Does Blockinator have any unpatched vulnerabilities?

No. All known vulnerabilities in Blockinator have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Blockinator compatible with WordPress 4.9.29?

According to WordPress.org data, Blockinator 1.0.0 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Blockinator updated?

Blockinator was last updated on Jan 7, 2018. Frequent updates are generally a positive security signal.

What is Blockinator's security score?

Blockinator has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Blockinator Security & Risk Analysis

wordpress.org/plugins/blockinator

This plugin will remove script and version numbers from the source of your pages.

10 active installs v1.0.0 PHP + WP + Updated Jan 7, 2018

remove-dns-prefetchremove-feed-linksremove-shortlinksremove-version-numbersxmlrpc

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Blockinator Safe to Use in 2026?

Generally Safe

Score 85/100

Blockinator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

Based on the static analysis, the "blockinator" plugin v1.0.0 exhibits an exceptionally strong security posture. The complete absence of any identified attack surface, including AJAX handlers, REST API routes, shortcodes, or cron events, significantly limits potential entry points for attackers. Furthermore, the code signals are overwhelmingly positive, with no dangerous functions, file operations, or external HTTP requests. All SQL queries are correctly prepared, and all output is properly escaped. The lack of any taint analysis findings further reinforces the impression of well-sanitized code.

Vulnerabilities

None known

Blockinator Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Blockinator Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

Blockinator Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 10

filterxmlrpc_enabledblockinator.php:118

filterstyle_loader_srcblockinator.php:127

filterscript_loader_srcblockinator.php:128

filterthe_generatorblockinator.php:129

filterwp_headersblockinator.php:162

filterbloginfo_urlblockinator.php:170

actionwpblockinator.php:178

actionadmin_menublockinator.php:188

actionadmin_initblockinator.php:206

filterplugin_row_metablockinator.php:249

Maintenance & Trust

Blockinator Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedJan 7, 2018

PHP min version

Downloads1K

Community Trust

Rating100/100

Number of ratings2

Active installs10

Alternatives

Blockinator Alternatives

Disable XML-RPC

disable-xml-rpc

100

Disables the XML-RPC API in WordPress 3.5+, which is enabled by default.

200K No CVEs

Disable XML-RPC-API

disable-xml-rpc-api

100

A simple and lightweight plugin to disable XML-RPC API, X-Pingback and pingback-ping in WordPress 3.5+ for a faster and more secure website

100K No CVEs

Remove & Disable XML-RPC Pingback

remove-xmlrpc-pingback-ping

Prevent pingback, XML-RPC and denial of service DDOS attacks by disabling the XML-RPC pingback functionality.

9K No CVEs

Manage XML-RPC

manage-xml-rpc

Enable/Disable XML-RPC for all or based on IP list, also you can control pingback and Unset X-Pingback from HTTP headers.

6K No CVEs

Stop XML-RPC Attacks

stop-xml-rpc-attacks

100

Blocks dangerous XML-RPC methods while preserving Jetpack, WooCommerce, and mobile apps compatibility.

6K No CVEs

Developer Profile

Blockinator Developer Profile

stoffijn

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Blockinator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Version Parameters

blockinator/style.css?ver=blockinator/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

wrapblockinator_options

HTML Comments

Blockinator Settings (This disables the function) (This removes the script from the html code of your pages) REMOVE XMLRPC FROM HEADERS +2 more

Data Attributes

name="blockinator_options[xmlrpc_disable_enable_checkbox]"name="blockinator_options[xmlrpc_disable_headers_checkbox]"name="blockinator_options[remove_version_numbers_checkbox]"name="blockinator_options[remove_shortlinks_checkbox]"name="blockinator_options[remove_feedslinks_checkbox]"name="blockinator_options[remove_dns_prefetch_checkbox]"

FAQ