[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fB2uGmrjq9TuqOslCZVfG5hL4DLawWryNC2B9yUYv0Nw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":127,"fingerprints":194},"block-spammers","Block Spammers","0.3","sander85","https:\u002F\u002Fprofiles.wordpress.org\u002Fsander85\u002F","\u003Cp>This plugin allows to block spammers with the following options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block spammers by IPs (supports wildcards).\u003C\u002Fli>\n\u003Cli>Block IPs that have posted comments marked as spam.\u003C\u002Fli>\n\u003Cli>Block comments that contain bad words.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Additional options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>If comment contains bad words, add the spammers IP into the blacklist.\u003C\u002Fli>\n\u003Cli>When deleting spam, add IPs of spam comments into the blacklist.\u003C\u002Fli>\n\u003Cli>Similar entries in the blacklist are merged automatically.\u003C\u002Fli>\n\u003C\u002Ful>\n","Block spammers from submitting comments, by IPs or by bad words.",40,3157,0,"2018-10-25T20:44:00.000Z","5.0.25","3.5.1","",[19,20,21,22],"blocking","comments","ip","spam","https:\u002F\u002Fgithub.com\u002Fsander85\u002Fblock-spammers","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-spammers.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,84,"2026-04-04T05:03:56.138Z",[35,57,73,93,112],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":54,"download_link":55,"security_score":56,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"block-comment-spam-bots","Block Comment Spam Bots","2.62","Rick Hellewell","https:\u002F\u002Fprofiles.wordpress.org\u002Frhellewellgmailcom\u002F","\u003Cp>Professional spammers use programs to automate their spamming. The ‘Block Comment Spam Bots’ (BCSB) plugin efficiently blocks their process. No more comment spam!\u003C\u002Fp>\n\u003Cp>As no legitimate user will use the professional spammer’s automated process which relies on cURL and WGET commands, real users will never notice the BCSB plugin at work. There are no CAPTCHAS for your visitors to interact with. No silly questions. Just the comment form as designed in any theme.\u003C\u002Fp>\n\u003Cp>On the admin side, there are no blacklists, special keys (like Askimet), overloaded spam queues, or overworked databases that store spam comments until you manually delete them.\u003C\u002Fp>\n\u003Cp>Install the plugin and that’s it. Invisible, to you and your visitors. The only change you will notice is in your admin area. The list of comments now has a green check next to them. That way you know that comment was made on your website by a real person and was not bypassed by hacking spammers connecting directly to your server.\u003C\u002Fp>\n\u003Cp>All that remains is comments made by real people, and while real people can spam, it takes them time and effort. The amount of spam from real people is a lot more manageable than the tsunami from automated spammers, saving you time to concentrate on the important things in life, like your readers, and making connections.\u003C\u002Fp>\n\u003Cp>We’ve tested it on multiple websites and it wipes out automated spam completely. If it doesn’t on your site, please let us know.\u003C\u002Fp>\n\u003Cp>** Geeky Stuff **\u003Cbr \u002F>\n…in case you are interested in how it works…\u003C\u002Fp>\n\u003Cp>tl;dr – \u003Cstrong>This provides a total and easy solution to comment spam from spam bots.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Comments are processed by the WordPress wp-post-comments.php file. Automated spammers (‘spam bots’) can provide (‘post’) data directly to that page, bypassing any comment processing, by using CURL\u002FWGET commands.\u003C\u002Fp>\n\u003Cp>Bypassing the comment form by posting directly (via CURL or WGET commands), is quite easy. Just send the post ID number, and the bot’s fake name and email, and the spammy content. Boom! Comment spam is on your site!\u003C\u002Fp>\n\u003Cp>The result is comment spam – and that is not always caught by other comment spam checkers. Even if it is caught by programs such as Akismet, processing that spam takes some server resources, including writing to the database.\u003C\u002Fp>\n\u003Cp>This plugin uses several techniques to ‘sense’ a spambot. There are hidden fields that are changed after a delay. There is a delay in displaying the submit button. And it blocks direct access to the WordPress post\u002Fprocessing functions.\u003C\u002Fp>\n\u003Cp>The techniques, also used in our standalone “FormSpemmerTrap” (FST) program, and our other anti-spam plugins (like FormSpammerTrap for Comments), are very effective. They use a bit of JavaScript to block spambots – since automated processes via CURL\u002FWGET\u002Fetc cannot process JS code.\u003C\u002Fp>\n\u003Cp>It’s simple: you install this plugin, activate it, and bot comments will stop. Immediately.\u003C\u002Fp>\n\u003Cp>And it doesn’t add any visual impediments to your comments. No reCaptcha things (which many see as a pain). No silly questions (‘what is 2+8’) on the form. Your comment form does not change. Regular users will not notice a difference. But you will. No more spam comments for you!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>This is the best solution to block comment spam.\u003C\u002Fstrong> We’ve tested it on a site that had 20-40 spam comments a day. With this plugin enabled, the spam comment stopped. Immediately. And there have been none since installing this plugin. ** Not one. Zero.**\u003C\u002Fp>\n\u003Cp>The Admin, Comments list page is modified to show a column with a green checkmark icon if the comment was entered by a real person and not a bot. This is an assurance that the comment was not entered via an automated CURL\u002FWGET to the wp-comments-post.php file. A comment that is on the list that does not show the checkmark was done by a bot. But you won’t see those blocked comments with this plugin enabled. They never get into your database. You can hover over the checkmark icon to see the GUID value indicating a person entered the comment.\u003C\u002Fp>\n\u003Cp>The plugins ‘Settings’ screen has no settings. You don’t even need to look at the Settings screen. If you do, you’ll see information about the plugin. And there is a CURL command you can use to test the effectiveness of blocking (or not blocking) direct access to the wp-comments-post.php file.\u003C\u002Fp>\n\u003Cp>The plugin also adds the hidden GUID field to the comment form after a delay to help block bots that are using the comment form to submit. If the hidden field is not submitted then a bot tried to bypass the comment form. And a short delay happens before the comment submit button is displayed – another bot protection.\u003C\u002Fp>\n","A simple to use plugin that stops automated spam. Install and forget, and any automated spam targeting your native WordPress comments is immediately t …",800,6808,100,4,"2024-04-10T22:16:00.000Z","6.5.8","4.9","5.4",[52,19,53,20,22],"automated-spam","bots","https:\u002F\u002Fwww.cellarweb.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-comment-spam-bots.zip",92,{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":45,"downloaded":65,"rating":45,"num_ratings":30,"last_updated":66,"tested_up_to":67,"requires_at_least":17,"requires_php":17,"tags":68,"homepage":71,"download_link":72,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"spam-ip-blocker","Spam IP Blocker","0.9.2","Aleksei Znaev","https:\u002F\u002Fprofiles.wordpress.org\u002Fznaeff\u002F","\u003Cp>This is a spam IP blocker. It is free. It marks any new comment as spam automatically when commenter’s IP exists in at least one of ‘.zen.spamhaus.org’ & ‘.bl.spamcop.net’.\u003Cbr \u002F>\nPlugin is based on public DNSBL class.\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fwww.phpclasses.org\u002Fpackage\u002F6994-PHP-Check-spam-IP-address-in-DNS-black-lists.html\" title=\"DNSBL class on PHPClasses.org\" rel=\"nofollow ugc\">Official page of DNSBL class on PHPClasses.org\u003C\u002Fa>\u003C\u002Fp>\n","Free spam IP blocker according to public DNSBL bases.",7789,"2011-06-27T07:32:00.000Z","3.1.4",[19,20,69,22,70],"dnsbl","spamhaus","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fspam-ip-blocker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspam-ip-blocker.0.9.2.zip",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":31,"downloaded":81,"rating":45,"num_ratings":82,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":17,"tags":86,"homepage":89,"download_link":90,"security_score":91,"vuln_count":30,"unpatched_count":30,"last_vuln_date":92,"fetched_at":27},"automatic-ban-ip","Automatic Ban IP","1.0.7","KaizenCoders","https:\u002F\u002Fprofiles.wordpress.org\u002Fkaizencoders\u002F","\u003Cp>Block IP addresses which are suspicious and try to post on your blog spam comments.\u003C\u002Fp>\n\u003Cp>This plugin need that you create an account on the Honey Pot Project (https:\u002F\u002Fwww.projecthoneypot.org, free api) or that you install the Spam Captcha plugin.\u003C\u002Fp>\n\u003Cp>In addition, if you want to geolocate the spammers your may create an account on (http:\u002F\u002Fipinfodb.com\u002F, free api). Thus, you may display a world map with the concentration of spammers.\u003C\u002Fp>\n\u003Cp>Spammers may be blocked either by PHP based restrictions (i.e. WordPress generates a 403 page for such identified users) or by Apache based restriction (using Deny from in .htaccess file).\u003C\u002Fp>\n\u003Cp>The Apache restriction is far more efficient when hundreds of hosts sent you spams in few minutes.\u003C\u002Fp>\n\u003Ch4>Multisite – WordPress MU\u003C\u002Fh4>\n\u003Ch4>Localization\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Afrikaans (South Africa) translation provided by SedLex, JanvanNiekerk\u003C\u002Fli>\n\u003Cli>English (United States), default language\u003C\u002Fli>\n\u003Cli>Japanese (Japan) translation provided by OsamuKudo\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features of the framework\u003C\u002Fh4>\n\u003Cp>This plugin uses the SL framework. This framework eases the creation of new plugins by providing tools and frames (see dev-toolbox plugin for more info).\u003C\u002Fp>\n\u003Cp>You may easily translate the text of the plugin and submit it to the developer, send a feedback, or choose the location of the plugin in the admin panel.\u003C\u002Fp>\n\u003Cp>Have fun !\u003C\u002Fp>\n","Block IP addresses which are suspicious and try to post on your blog spam comments.",5292,2,"2016-04-17T08:59:00.000Z","4.5.33","3.0",[87,88,20,21,22],"automatic","ban","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fautomatic-ban-ip\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomatic-ban-ip.zip",63,"2025-04-09 00:00:00",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":13,"downloaded":101,"rating":13,"num_ratings":13,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":105,"tags":106,"homepage":110,"download_link":111,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"javascript-disposable-email-blocker","Javascript Disposable Email Blocker","1.0.0","Tomba Email Finder","https:\u002F\u002Fprofiles.wordpress.org\u002Ftombaio\u002F","\u003Cp>Elevate the security and reliability of your online forms with this indispensable, fully customizable plugin. It plays a pivotal role in minimizing spam, improving user interactions, and safeguarding your website’s data integrity.\u003C\u002Fp>\n\u003Cp>The plugin is also fully customizable.\u003Cbr \u002F>\nThe plugin serves as a critical tool in reducing spam, improving user experience, and maintaining the integrity of your website’s data.\u003C\u002Fp>\n\u003Ch4>Supported Plugins\u003C\u002Fh4>\n\u003Cp>The \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftomba-io\u002Fdisposable-email-blocker\" rel=\"nofollow ugc\">Javascript Disposable Email Blocker\u003C\u002Fa> by tomba.io plugin supports a rich set of popular form-based plugins.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Elementor Form\u003C\u002Fli>\n\u003Cli>WooCommerce\u003C\u002Fli>\n\u003Cli>Fluent Form\u003C\u002Fli>\n\u003Cli>Gravity Forms\u003C\u002Fli>\n\u003Cli>MailChimp\u003C\u002Fli>\n\u003Cli>Ninja Forms\u003C\u002Fli>\n\u003Cli>Profile Builder\u003C\u002Fli>\n\u003Cli>Formidable forms\u003C\u002Fli>\n\u003Cli>Ultimate Member registration form\u003C\u002Fli>\n\u003Cli>Mailster Form\u003C\u002Fli>\n\u003Cli>Users Ultra registration form\u003C\u002Fli>\n\u003Cli>JetPack comments and a contact form\u003C\u002Fli>\n\u003Cli>Theme My Login\u003C\u002Fli>\n\u003Cli>Contact Form\u003C\u002Fli>\n\u003Cli>WP-Members\u003C\u002Fli>\n\u003Cli>Paid Memberships Pro\u003C\u002Fli>\n\u003Cli>MailPoet\u003C\u002Fli>\n\u003Cli>WP Forms\u003C\u002Fli>\n\u003Cli>Visual Form Builder\u003C\u002Fli>\n\u003Cli>Any WordPress registrations & contact forms   \u003C\u002Fli>\n\u003Cli>WS Form \u003C\u002Fli>\n\u003Cli>Form Maker by 10Web\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Protect all HTML Forms.\u003C\u002Fli>\n\u003Cli>Detect invalid emails.\u003C\u002Fli>\n\u003Cli>Detect invalid Domains.\u003C\u002Fli>\n\u003Cli>Detect and Block disposable emails.\u003C\u002Fli>\n\u003Cli>We crawl the disposable email domains daily to keep safe from fake uses.\u003C\u002Fli>\n\u003Cli>Detect and Block webmail emails.\u003C\u002Fli>\n\u003Cli>Custom Error Message\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How to use\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>First install the Javascript Disposable Email Blocker plugin\u003C\u002Fli>\n\u003Cli>Enjoy!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>FURTHER READING\u003C\u002Fh4>\n\u003Cp>Read more about Tomba Email Finder\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftomba.io\u002Fdomain-search\" rel=\"nofollow ugc\">Domain Search\u003C\u002Fa> (Search emails are based on the website You give one domain name and it returns all the email addresses found on the internet.)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftomba.io\u002Femail-finder\" rel=\"nofollow ugc\">Email Finder\u003C\u002Fa> (This API endpoint generates or retrieves the most likely email address from a domain name, a first name and a last name..)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftomba.io\u002Fauthor-finder\" rel=\"nofollow ugc\">Author Finder\u003C\u002Fa> (Instantly discover the email addresses of article authors.)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftomba.io\u002Fauthor-finder\" rel=\"nofollow ugc\">Enrichment\u003C\u002Fa> (The Enrichment lets you find the current job title, company, location and social profiles of the person behind the email.)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftomba.io\u002Fauthor-finder\" rel=\"nofollow ugc\">Linkedin Finder\u003C\u002Fa> (The Linkedin lets you find the current job title, company, location and social profiles of the person behind the linkedin URL.)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftomba.io\u002Femail-verifier\" rel=\"nofollow ugc\">Email Verifier\u003C\u002Fa> (checks the deliverability of a given email address, verifies if it has been found in our database, and returns their sources.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Feedback\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Liked that plugin? Hate it? Want a new feature? \u003Ca href=\"mailto:support@tomba.io\" title=\"Send feedback\" rel=\"nofollow ugc\">Send me some feedback\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>For installation help click on Installation Tab\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin ensures your forms accept only legitimate email addresses using JavaScript, enhancing your site's security and user experience.",1644,"2024-03-22T19:32:00.000Z","6.4.8","3.0.1","7.1",[20,107,108,109,22],"email-form-validation","form","javascript","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjavascript-disposable-email-blocker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjavascript-disposable-email-blocker.1.0.0.zip",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":13,"downloaded":120,"rating":13,"num_ratings":13,"last_updated":17,"tested_up_to":121,"requires_at_least":49,"requires_php":17,"tags":122,"homepage":124,"download_link":125,"security_score":45,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":126},"spam-to-blacklist","Spam to blacklist","1.0","proninyaroslav","https:\u002F\u002Fprofiles.wordpress.org\u002Fproninyaroslav\u002F","\u003Cp>Adds IP from comment that marked as spam to standard WordPress blacklist. Comments already marked as spam are not added to the list.\u003C\u002Fp>\n","Adds IP from comment that marked as spam to standard WordPress blacklist.",1133,"4.9.29",[88,123,20,21,22],"blacklist","https:\u002F\u002Fgithub.com\u002Fproninyaroslav\u002Fspam-to-blacklist","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspam-to-blacklist.1.0.zip","2026-03-15T10:48:56.248Z",{"attackSurface":128,"codeSignals":162,"taintFlows":181,"riskAssessment":182,"analyzedAt":193},{"hooks":129,"ajaxHandlers":158,"restRoutes":159,"shortcodes":160,"cronEvents":161,"entryPointCount":13,"unprotectedCount":13},[130,136,140,144,148,154],{"type":131,"name":132,"callback":133,"file":134,"line":135},"action","admin_menu","add_plugin_page","block-spammers-admin.php",19,{"type":131,"name":137,"callback":138,"file":134,"line":139},"admin_init","page_init",20,{"type":131,"name":141,"callback":142,"file":134,"line":143},"delete_comment","wbs_add_ip_to_blacklist",21,{"type":131,"name":145,"callback":146,"file":134,"line":147},"admin_enqueue_scripts","wbs_load_scripts",22,{"type":149,"name":150,"callback":151,"priority":30,"file":152,"line":153},"filter","preprocess_comment","wbs_process_comment","block-spammers.php",25,{"type":131,"name":155,"callback":156,"file":152,"line":157},"init","wbs_load_textdomain",26,[],[],[],[],{"dangerousFunctions":163,"sqlUsage":164,"outputEscaping":172,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":180},[],{"prepared":13,"raw":82,"locations":165},[166,169],{"file":134,"line":167,"context":168},309,"$wpdb->get_row() with variable interpolation",{"file":152,"line":170,"context":171},59,"$wpdb->get_results() with variable interpolation",{"escaped":173,"rawEcho":82,"locations":174},6,[175,178],{"file":134,"line":176,"context":177},57,"raw output",{"file":134,"line":179,"context":177},250,[],[],{"summary":183,"deductions":184},"The 'block-spammers' plugin v0.3 exhibits a generally good security posture based on the provided static analysis and vulnerability history. The lack of identified vulnerabilities, critical taint flows, and a clean vulnerability history suggest that the developers have followed secure coding practices.  Furthermore, the absence of dangerous functions, file operations, and external HTTP requests is a positive sign. The limited attack surface, with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without authentication or proper checks, further strengthens its security. The plugin also demonstrates good practices in output escaping, with a high percentage of outputs being properly sanitized. However, a significant concern arises from the use of raw SQL queries without prepared statements. While there are only two such queries, this practice leaves the plugin vulnerable to SQL injection attacks, especially if the data used in these queries originates from user input. The lack of nonce checks and capability checks also indicates a potential area for improvement in securing any future functionalities that might be added.",[185,188,191],{"reason":186,"points":187},"SQL queries not using prepared statements",10,{"reason":189,"points":190},"Missing nonce checks",5,{"reason":192,"points":190},"Missing capability checks","2026-03-16T22:12:58.308Z",{"wat":195,"direct":201},{"assetPaths":196,"generatorPatterns":198,"scriptPaths":199,"versionParams":200},[197],"\u002Fwp-content\u002Fplugins\u002Fblock-spammers\u002Fjs\u002Fmain.js",[],[197],[],{"cssClasses":202,"htmlComments":203,"htmlAttributes":206,"restEndpoints":207,"jsGlobals":208,"shortcodeOutput":209},[],[204,205],"Block Spammers by Sander Lepik\nTo the extent possible under law, the person who associated CC0 with\nBlock Spammers has waived all copyright and related or neighboring\nrights to Block Spammers.\nYou should have received a copy of the CC0 legalcode along with this\nwork. If not, see \u003Chttp:\u002F\u002Fcreativecommons.org\u002Fpublicdomain\u002Fzero\u002F1.0\u002F>.","No script kiddies please!",[],[],[],[]]