Does Blocked in China | Check if your site is available in the Chinese mainland have any unpatched vulnerabilities?

No. All known vulnerabilities in Blocked in China | Check if your site is available in the Chinese mainland have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Blocked in China | Check if your site is available in the Chinese mainland Security & Risk Analysis

wordpress.org/plugins/blocked-in-china

Is your site available behind the Chinese Firewall? Check for free using the Blocked in China API.

50 active installs v1.1.5 PHP 7.0+ WP 5.1+ Updated Mar 4, 2026

blockedchinafirewallmainlandvpn

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Blocked in China | Check if your site is available in the Chinese mainland Safe to Use in 2026?

Generally Safe

Score 100/100

Blocked in China | Check if your site is available in the Chinese mainland has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "blocked-in-china" plugin version 1.1.5 demonstrates a mixed security posture. On the positive side, it shows good practices regarding SQL queries, utilizing prepared statements exclusively, and a high percentage of properly escaped output. The absence of known CVEs and a clean vulnerability history are strong indicators of a developer attentive to security.

However, the plugin presents significant concerns related to its attack surface. A notable portion of its AJAX handlers (4 out of 11) and one REST API route lack proper authentication or permission checks. This exposes these entry points to potential unauthorized access and manipulation, which could lead to various security issues depending on the functionality of these handlers. While the taint analysis did not reveal immediate critical or high-severity vulnerabilities, the unprotected entry points remain a primary risk.

In conclusion, while the underlying code quality for database interactions and output handling is commendable, the exposure of critical functionalities through unprotected entry points is a substantial weakness. The plugin has a good track record of security, but the current static analysis highlights a potential for attackers to exploit unauthenticated endpoints. Developers should prioritize securing all AJAX and REST API endpoints.

Key Concerns

Unprotected AJAX handlers
Unprotected REST API route
Bundled outdated Freemius library

Vulnerabilities

None known

Blocked in China | Check if your site is available in the Chinese mainland Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Blocked in China | Check if your site is available in the Chinese mainland Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

47 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared4 total queries

Output Escaping

90% escaped52 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

bic_toggle_google_fonts (admin\class-admin-controller.php:103)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

Blocked in China | Check if your site is available in the Chinese mainland Attack Surface

Entry Points12

Unprotected5

AJAX Handlers 11

authwp_ajax_gpbic_run_apiadmin\class-admin-controller.php:26

noprivwp_ajax_gpbic_run_apiadmin\class-admin-controller.php:27

authwp_ajax_bic_toggle_google_fontsadmin\class-admin-controller.php:29

authwp_ajax_bic_filter_logadmin\class-admin-controller.php:30

noprivwp_ajax_bic_filter_logadmin\class-admin-controller.php:31

authwp_ajax_gpbic_run_api_manualadmin\class-admin-controller.php:33

noprivwp_ajax_gpbic_run_api_manualadmin\class-admin-controller.php:34

authwp_ajax_bic_admin_status_baradmin\class-admin-controller.php:36

noprivwp_ajax_bic_admin_status_baradmin\class-admin-controller.php:37

authwp_ajax_bic_install_pluginadmin\class-admin-controller.php:40

authwp_ajax_bic_activate_pluginadmin\class-admin-controller.php:41

REST API Routes 1

GET/wp-json/bic-api/v1/scanningadmin\class-admin-controller.php:112

WordPress Hooks 18

actionadmin_menuadmin\class-admin-controller.php:10

actionadmin_enqueue_scriptsadmin\class-admin-controller.php:11

actionwp_enqueue_scriptsadmin\class-admin-controller.php:14

actionadmin_enqueue_scriptsadmin\class-admin-controller.php:17

filterstyle_loader_tagadmin\class-admin-controller.php:20

filtercron_schedulesadmin\class-admin-controller.php:23

actionadmin_bar_menuadmin\class-admin-controller.php:45

actionadmin_headadmin\class-admin-controller.php:46

actionrest_api_initadmin\class-admin-controller.php:50

actionadmin_initadmin\class-admin-controller.php:53

actionconnect/beforeblocked-in-china.php:55

actionafter_license_changeblocked-in-china.php:104

actionplugins_loadedblocked-in-china.php:119

filterconnect_message_on_updateblocked-in-china.php:141

filterconnect_messageblocked-in-china.php:147

filterconnect-message_on-premiumblocked-in-china.php:167

filterplugin_iconblocked-in-china.php:180

actionbic_cron_hookblocked-in-china.php:234

Scheduled Events 1

bic_cron_hook

Maintenance & Trust

Blocked in China | Check if your site is available in the Chinese mainland Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 4, 2026

PHP min version7.0

Downloads9K

Community Trust

Rating100/100

Number of ratings3

Active installs50

Alternatives

Blocked in China | Check if your site is available in the Chinese mainland Alternatives

Wordfence Security – Firewall, Malware Scan, and Login Security

wordfence

Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.

5.0M 12 CVEs

Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall

limit-login-attempts-reloaded

Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.

2.0M 4 CVEs

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs

Security Optimizer – The All-In-One Protection Plugin

sg-security

Secure your WordPress site from brute-force attacks, threats, malware, and bots. Free to use and easy to set up.

1.0M 5 CVEs

Sucuri Security – Auditing, Malware Scanner and Security Hardening

sucuri-scanner

The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.

600K 1 CVE

Developer Profile

Blocked in China | Check if your site is available in the Chinese mainland Developer Profile

Brandon Ernst

7 plugins · 11K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

11 days

View full developer profile

Detection Fingerprints

How We Detect Blocked in China | Check if your site is available in the Chinese mainland

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/blocked-in-china/assets/css/style.css/wp-content/plugins/blocked-in-china/assets/js/script.js

Script Paths

/wp-content/plugins/blocked-in-china/freemius/start.php

Version Parameters

blocked-in-china/assets/css/style.css?ver=blocked-in-china/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

bic-container

HTML Comments

Data Attributes

data-freemius-id="6351"data-freemius-slug="blocked-in-china"data-freemius-premium-slug="blocked-in-china-paid"

JS Globals

bic_fsfs_dynamic_init

FAQ