BotBlocker Security – Firewall & Bot Protection Security & Risk Analysis
wordpress.org/plugins/botblocker-securityProtect your WordPress site: firewall, bot & brute-force protection, anti-spam, multi-layer CAPTCHA, optional cloud threat intel.
2K active installs v1.6.14 PHP 7.4+ WP 5.0+ Updated Mar 10, 2026
anti-spambrute-forcecaptchafirewallsecurity
Safety Verdict
Is BotBlocker Security – Firewall & Bot Protection Safe to Use in 2026?
Generally Safe
Score 100/100BotBlocker Security – Firewall & Bot Protection has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
No known CVEs Updated 24d ago
Risk Assessment
The botblocker-security plugin v1.6.14 exhibits a generally strong security posture with a low overall risk profile. The vast majority of its SQL queries utilize prepared statements, output escaping is consistently applied, and it benefits from a robust system of nonce and capability checks, indicating good development practices. The absence of any recorded CVEs or known vulnerabilities further contributes to this positive assessment, suggesting a mature and well-maintained codebase.
Key Concerns
- AJAX handlers without auth checks
- Taint flow with unsanitized path (high severity)
- Taint flow with unsanitized path (high severity)
- Taint flow with unsanitized path (high severity)
- Use of dangerous function: shell_exec
- File operations present
- External HTTP requests present
- Bundled library: DataTables
Vulnerabilities
None knownBotBlocker Security – Firewall & Bot Protection Security Vulnerabilities
No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026BotBlocker Security – Firewall & Bot Protection Code Analysis
Dangerous Functions
4
Raw SQL Queries
58
276 prepared
Unescaped Output
92
1376 escaped
Nonce Checks
124
Capability Checks
105
File Operations
31
External Requests
11
Bundled Libraries
1
Dangerous Functions Found
shell_exec$output = shell_exec( $cmd ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.system_calls_sheincludes\class-google2fa-dual-installer.php:113
shell_exec$output = shell_exec( $cmd ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.system_calls_sheincludes\class-google2fa-dual-installer.php:150
shell_exec$executionTest = shell_exec('echo test');includes\inc-botblocker-env.php:109
shell_exec$output = shell_exec($command) ?? false;includes\install\botblocker-install-ips.php:260
Bundled Libraries
DataTables
SQL Query Safety
83% prepared334 total queries
Output Escaping
94% escaped1468 total outputs
Data Flows
3 unsanitizedData Flow Analysis
25 flows3 with unsanitized paths
ajax_save_preset (admin\class-botblocker-setup-wizard.php:1068)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected BotBlocker Security – Firewall & Bot Protection Attack Surface
Entry Points132
Unprotected4
AJAX Handlers 108
Shortcodes 24
[bbcs_top_ips] includes\inc-botblocker-shortcode.php:51
[bbcs_top_countries] includes\inc-botblocker-shortcode.php:74
[bbcs_top_devices] includes\inc-botblocker-shortcode.php:97
[bbcs_top_browsers] includes\inc-botblocker-shortcode.php:120
[bbcs_latest_hits] includes\inc-botblocker-shortcode.php:252
[bbcs_lang_options] includes\shortcode\botblocker-shortcode-header.php:74
[bbcs_health_full] includes\shortcode\botblocker-shortcode-health-full.php:136
[bbcs_health_gauge] includes\shortcode\botblocker-shortcode-health.php:70
[botblocker_generateSiteHealthList] includes\shortcode\botblocker-shortcode-health.php:177
[bbcs_counters_grid] includes\shortcode\botblocker-shortcode-health.php:294
[botblocker_rules_stats] includes\shortcode\botblocker-shortcode-rules.php:97
[bbcs_botblocker_news] includes\shortcode\botblocker-shortcode-sidebar.php:61
[bbcs_database_update] includes\shortcode\botblocker-shortcode-sidebar.php:100
[bbcs_database_total] includes\shortcode\botblocker-shortcode-sidebar.php:138
[bbcs_system_status] includes\shortcode\botblocker-shortcode-sidebar.php:167
[bbcs_blocked_today] includes\shortcode\botblocker-shortcode-sidebar.php:178
[bbcs_blocked_total] includes\shortcode\botblocker-shortcode-sidebar.php:188
[bbcs_plugins_themes] includes\shortcode\botblocker-shortcode-sidebar.php:267
[bbcs_cron_tasks] includes\shortcode\botblocker-shortcode-tasks.php:27
[bbcs_recommendations] includes\shortcode\botblocker-shortcode-tooltips.php:131
[bbcs_daily_hits_chart] includes\shortcode\charts\chart-botblocker-daily.php:95
[bbcs_hits_and_uniques_chart] includes\shortcode\charts\chart-botblocker-hits.php:156
[bbcs_visitors_jsvectormap] includes\shortcode\charts\chart-botblocker-map.php:154
[bbcs_statistics_chart] includes\shortcode\charts\chart-botblocker-stat.php:95
WordPress Hooks 52
Scheduled Events 8
bbcs_daily_task
bbcs_hourly_task
bbcs_weekly_task
bbcs_five_days_task
bbcs_two_hours_task
bbcs_one_time_task
bbcs_summary_backfill
bbcs_summary_backfill
Maintenance & Trust
BotBlocker Security – Firewall & Bot Protection Maintenance & Trust
Maintenance Signals
WordPress version tested6.9.4
Last updatedMar 10, 2026
PHP min version7.4
Downloads4K
Community Trust
Rating100/100
Number of ratings6
Active installs2K
Alternatives
BotBlocker Security – Firewall & Bot Protection Alternatives
Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall
limit-login-attempts-reloaded
A
98
Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.
2.0M 4 CVEs
CloudSecure WP Security
cloudsecure-wp-security
A
100
管理画面とログインURLをサイバー攻撃から守る、国産・日本語対応のセキュリティ対策プラグインです。 かんたんな設定を行うだけで、不正アクセスや不正ログインからあなたのWordPressを保護します。
100K No CVEs
reCaptcha by BestWebSoft
google-captcha
A
98
Protect WordPress website forms from spam entries with Google reCAPTCHA.
100K 3 CVEs
Anti-Malware Security and Brute-Force Firewall
gotmls
B
83
This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
100K 9 CVEs
Forget Spam Comment
forget-spam-comment
A
100
The ultimate solution to stop spam comments in the default commenting system of WordPress
9K No CVEs
Developer Profile
BotBlocker Security – Firewall & Bot Protection Developer Profile
Yevhen Leonidov
1 plugin · 2K total installs
94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
Detection Fingerprints
How We Detect BotBlocker Security – Firewall & Bot Protection
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
Asset Paths
/wp-content/plugins/botblocker-security/assets/css/frontend.css/wp-content/plugins/botblocker-security/assets/css/botblocker.css/wp-content/plugins/botblocker-security/assets/js/frontend.js/wp-content/plugins/botblocker-security/assets/js/botblocker-frontend.js/wp-content/plugins/botblocker-security/assets/js/vendor/jquery-form-validator/jquery.form-validator.min.js/wp-content/plugins/botblocker-security/assets/js/vendor/moment.min.js/wp-content/plugins/botblocker-security/assets/js/vendor/chart.min.js/wp-content/plugins/botblocker-security/assets/js/vendor/perfect-scrollbar.min.js+8 moreScript Paths
/wp-content/plugins/botblocker-security/assets/js/frontend.js/wp-content/plugins/botblocker-security/assets/js/botblocker-frontend.js/wp-content/plugins/botblocker-security/assets/js/vendor/jquery-form-validator/jquery.form-validator.min.js/wp-content/plugins/botblocker-security/assets/js/vendor/moment.min.js/wp-content/plugins/botblocker-security/assets/js/vendor/chart.min.js/wp-content/plugins/botblocker-security/assets/js/vendor/perfect-scrollbar.min.js+7 moreVersion Parameters
botblocker-security/assets/css/frontend.css?ver=botblocker-security/assets/css/botblocker.css?ver=botblocker-security/assets/js/frontend.js?ver=botblocker-security/assets/js/botblocker-frontend.js?ver=botblocker-security/assets/js/vendor/jquery-form-validator/jquery.form-validator.min.js?ver=botblocker-security/assets/js/vendor/moment.min.js?ver=botblocker-security/assets/js/vendor/chart.min.js?ver=botblocker-security/assets/js/vendor/perfect-scrollbar.min.js?ver=botblocker-security/assets/js/vendor/bootstrap.bundle.min.js?ver=botblocker-security/assets/js/vendor/bootstrap.min.js?ver=botblocker-security/assets/js/admin.js?ver=botblocker-security/assets/js/botblocker-admin.js?ver=botblocker-security/assets/js/botblocker-settings.js?ver=botblocker-security/assets/js/botblocker-security-setup-wizard.js?ver=botblocker-security/admin/assets/css/setup-wizard.css?ver=botblocker-security/admin/assets/js/setup-wizard.js?ver=HTML / DOM Fingerprints
CSS Classes
botblocker-setup-wizard-pagebotblocker-wizard-stepbotblocker-login-form-protectionbbcs-login-form-protectionHTML Comments
<!-- BotBlocker Security --><!-- BotBlocker Security Core --><!-- BotBlocker Security Admin --><!-- BotBlocker Security Setup Wizard -->+32 moreData Attributes
data-botblocker-iddata-bbcs-noncedata-bbcs-targetdata-bbcs-actiondata-bbcs-fielddata-bbcs-rule-id+5 moreJS Globals
BotBlockerFrontendbotblocker_frontend_paramsBotBlockerAdminbotblocker_admin_paramsBotBlockerSettingsbotblocker_settings_params+2 moreREST Endpoints
/wp-json/botblocker-security/v1/settings/wp-json/botblocker-security/v1/logs/wp-json/botblocker-security/v1/rules/wp-json/botblocker-security/v1/dashboard FAQ