WP-Safety

BP Block Users Security & Risk Analysis

wordpress.org/plugins/bp-block-users

Allows BuddyPress administrators to block users indefinitely, or for a specified period of time.

50 active installs v1.0.2 PHP 5.2.4+ WP 4.3+ Updated Jan 15, 2018
blockblock-usersbpbuddypressusers
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is BP Block Users Safe to Use in 2026?

Generally Safe

Score 85/100

BP Block Users has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The 'bp-block-users' plugin v1.0.2 exhibits a strong security posture based on the provided static analysis and vulnerability history. The absence of any identified CVEs, coupled with robust implementation practices like prepared statements for all SQL queries and a high percentage of output escaping, suggests a well-developed and security-conscious plugin. The presence of nonce and capability checks further reinforces this positive assessment. The static analysis revealing no dangerous functions, file operations, or external HTTP requests, along with zero taint analysis findings, indicates no immediately apparent critical or high-risk vulnerabilities in the current version.

However, the analysis also highlights a complete lack of any attack surface (AJAX, REST API, shortcodes, cron events). While this can be seen as a strength in reducing potential entry points, it could also indicate limited functionality or a plugin that does not expose user-facing interactive elements. The absence of vulnerabilities in its history is a significant positive, suggesting a history of secure development or a lack of prior scrutiny. Overall, 'bp-block-users' v1.0.2 appears to be a secure plugin with excellent adherence to security best practices.

Vulnerabilities
None known

BP Block Users Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

BP Block Users Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
13
73 escaped
Nonce Checks
3
Capability Checks
5
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

85% escaped86 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
admin_index (classes\class-bpbu-admin-list-tables.php:385)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

BP Block Users Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 22
actionbp_loadedbp-block-users.php:46
actionadmin_noticesbp-block-users.php:49
actionbp_includebp-block-users.php:52
actionplugins_loadedbp-block-users.php:84
actionadmin_menuclasses\class-bpbu-admin-list-tables.php:81
actionnetwork_admin_menuclasses\class-bpbu-admin-list-tables.php:82
filterms_user_row_actionsclasses\class-bpbu-admin-list-tables.php:86
filteruser_row_actionsclasses\class-bpbu-admin-list-tables.php:90
filterset-screen-optionclasses\class-bpbu-admin-list-tables.php:96
actionedit_user_profileclasses\class-bpbu-admin-profile.php:61
actionuser_profile_update_errorsclasses\class-bpbu-admin-profile.php:64
actionadmin_noticesclasses\class-bpbu-admin.php:89
actionbp_initclasses\class-bpbu-component.php:137
filterget_user_metadataclasses\class-bpbu-component.php:150
filterbp_located_templateclasses\class-bpbu-component.php:153
filterauthenticateclasses\class-bpbu-component.php:156
filterget_user_metadataclasses\class-bpbu-component.php:159
actionbp_settings_setup_navclasses\class-bpbu-component.php:164
actionadmin_bar_menuclasses\class-bpbu-component.php:167
actionbp_actionsclasses\class-bpbu-component.php:170
actionbp_template_contentclasses\class-bpbu-template-stack.php:47
actionbp_before_member_settings_templateincludes\template.php:124
Maintenance & Trust

BP Block Users Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedJan 15, 2018
PHP min version5.2.4
Downloads6K

Community Trust

Rating60/100
Number of ratings2
Active installs50
Alternatives

BP Block Users Alternatives

BP User Widgets

BP User Widgets

bp-user-widgets

A
100

Add user editable widgets to profile pages with a widgets for text, video, buddypress friends and groups, as well as followed and followiing.

30 No CVEs
One User Avatar | User Profile Picture

One User Avatar | User Profile Picture

one-user-avatar

A
99

Use any image from your WordPress Media Library as a custom user avatar or user profile picture. Add your own Default Avatar.

100K 2 CVEs
User Profile Picture

User Profile Picture

metronet-profile-picture

A
91

Set a custom profile image (avatar) for a user using the standard WordPress media upload tool.

40K 1 CVE
BP Profile Search

BP Profile Search

bp-profile-search

A
95

Member search and member directories for BuddyPress and the BuddyBoss Platform.

6K 3 CVEs
User Blocker

User Blocker

user-blocker

A
92

To block users from admin side except admin users for specific day,time, and date or permanently.

3K 1 CVE
Developer Profile

BP Block Users Developer Profile

Brandon Allen

5 plugins · 8K total installs

86
trust score
Avg Security Score
88/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect BP Block Users

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bp-block-users/css/bpbu-admin.css/wp-content/plugins/bp-block-users/css/bpbu-styles.css/wp-content/plugins/bp-block-users/js/bpbu-admin.js
Script Paths
/wp-content/plugins/bp-block-users/js/bpbu-admin.js
Version Parameters
bp-block-users/css/bpbu-admin.css?ver=bp-block-users/css/bpbu-styles.css?ver=bp-block-users/js/bpbu-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
bpbu-admin-bar-notificationbpbu-block-user-formbpbu-blocked-users-listbpbu-unblock-button
Data Attributes
data-bpbu-user-id
JS Globals
bpbu_admin_vars
FAQ

Frequently Asked Questions about BP Block Users