[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fd8SmJhmMemca43-cDHowz-9Lw8u5QRPJzp1i7QfPWmA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":142,"fingerprints":252},"cloudguard","CloudGuard","1.4.6","pipdig","https:\u002F\u002Fprofiles.wordpress.org\u002Fpipdig\u002F","\u003Cp>Use the power of the cloud and a global CDN to restrict access to your login page.\u003C\u002Fp>\n\u003Cp>CloudGuard brings global and cloud driven protection to your login page. Using Cloudflare’s free Geolocation service, this super lightweight plugin restricts access to your login page, allowing access to only your chosen countries.  This means that any login attempts from the rest of the world will be automatically blocked.\u003C\u002Fp>\n\u003Cp>Additionally, this plugin tracks any unauthorized login attempts and displays them on a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcloudguard\u002Fscreenshots\u002F\" rel=\"ugc\">world map\u003C\u002Fa> in your dashboard.\u003C\u002Fp>\n\u003Ch3>Main Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Protect your login page globally.\u003C\u002Fli>\n\u003Cli>Reduce server load.\u003C\u002Fli>\n\u003Cli>Country based IP ranges constantly updated by Cloudflare.\u003C\u002Fli>\n\u003Cli>Monitor login attempts via your dashboard.\u003C\u002Fli>\n\u003Cli>Block access to the login page or redirect to a URL.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Cloudflare’s Geolocation?\u003C\u002Fh3>\n\u003Cp>There are other plugins which can \u003Cstrong>restrict your login page by geographic location\u003C\u002Fstrong>. However, these plugins use your server to detect the IP and compare this to a geographic location. This adds extra overhead to your site, takes up space on your server, and requires frequent updates to keep the IP list relevant.\u003C\u002Fp>\n\u003Cp>CloudGuard is different. Since we leverage Cloudflare’s geolocation service, your server simply has to read the data, rather than compute and store it locally. Cloudflare does the grunt work, leaving your site safe, secure and optimized.\u003C\u002Fp>\n\u003Cp>Note: This plugin requires that you have an account (including the free option) on \u003Ca href=\"https:\u002F\u002Fwww.cloudflare.com\" rel=\"nofollow ugc\">Cloudflare\u003C\u002Fa> with \u003Ca href=\"https:\u002F\u002Fsupport.cloudflare.com\u002Fhc\u002Fen-us\u002Farticles\u002F200168236-What-does-Cloudflare-IP-Geolocation-do-\" rel=\"nofollow ugc\">Geolocation\u003C\u002Fa> enabled.\u003C\u002Fp>\n\u003Cp>This free plugin is brought to you by \u003Ca href=\"https:\u002F\u002Fwww.pipdig.co\u002F\" rel=\"nofollow ugc\">pipdig\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fcloudguard?rate=5#postform\" rel=\"ugc\">leaving a 5-star rating\u003C\u002Fa> if this plugin has helped you.\u003C\u002Fp>\n","Use Cloudflare's free geolocation service to restrict access to your site's login page.",1000,28284,98,30,"2025-12-03T16:06:00.000Z","6.9.4","4.9","",[20,21,22,23,24],"cloudflare","geolocation","ip","login","security","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcloudguard\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcloudguard.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},10,80260,97,353,77,"2026-04-05T01:19:28.575Z",[40,64,83,102,124],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":50,"num_ratings":51,"last_updated":52,"tested_up_to":53,"requires_at_least":54,"requires_php":18,"tags":55,"homepage":18,"download_link":61,"security_score":13,"vuln_count":62,"unpatched_count":28,"last_vuln_date":63,"fetched_at":30},"dologin","DoLogin Security","4.3","WPDO","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdo5ea\u002F","\u003Cp>In one click, your WordPress login page will be pretected with the smart brute force attack protection! Any login attempts more than 6 in 10 minutes (default value) will be limited.\u003C\u002Fp>\n\u003Cp>Limit the number of login attempts through both the login and the auth cookies.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Two-factor Authentication login.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Text SMS message passcode for 2nd step verification support.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Cloudflare Turnstile (better than Google reCAPTCHA).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>GeoLocation (Continent\u002FCountry\u002FCity) or IP range to limit login attempts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Passwordless login link.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Support Whitelist and Blacklist.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>GDPR compliant. With this feature turned on, all logged IPs get obfuscated (md5-hashed).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>WooCommerce Login supported.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>XMLRPC gateway protection.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>API\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Call the function \u003Ccode>$link = function_exists( 'dologin_gen_link' ) ? dologin_gen_link( 'your plugin name or tag' ) : '';\u003C\u002Fcode> to generate one passwordless login link for the current user.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Call the function \u003Ccode>$link = function_exists( 'dologin_gen_link' ) ? dologin_gen_link( 'note\u002Ftip for this generation', $user_id ) : '';\u003C\u002Fcode> to generate a passwordless login link for the user which ID is \u003Ccode>$user_id\u003C\u002Fcode>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The generated one-time used link will be expired after 7 days.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Define const \u003Ccode>SILENCE_INSTALL\u003C\u002Fcode> to avoid redirecting to setting page after installtion.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>CLI\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>List all passwordless links: \u003Ccode>wp dologin list\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Generate a passwordless link for one username (for the login name \u003Ccode>root\u003C\u002Fcode>): \u003Ccode>wp dologin gen root\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Delete a passwordless link w\u002F the ID in list (for the record w\u002F ID 5): \u003Ccode>wp dologin del 5\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How GeoLocation works\u003C\u002Fh4>\n\u003Cp>When visitors hit the login page, this plugin will lookup the Geolocation info from API, compare the Geolocation setting (if has) with the whitelist\u002Fblacklist to decide if allow login attempts.\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>The online IP lookup service is provided by https:\u002F\u002Fwww.doapi.us. The provider’s privacy policy is https:\u002F\u002Fwww.doapi.us\u002Fprivacy.\u003C\u002Fp>\n\u003Cp>Based on the original code from Limit Login Attemps plugin and Limit Login Attemps Reloaded plugin.\u003C\u002Fp>\n","Easy Login. 2FA login. Passwordless login. Cloudflare Turnstile reCAPTCHA. GeoLocation (Continent\u002FCountry\u002FCity)\u002FIP range to limit login attempts.",7000,162727,90,13,"2025-06-11T14:21:00.000Z","6.8.5","4.0",[56,57,58,59,60],"2fa-login","cloudflare-turnstile-recaptcha","easy-login","geolocation-login-limit","login-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdologin.4.3.zip",4,"2023-10-24 00:00:00",{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":72,"downloaded":73,"rating":13,"num_ratings":74,"last_updated":75,"tested_up_to":76,"requires_at_least":77,"requires_php":76,"tags":78,"homepage":81,"download_link":82,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"login-security-recaptcha","Login Security Captcha","1.8.4","ScriptsTown","https:\u002F\u002Fprofiles.wordpress.org\u002Fscriptstown\u002F","\u003Cp>\u003Cstrong>Login Security Captcha\u003C\u002Fstrong> is a security plugin for WordPress to add CAPTCHA or CAPTCHA-free services such as Cloudflare \u003Cstrong>Turnstile\u003C\u002Fstrong> and Google \u003Cstrong>reCAPTCHA\u003C\u002Fstrong> to the WordPress login, registration, lost password, and comment form. This is a fast and lightweight security plugin to place captcha on standard WordPress forms with minimal footprints. It can prevent spam comments and protect the login form against Brute-force attacks. It has simple settings to configure the plugin quickly.\u003C\u002Fp>\n\u003Cp>The plugin supports \u003Cstrong>Cloudflare Turnstile\u003C\u002Fstrong>, Google \u003Cstrong>reCAPTCHA\u003C\u002Fstrong> Version 2, and Version 3 with multiple options. This is the best WordPress captcha plugin for antispam protection to secure comment form and WordPress login page. It allows you to place different versions of reCAPTCHA and also Turnstile on different forms at the same time. This plugin comes with a set of simple options to quickly set up captcha validation on the common forms.\u003C\u002Fp>\n\u003Cp>Using this security plugin, you can change the captcha theme to light or dark depending on your preferences for Cloudflare Turnstile and Google reCAPTCHA. You can also configure various other parameters like the score value for reCAPTCHA version 3. You can monitor the error logs and have the option to disable the captcha on the comment form for logged-in users. Also, you can adjust the captcha size to compact or normal for \u003Cstrong>Cloudflare Turnstile\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>Login Security Captcha Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Cloudflare \u003Cstrong>Turnstile\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Google reCAPTCHA v2\u003C\u002Fli>\n\u003Cli>Google reCAPTCHA v3\u003C\u002Fli>\n\u003Cli>Set reCAPTCHA v3 Position\u003C\u002Fli>\n\u003Cli>Captcha Theme and Size\u003C\u002Fli>\n\u003Cli>Secure Login Form\u003C\u002Fli>\n\u003Cli>Secure Registration Form\u003C\u002Fli>\n\u003Cli>Secure Lost Password Form\u003C\u002Fli>\n\u003Cli>Protect Comment Spam\u003C\u002Fli>\n\u003Cli>Monitor Error Logs\u003C\u002Fli>\n\u003Cli>Prevent Brute-force Attack\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Upgrade To Pro – \u003Ca href=\"https:\u002F\u002Fscriptstown.com\u002Fwordpress-plugins\u002Flogin-security-pro\u002F#pricing\" title=\"Upgrade To Pro\" rel=\"nofollow ugc\">Click Here\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Login Security Pro Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Limit Login Attempts\u003C\u002Fstrong> by IP Address\u003C\u002Fli>\n\u003Cli>Check and Monitor \u003Cstrong>Last Login\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Check Login History by Username\u003C\u002Fli>\n\u003Cli>Recent Login Dashboard Widget\u003C\u002Fli>\n\u003Cli>Cloudflare \u003Cstrong>Turnstile\u003C\u002Fstrong> Support\u003C\u002Fli>\n\u003Cli>Google \u003Cstrong>reCAPTCHA\u003C\u002Fstrong> v2 and v3\u003C\u002Fli>\n\u003Cli>Redirect after Login or Logout\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role-Based Redirection\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Secure Login and Registration Form\u003C\u002Fli>\n\u003Cli>Secure Lost Password Form\u003C\u002Fli>\n\u003Cli>Easy to Protect Comment Spam\u003C\u002Fli>\n\u003Cli>Login Form – \u003Cstrong>WooCommerce\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Lost Password Form – \u003Cstrong>WooCommerce\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Registration Form – \u003Cstrong>WooCommerce\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Secure \u003Cstrong>WooCommerce\u003C\u002Fstrong> Checkout Form\u003C\u002Fli>\n\u003Cli>Advanced Security and Much More\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Check Pro Plugin – \u003Ca href=\"https:\u002F\u002Fscriptstown.com\u002Fwordpress-plugins\u002Flogin-security-pro\u002F\" title=\"Check Pro Plugin\" rel=\"nofollow ugc\">Click Here\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n","Secure WordPress login, registration, and comment form with Google reCAPTCHA or Cloudflare Turnstile. Prevent Brute-force attacks and more.",10000,286646,20,"2026-03-11T00:40:00.000Z","7.0","5.0",[79,20,23,80,24],"captcha","recaptcha","https:\u002F\u002Fscriptstown.com\u002Fwordpress-plugins\u002Flogin-security-recaptcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-security-recaptcha.1.8.4.zip",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":93,"num_ratings":94,"last_updated":95,"tested_up_to":16,"requires_at_least":54,"requires_php":96,"tags":97,"homepage":18,"download_link":101,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"expire-user-passwords","Expire User Passwords","1.4.2","Matt Miller","https:\u002F\u002Fprofiles.wordpress.org\u002Fmillermedianow\u002F","\u003Cp>Note: This is a forked version of the now unsupported \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexpire-passwords\u002F\" rel=\"ugc\">Expire Passwords\u003C\u002Fa> plugin. The notes below are copied over from the original plugin and will be updated as relevant updates become available. Please help by contributing to the GitHub repository \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">Expire Passwords\u003C\u002Fa> on GitHub\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fexpire-user-passwords\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Harden the security of your site by preventing unauthorized access to stale user accounts.\u003C\u002Fp>\n\u003Cp>This plugin is also ideal for sites needing to meet certain industry security compliances – such as government, banking or healthcare.\u003C\u002Fp>\n\u003Cp>In the plugin settings you can set the maximum number of days users are allowed to use the same password (90 days by default), as well as which user roles will be required to reset their passwords regularly (non-Administrators by default).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Languages supported:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Albanian (Shqip)\u003C\u002Fli>\n\u003Cli>Arabic (العربية)\u003C\u002Fli>\n\u003Cli>Armenian (Հայերեն)\u003C\u002Fli>\n\u003Cli>Basque (Euskara)\u003C\u002Fli>\n\u003Cli>Bengali (বাংলা)\u003C\u002Fli>\n\u003Cli>Bulgarian (Български)\u003C\u002Fli>\n\u003Cli>Catalan (Català)\u003C\u002Fli>\n\u003Cli>Chinese Simplified (简体中文)\u003C\u002Fli>\n\u003Cli>Croatian (Hrvatski)\u003C\u002Fli>\n\u003Cli>Czech (Čeština)\u003C\u002Fli>\n\u003Cli>Danish (Dansk)\u003C\u002Fli>\n\u003Cli>Dutch (Nederlands)\u003C\u002Fli>\n\u003Cli>Estonian (Eesti)\u003C\u002Fli>\n\u003Cli>Finnish (Suomi)\u003C\u002Fli>\n\u003Cli>French (Français)\u003C\u002Fli>\n\u003Cli>Galician (Galego)\u003C\u002Fli>\n\u003Cli>Georgian (ქართული)\u003C\u002Fli>\n\u003Cli>German (Deutsch)\u003C\u002Fli>\n\u003Cli>Greek (Ελληνικά)\u003C\u002Fli>\n\u003Cli>Hebrew (עברית)\u003C\u002Fli>\n\u003Cli>Hindi (हिन्दी)\u003C\u002Fli>\n\u003Cli>Hungarian (Magyar)\u003C\u002Fli>\n\u003Cli>Indonesian (Bahasa Indonesia)\u003C\u002Fli>\n\u003Cli>Irish (Gaeilge)\u003C\u002Fli>\n\u003Cli>Italian (Italiano)\u003C\u002Fli>\n\u003Cli>Japanese (日本語)\u003C\u002Fli>\n\u003Cli>Korean (한국어)\u003C\u002Fli>\n\u003Cli>Latvian (Latviešu)\u003C\u002Fli>\n\u003Cli>Lithuanian (Lietuvių)\u003C\u002Fli>\n\u003Cli>Macedonian (Македонски)\u003C\u002Fli>\n\u003Cli>Norwegian (Norsk)\u003C\u002Fli>\n\u003Cli>Persian (فارسی)\u003C\u002Fli>\n\u003Cli>Persian – Afghanistan (دری)\u003C\u002Fli>\n\u003Cli>Polish (Polski)\u003C\u002Fli>\n\u003Cli>Portuguese – Brazil (Português do Brasil)\u003C\u002Fli>\n\u003Cli>Portuguese – Portugal (Português)\u003C\u002Fli>\n\u003Cli>Romanian (Română)\u003C\u002Fli>\n\u003Cli>Russian (Русский)\u003C\u002Fli>\n\u003Cli>Serbian (Српски)\u003C\u002Fli>\n\u003Cli>Slovak (Slovenčina)\u003C\u002Fli>\n\u003Cli>Slovenian (Slovenščina)\u003C\u002Fli>\n\u003Cli>Spanish (Español)\u003C\u002Fli>\n\u003Cli>Swedish (Svenska)\u003C\u002Fli>\n\u003Cli>Tamil (தமிழ்)\u003C\u002Fli>\n\u003Cli>Thai (ไทย)\u003C\u002Fli>\n\u003Cli>Turkish (Türkçe)\u003C\u002Fli>\n\u003Cli>Ukrainian (Українська)\u003C\u002Fli>\n\u003Cli>Urdu (اردو)\u003C\u002Fli>\n\u003Cli>Vietnamese (Tiếng Việt)\u003C\u002Fli>\n\u003Cli>Welsh (Cymraeg)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Development of this plugin is done \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>. Pull requests welcome. Please see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\u002Fissues\" rel=\"nofollow ugc\">issues reported\u003C\u002Fa> there before going to the plugin forum.\u003C\u002Fstrong>\u003C\u002Fp>\n","Require certain users to change their passwords on a regular basis.",3000,57937,84,5,"2026-02-17T09:27:00.000Z","8.1",[23,98,99,24,100],"membership","passwords","users","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpire-user-passwords.1.4.2.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":27,"num_ratings":112,"last_updated":113,"tested_up_to":16,"requires_at_least":77,"requires_php":114,"tags":115,"homepage":119,"download_link":120,"security_score":121,"vuln_count":122,"unpatched_count":28,"last_vuln_date":123,"fetched_at":30},"advanced-country-blocker","Advanced Country Blocker","2.3.2","brstefanovic","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrstefanovic\u002F","\u003Cp>\u003Cstrong>Advanced Country Blocker\u003C\u002Fstrong> helps you secure your WordPress site by restricting access based on the visitor’s geolocation (country) or IP address. Upon activation, the plugin detects the activating admin’s country and automatically sets that as the only allowed country. All other visitors from different countries are blocked, unless they use a secret key parameter to temporarily whitelist their IP. Country detection uses the privacy-friendly ip-api.com service by default but can be switched to a fully offline MaxMind GeoLite2 (or compatible) database file once you configure a local copy.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automatically allows the admin’s country\u003C\u002Fstrong> on plugin activation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible IP-to-country lookups\u003C\u002Fstrong> – start with the built-in ip-api.com integration and optionally switch to an offline MaxMind GeoLite2 Country (or compatible) \u003Ccode>.mmdb\u003C\u002Fcode> database file.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Allowlist or blacklist mode\u003C\u002Fstrong> – choose whether the country list acts as an allowlist or blocklist without re-entering countries.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Temporary access\u003C\u002Fstrong> via a customizable secret URL parameter (e.g., \u003Ccode>?MySecretKey=1\u003C\u002Fcode>).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CAPTCHA Challenge\u003C\u002Fstrong> – allow blocked visitors to solve a CAPTCHA to gain temporary access (supports Google reCAPTCHA v2\u002Fv3, hCaptcha, Cloudflare Turnstile).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time Activity Monitor\u003C\u002Fstrong> – live dashboard showing active visitors, recent blocks, and traffic statistics.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics Dashboard\u003C\u002Fstrong> – comprehensive charts and statistics about blocked attempts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Manual blacklisting and safelisting of IPs\u003C\u002Fstrong> for added security and to accommodate uptime monitors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optional email alerts\u003C\u002Fstrong> when new visitors are blocked.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin bypass\u003C\u002Fstrong> so logged-in admins can always access the site (toggleable in the code).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed logging\u003C\u002Fstrong> of blocked attempts in a custom database table, displayed in the WP admin.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom response controls\u003C\u002Fstrong> – personalise the block page title\u002Fmessage, choose the HTTP status (403, 410, 451) or redirect to any URL.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic log cleanup\u003C\u002Fstrong> with configurable retention plus a one-click “Clear Logs” button.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Use the plugin settings page (\u003Cstrong>Country Blocker\u003C\u002Fstrong> menu in WP admin) to configure the list of allowed countries, blacklisted countries, blacklisted IPs, and whether email alerts are enabled.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is open-sourced software licensed under the \u003Ca href=\"https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-3.0.html\" rel=\"nofollow ugc\">GPLv3 or later\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>By default this plugin contacts the ip-api.com geolocation service to detect visitor countries. You can disable all external lookups by switching the IP lookup method to the local MaxMind database in the settings.\u003C\u002Fp>\n","An advanced security plugin that blocks website visitors by country, with additional features like blacklisting, logging blocked attempts, admin bypas &hellip;",2000,11570,6,"2026-02-06T09:04:00.000Z","7.2",[116,117,21,118,24],"blocking","country","ip-blocking","https:\u002F\u002Fsparkcan.com\u002Facb.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-country-blocker.2.3.2.zip",99,1,"2026-02-06 20:24:09",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":27,"num_ratings":134,"last_updated":135,"tested_up_to":136,"requires_at_least":137,"requires_php":18,"tags":138,"homepage":18,"download_link":140,"security_score":141,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"prevent-concurrent-logins","Prevent Concurrent Logins","0.4.0","Frankie Jarrett","https:\u002F\u002Fprofiles.wordpress.org\u002Ffjarrett\u002F","\u003Cp>\u003Cstrong>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fprevent-concurrent-logins\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Deters members\u002Fsubscribers from sharing their accounts with others\u003C\u002Fli>\n\u003Cli>Hardens security by destoying old sessions automatically\u003C\u002Fli>\n\u003Cli>Prompts old sessions to login again if they want to continue\u003C\u002Fli>\n\u003Cli>Ideal for membership sites and web applications\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Important:\u003C\u002Fstrong> If you plan to network-activate this plugin on a multisite network, please install the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fproper-network-activation\u002F\" rel=\"ugc\">Proper Network Activation\u003C\u002Fa> plugin \u003Cem>beforehand\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Development of this plugin is done \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffjarrett\u002Fprevent-concurrent-logins\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>. Pull requests welcome. Please see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffjarrett\u002Fprevent-concurrent-logins\u002Fissues\" rel=\"nofollow ugc\">issues reported\u003C\u002Fa> there before going to the plugin forum.\u003C\u002Fstrong>\u003C\u002Fp>\n","Prevents users from staying logged into the same account from multiple places.",900,17293,17,"2016-08-16T22:21:00.000Z","4.6.30","4.1",[23,98,24,139,100],"sensei","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprevent-concurrent-logins.0.4.0.zip",85,{"attackSurface":143,"codeSignals":180,"taintFlows":215,"riskAssessment":242,"analyzedAt":251},{"hooks":144,"ajaxHandlers":171,"restRoutes":177,"shortcodes":178,"cronEvents":179,"entryPointCount":122,"unprotectedCount":122},[145,151,155,159,163,167],{"type":146,"name":147,"callback":148,"file":149,"line":150},"action","plugins_loaded","cloudguard_textdomain","cloudguard.php",33,{"type":146,"name":152,"callback":153,"file":149,"line":154},"init","cloudguard_php_login_check",101,{"type":146,"name":156,"callback":157,"file":149,"line":158},"admin_enqueue_scripts","cloudguard_admin_assets",110,{"type":146,"name":160,"callback":161,"priority":121,"file":149,"line":162},"admin_menu","cloudguard_admin_menu",124,{"type":146,"name":164,"callback":165,"file":149,"line":166},"admin_init","cloudguard_options_init",157,{"type":146,"name":168,"callback":169,"file":149,"line":170},"wp_dashboard_setup","cloudguard_dash_widgets",401,[172],{"action":173,"nopriv":174,"callback":175,"hasNonce":174,"hasCapCheck":174,"file":149,"line":176},"cloudguard_nag_ajax",false,"cloudguard_nag_ajax_callback",492,[],[],[],{"dangerousFunctions":181,"sqlUsage":182,"outputEscaping":184,"fileOperations":28,"externalRequests":28,"nonceChecks":122,"capabilityChecks":213,"bundledLibraries":214},[],{"prepared":28,"raw":28,"locations":183},[],{"escaped":185,"rawEcho":186,"locations":187},19,12,[188,191,193,195,197,199,201,203,205,207,209,211],{"file":149,"line":189,"context":190},165,"raw output",{"file":149,"line":192,"context":190},178,{"file":149,"line":194,"context":190},186,{"file":149,"line":196,"context":190},196,{"file":149,"line":198,"context":190},279,{"file":149,"line":200,"context":190},316,{"file":149,"line":202,"context":190},326,{"file":149,"line":204,"context":190},412,{"file":149,"line":206,"context":190},421,{"file":149,"line":208,"context":190},432,{"file":149,"line":210,"context":190},442,{"file":149,"line":212,"context":190},483,3,[],[216,232],{"entryPoint":217,"graph":218,"unsanitizedCount":122,"severity":231},"cloudguard_options_section_callback (cloudguard.php:192)",{"nodes":219,"edges":229},[220,224],{"id":221,"type":222,"label":223,"file":149,"line":196},"n0","source","$_SERVER['HTTP_CF_IPCOUNTRY']",{"id":225,"type":226,"label":227,"file":149,"line":196,"wp_function":228},"n1","sink","echo() [XSS]","echo",[230],{"from":221,"to":225,"sanitized":174},"medium",{"entryPoint":233,"graph":234,"unsanitizedCount":28,"severity":241},"\u003Ccloudguard> (cloudguard.php:0)",{"nodes":235,"edges":238},[236,237],{"id":221,"type":222,"label":223,"file":149,"line":196},{"id":225,"type":226,"label":227,"file":149,"line":196,"wp_function":228},[239],{"from":221,"to":225,"sanitized":240},true,"low",{"summary":243,"deductions":244},"The cloudguard plugin v1.4.6 exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and performing capability checks, there are significant concerns regarding its attack surface.  The presence of an unprotected AJAX handler is a critical vulnerability, as it represents a direct entry point for unauthenticated attackers.  This single unprotected entry point significantly increases the risk profile despite other positive code signals.\n\nThe static analysis reveals a concerning taint flow with an unsanitized path, indicating a potential for directory traversal or other path manipulation vulnerabilities, although it is not classified as critical or high severity. The lack of vulnerability history, while seemingly positive, also means there's no historical context to assess how the developers have addressed past issues.  The plugin's strengths lie in its SQL security and capability checks, but the critical weakness of an unprotected AJAX endpoint and the potential unsanitized path require immediate attention and mitigation.",[245,247,249],{"reason":246,"points":33},"Unprotected AJAX handler",{"reason":248,"points":94},"Flow with unsanitized path",{"reason":250,"points":62},"Low percentage of proper output escaping","2026-03-16T18:54:46.201Z",{"wat":253,"direct":260},{"assetPaths":254,"generatorPatterns":257,"scriptPaths":258,"versionParams":259},[255,256],"\u002Fwp-content\u002Fplugins\u002Fcloudguard\u002Fassets\u002Fammap\u002Fammap.js","\u002Fwp-content\u002Fplugins\u002Fcloudguard\u002Fassets\u002Fammap\u002Fmaps\u002Fjs\u002FworldLow.js",[],[255,256],[],{"cssClasses":261,"htmlComments":262,"htmlAttributes":263,"restEndpoints":268,"jsGlobals":269,"shortcodeOutput":270},[],[],[264,265,266,267],"name=\"cloudguard_options[accepted_country]\"","name=\"cloudguard_options[cloudguard_message]\"","name=\"cloudguard_options[cloudguard_redirect]\"","id=\"country_code\"",[],[],[]]