":362,"to":366,"sanitized":187},{"from":368,"to":372,"sanitized":187},{"from":374,"to":378,"sanitized":187},{"summary":423,"deductions":424},"The \"anti-browser-ddos-protection\" plugin v2.26 exhibits a generally strong security posture based on the provided static analysis and vulnerability history.  The absence of known CVEs and the strict adherence to prepared statements for SQL queries are significant strengths.  Furthermore, the analysis indicates a good implementation of WordPress security best practices, with a reasonable percentage of output escaping and a healthy number of nonce and capability checks relative to the entry points. The lack of critical or high-severity taint flows is also reassuring.\n\nHowever, there are minor areas for improvement. While the total number of entry points is low, and all are protected by authentication checks, a higher percentage of properly escaped outputs would further strengthen its defense against potential cross-site scripting (XSS) vulnerabilities. The presence of file operations, while not inherently dangerous, warrants attention to ensure these operations are performed securely and do not introduce any unintended risks. The plugin's clean vulnerability history is a positive indicator of its development quality, suggesting a focus on security by the maintainers.\n\nIn conclusion, \"anti-browser-ddos-protection\" v2.26 appears to be a securely developed plugin with a commendable track record. The key strengths lie in its secure handling of database queries and its robust use of authentication and capability checks. The minor weakness lies in the slightly lower-than-ideal output escaping percentage, which, while not critical, could be improved to achieve a truly exemplary security profile.",[425],{"reason":426,"points":427},"Output escaping is not fully implemented (73%)",5,"2026-03-16T21:41:39.021Z",{"wat":430,"direct":439},{"assetPaths":431,"generatorPatterns":434,"scriptPaths":435,"versionParams":436},[432,433],"\u002Fwp-content\u002Fplugins\u002Fanti-browser-ddos-protection\u002Fjs\u002Fabdp-script.js","\u002Fwp-content\u002Fplugins\u002Fanti-browser-ddos-protection\u002Fcss\u002Fabdp-style.css",[],[432],[437,438],"anti-browser-ddos-protection\u002Fjs\u002Fabdp-script.js?ver=","anti-browser-ddos-protection\u002Fcss\u002Fabdp-style.css?ver=",{"cssClasses":440,"htmlComments":441,"htmlAttributes":445,"restEndpoints":447,"jsGlobals":448,"shortcodeOutput":451},[],[442,443,444],"\u003C!-- Anti Browser DDoS Protection Settings -->","\u003C!-- Anti Browser DDoS Settings -->","\u003C!-- ABDP Admin Notice -->",[446],"data-abdp-admin-notice",[],[449,450],"var abdp_settings = ","window.abdp_settings = ",[]]