[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fbtA9_76XCHw6yTjjGsGza69Xue0A9sjsgkFHFJwueyM":3,"$fdar06cwmq4_2Ya6xEC72jGp4WJPv28FOnKPa7hY5iLc":324,"$fjgtXVsZsYZCommdIbQHhxgvEMiTQ67rAQd0Jbpe6WtY":328},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":37,"analysis":137,"fingerprints":284},"country-access-blocker","Country Access Blocker","1.6","Valeri Kluger","https:\u002F\u002Fprofiles.wordpress.org\u002Fvalerikluger\u002F","\u003Cp>Country Access Blocker lets you restrict or allow access to your WordPress site based on visitor countries.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\n* Block visitors from specific countries\u003Cbr \u002F>\n* Clean, GDPR-compliant country list\u003Cbr \u002F>\n* Easy admin interface to configure blocked countries\u003Cbr \u002F>\n* Enable or disable IP-based country blocking with one checkbox\u003Cbr \u002F>\n* No external dependencies or WooCommerce required\u003Cbr \u002F>\n* Uses ip-api.com free API for geolocation\u003C\u002Fp>\n\u003Cp>This plugin is ideal if you want to restrict access from certain countries or comply with geo-based regulations.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support or bug reports, please open an issue on the plugin’s GitHub repository or contact the author.\u003C\u002Fp>\n","Block or allow website visitors from specific countries based on IP geolocation.",600,2056,100,2,"2026-01-24T22:53:00.000Z","6.9.4","5.0","",[20,21,22,23,24],"block-country","block-ip","country-blocker","geo-blocking","ip-blocker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcountry-access-blocker.1.6.zip",0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":33,"avg_security_score":13,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"valerikluger",640,30,94,"2026-05-20T04:13:32.382Z",[38,59,77,95,116],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":16,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":57,"download_link":58,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"login-ip-country-restriction","Login IP & Country Restriction","6.8.1","Iulia Cazan","https:\u002F\u002Fprofiles.wordpress.org\u002Fiulia-cazan\u002F","\u003Cp>This plugin hooks in the authenticate filter. By default, the plugin is set to allow all access and you can configure the plugin to allow the login only from some specified IPs or the specified countries. PLEASE MAKE SURE THAT YOU CONFIGURE THE PLUGIN TO ALLOW YOUR OWN ACCESS. If you set a restriction by IP, then you have to add your own IP (if you are using the plugin in a local setup the IP is 127.0.0.1 or ::1, this is added in your list by default). If you set a restriction by country, then you have to select from the list of countries at least your country. Both types of restrictions work independent, so you can set only one type of restriction or both if you want. Also, you can configure the redirects to frontpage when the URLs are accessed by someone that has a restriction. The restriction is either by country, or not in the specified IPs list.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\u003C\u002Fp>\n","Tighten your website security and fight against dictionary bot attacks originating from other countries, by denying access.",7000,113472,92,51,"2025-11-22T14:06:00.000Z","5.1","7.2",[20,21,54,55,56],"country-firewall","country-restriction","login-restriction","https:\u002F\u002Fiuliacazan.ro\u002Flogin-ip-country-restriction\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-ip-country-restriction.6.8.1.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":13,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":17,"requires_php":52,"tags":72,"homepage":75,"download_link":76,"security_score":48,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"geo-blocker","Geo Blocker – Control Site Access by Region and IP","1.0.0","Mohamed Shili","https:\u002F\u002Fprofiles.wordpress.org\u002Fmedshi8\u002F","\u003Cp>🔐 Block or allow visitors by country. Track access attempts. View analytics. Stay in control — effortlessly.\u003C\u002Fp>\n\u003Ch3>🧠 Description\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Geo Blocker\u003C\u002Fstrong> gives you full control over who can access your WordPress site — based on visitor country and IP. Whether you’re protecting content, reducing attack surface, or managing regional access, this plugin does it with precision and clarity.\u003C\u002Fp>\n\u003Cp>🎯 Designed for performance, security, and ease of use.\u003Cbr \u002F>\n📊 Built-in analytics and access logs.\u003Cbr \u002F>\n🧭 Never get locked out — admin-safe bypass included.\u003C\u002Fp>\n\u003Ch3>🚀 Features\u003C\u002Fh3>\n\u003Ch3>✅ Access Control That Makes Sense\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Block Selected Countries\u003C\u002Fstrong> – deny access to specific regions  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Allow Selected Countries\u003C\u002Fstrong> – restrict site only to approved countries  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🧩 Smart Blocking Actions\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>📜 Show custom message  \u003C\u002Fli>\n\u003Cli>🔁 Redirect to a URL  \u003C\u002Fli>\n\u003Cli>🚫 Send HTTP 403 Forbidden response  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🌐 Visual Country Selector\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Flag icons & search bar for quick targeting  \u003C\u002Fli>\n\u003Cli>Filter by continent (Africa, Asia, Europe, etc.)  \u003C\u002Fli>\n\u003Cli>One-click select\u002Fdeselect all  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📈 Analytics Dashboard\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Summary cards: total visits, blocks, IPs  \u003C\u002Fli>\n\u003Cli>Hourly charts for real-time insights  \u003C\u002Fli>\n\u003Cli>Filter by date range & data type (accesses, unique IPs, etc.)  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📋 Detailed Logs\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>See IP, country, URL, status, user agent  \u003C\u002Fli>\n\u003Cli>Filters out common junk (favicon, robots.txt)  \u003C\u002Fli>\n\u003Cli>Admin visits are auto-ignored to reduce noise  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🛠️ Admin-Proof Bypass URL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Special URL with bypass parameter to access login anytime  \u003C\u002Fli>\n\u003Cli>Prevents accidental lockouts  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔄 Data Export & Log Management\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Export logs in CSV or JSON  \u003C\u002Fli>\n\u003Cli>Clear logs with a single click  \u003C\u002Fli>\n\u003Cli>Sort & search logs in the UI\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🌐 External Services\u003C\u002Fh3>\n\u003Cp>This plugin uses a third-party API to determine the visitor’s country based on their IP address.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service used:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fipwho.is\" rel=\"nofollow ugc\">IPWho.is\u003C\u002Fa>  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose:\u003C\u002Fstrong> To perform IP geolocation and detect the country of each visitor, allowing the plugin to block or allow access accordingly.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data sent:\u003C\u002Fstrong> The visitor’s IP address is sent to the IPWho.is API on page load when geo-blocking is active.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Service:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fipwhois.io\u002Fterms\" rel=\"nofollow ugc\">https:\u002F\u002Fipwhois.io\u002Fterms\u003C\u002Fa>  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Policy:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fipwhois.io\u002Fprivacy\" rel=\"nofollow ugc\">https:\u002F\u002Fipwhois.io\u002Fprivacy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🖥️ Screenshots\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>📊 Dashboard Overview\u003C\u002Fstrong> – See country blocks, allowed hits & total attempts   \u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔧 Blocking Rules\u003C\u002Fstrong> – Choose block mode, action type, and targets. Enable or disable countries visually\u003C\u002Fli>\n\u003Cli>\u003Cstrong>📉 Analytics Graphs\u003C\u002Fstrong> – View access by time, state, and IP 5. \u003Cstrong>📑 Logs Table\u003C\u002Fstrong> – Deep insights with full logs of visitor attempts. Export CSV\u002FJSON logs with one click\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>📦 Installation\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Upload the plugin folder to \u003Ccode>\u002Fwp-content\u002Fplugins\u002Fgeo-blocker\u003C\u002Fcode>  \u003C\u002Fli>\n\u003Cli>Activate via \u003Cstrong>Plugins \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Installed Plugins\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Go to \u003Cstrong>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Geo Blocker\u003C\u002Fstrong>  \u003C\u002Fli>\n\u003Cli>Enable Geo Blocking using the toggle  \u003C\u002Fli>\n\u003Cli>Choose between \u003Cstrong>block\u003C\u002Fstrong> or \u003Cstrong>allow\u003C\u002Fstrong> mode  \u003C\u002Fli>\n\u003Cli>Select countries using the visual interface  \u003C\u002Fli>\n\u003Cli>Pick your blocking action (message, redirect, or 403)  \u003C\u002Fli>\n\u003Cli>Save settings — done!\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>❓ Frequently Asked Questions\u003C\u002Fh3>\n\u003Ch3>How does Geo Blocker detect country?\u003C\u002Fh3>\n\u003Cp>It uses the reliable \u003Cstrong>IpWhoIs API\u003C\u002Fstrong> to fetch country data based on the visitor’s IP.\u003C\u002Fp>\n\u003Ch3>Will it slow down my site?\u003C\u002Fh3>\n\u003Cp>Nope. It’s optimized with \u003Cstrong>transient caching\u003C\u002Fstrong> and smart triggers — no unnecessary lookups.\u003C\u002Fp>\n\u003Ch3>Can I lock myself out?\u003C\u002Fh3>\n\u003Cp>No. There’s a \u003Cstrong>login bypass URL\u003C\u002Fstrong> generated for administrators — shown right on the dashboard.\u003C\u002Fp>\n\u003Ch3>Can I block specific pages?\u003C\u002Fh3>\n\u003Cp>Not yet — current version works site-wide. Per-page rules may come in a future update.\u003C\u002Fp>\n\u003Ch3>Can I export visitor logs?\u003C\u002Fh3>\n\u003Cp>Yes. Logs can be exported in \u003Cstrong>CSV or JSON\u003C\u002Fstrong> format directly from the Logs tab.\u003C\u002Fp>\n\u003Ch3>Does it work with caching plugins?\u003C\u002Fh3>\n\u003Cp>Yes, but you may need to \u003Cstrong>exclude the plugin’s logic\u003C\u002Fstrong> from caching. Dynamic geo checks should not be cached.\u003C\u002Fp>\n\u003Ch3>🗂️ Changelog\u003C\u002Fh3>\n\u003Ch4>1.0.0\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>🎉 Initial release with all core features\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🛡️ Additional Notes\u003C\u002Fh3>\n\u003Ch3>Emergency Bypass\u003C\u002Fh3>\n\u003Cp>Every admin gets a custom bypass link to avoid accidental lockouts. It’s always visible in the dashboard.\u003C\u002Fp>\n\u003Ch3>Blocking Actions\u003C\u002Fh3>\n\u003Cp>Choose the experience blocked users receive:\u003Cbr \u002F>\n– Custom message\u003Cbr \u002F>\n– Redirect to another URL\u003Cbr \u002F>\n– Send 403 Forbidden header\u003C\u002Fp>\n\u003Ch3>Logs & Privacy\u003C\u002Fh3>\n\u003Cp>Logs are stored locally in your WordPress database. The plugin sends only the visitor’s IP to IPWho.is — no personally identifiable information is shared or stored externally.\u003C\u002Fp>\n\u003Ch3>💡 Enjoying Geo Blocker? Try Our Other Free Plugins\u003C\u002Fh3>\n\u003Cp>Looking for even more control and peace of mind? Check out our other tools:\u003C\u002Fp>\n\u003Cp>🔕 \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnotification-blocker\u002F\" rel=\"ugc\">Notification Blocker\u003C\u002Fa>\u003C\u002Fstrong> – Hide annoying plugin notices from your dashboard without hacking core files.\u003C\u002Fp>\n\u003Cp>🛡️ \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffortress-login-pro\u002F\" rel=\"ugc\">Fortress Login Pro\u003C\u002Fa>\u003C\u002Fstrong> – Obscure your login page, add brute-force protection, and block unauthorized access attempts with ease.\u003C\u002Fp>\n\u003Cp>If you like Geo Blocker, you’ll probably find these just as helpful. Try them out!\u003C\u002Fp>\n","🔐 Block or allow visitors by country. Track access attempts. View analytics. Stay in control — effortlessly.",700,1958,1,"2025-05-18T22:09:00.000Z","6.8.5",[73,55,23,74,24],"access-control","geolocation","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgeo-blocker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgeo-blocker.1.0.0.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":13,"num_ratings":69,"last_updated":87,"tested_up_to":16,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":18,"download_link":94,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"ip-blocker-lite","IP & Country Blocker Lite","3.0.0","Nurul Islam","https:\u002F\u002Fprofiles.wordpress.org\u002Ffaqnurul\u002F","\u003Cp>IP & Country Blocker Lite is a comprehensive WordPress security plugin that provides multiple layers of protection for your website. Block unwanted visitors based on IP addresses or countries, and add an extra layer of security with two-factor authentication (2FA).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>IP Address Blocking\u003C\u002Fstrong>: Block or allow specific IP addresses, IP ranges, or subnets\u003Cbr \u002F>\n* \u003Cstrong>Country-Based Blocking\u003C\u002Fstrong>: Restrict access based on visitors’ countries\u003Cbr \u002F>\n* \u003Cstrong>Two-Factor Authentication\u003C\u002Fstrong>: Secure admin logins with email-based 2FA or authenticator apps\u003Cbr \u002F>\n* \u003Cstrong>Recovery Codes\u003C\u002Fstrong>: Backup access codes for account recovery\u003Cbr \u002F>\n* \u003Cstrong>Emergency Recovery\u003C\u002Fstrong>: Generate secure recovery URLs to disable the plugin if locked out\u003Cbr \u002F>\n* \u003Cstrong>Advanced Security Dashboard\u003C\u002Fstrong>: Monitor blocked attempts and security events\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Benefits:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Protect against spam, bots, and malicious traffic\u003Cbr \u002F>\n* Prevent brute force attacks on admin login\u003Cbr \u002F>\n* Block entire countries or regions\u003Cbr \u002F>\n* Easy-to-use admin interface with real-time monitoring\u003Cbr \u002F>\n* Lightweight and fast performance\u003Cbr \u002F>\n* No external dependencies for core functionality\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Easy Management:\u003C\u002Fstrong>\u003Cbr \u002F>\n* One-click blocking\u002Funblocking\u003Cbr \u002F>\n* Intuitive admin panel with tabbed interface\u003Cbr \u002F>\n* Real-time activity logs\u003Cbr \u002F>\n* Bulk operations support\u003Cbr \u002F>\n* Custom blocked page templates\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Monitoring & Analytics:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Track blocked IP attempts\u003Cbr \u002F>\n* View country-wise access statistics\u003Cbr \u002F>\n* Monitor security events\u003Cbr \u002F>\n* Export blocking rules\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy & Compliance:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Uses free IP-API.com service for geolocation\u003Cbr \u002F>\n* No personal data storage\u003Cbr \u002F>\n* GDPR compliant\u003Cbr \u002F>\n* Respects user privacy\u003C\u002Fp>\n\u003Ch3>Data Collection & Privacy\u003C\u002Fh3>\n\u003Cp>For transparency, here’s what data the plugin collects and why:\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Essential Data Collection (Always Required for Functionality):\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>IP Addresses\u003C\u002Fstrong>: Collected for security blocking and geolocation features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Enable IP\u002Fcountry blocking, security monitoring, and access control\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Storage\u003C\u002Fstrong>: Temporary (not stored in database, only processed in memory)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Third Parties\u003C\u002Fstrong>: Sent to IP-API.com for country lookup (free service)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Country Information\u003C\u002Fstrong>: Derived from IP addresses via geolocation\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Enable country-based blocking and access statistics\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Storage\u003C\u002Fstrong>: Not stored permanently (only used for blocking decisions)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Third Parties\u003C\u002Fstrong>: Retrieved from IP-API.com (free geolocation service)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Optional Data Collection (Only with User Consent):\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Plugin Usage Statistics\u003C\u002Fstrong>: Anonymous plugin performance data\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Improve plugin quality and fix bugs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Collected\u003C\u002Fstrong>: Plugin version, WordPress version, PHP version, activation date\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Storage\u003C\u002Fstrong>: Remote server (only if user consents)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy\u003C\u002Fstrong>: Completely anonymous, no personal identifiers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>User Feedback\u003C\u002Fstrong>: Plugin reviews and feedback submissions\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Understand user needs and improve features\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Collected\u003C\u002Fstrong>: Feedback text, rating, plugin version, PHP version\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Storage\u003C\u002Fstrong>: Remote server (only if user consents)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy\u003C\u002Fstrong>: Anonymous feedback, no personal data required\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Policy\u003C\u002Fstrong>: http:\u002F\u002Fcodecanvasbd\u002Fprivacy-policy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Data Collection Controls:\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Consent Required\u003C\u002Fstrong>: Optional data collection requires explicit user consent\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Opt-out\u003C\u002Fstrong>: Users can decline consent at any time\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Automatic Collection\u003C\u002Fstrong>: No data sent without user permission\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Transparent Process\u003C\u002Fstrong>: Clear consent modal explains what data is collected\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Third-Party Services:\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>IP-API.com\u003C\u002Fstrong>: Free geolocation service for country detection\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Data sent: Visitor IP addresses\u003C\u002Fli>\n\u003Cli>Purpose: Determine visitor country for blocking features\u003C\u002Fli>\n\u003Cli>Privacy: IP-API.com privacy policy applies\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Remote Analytics Server\u003C\u002Fstrong> (optional, consent required):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Data sent: Anonymous usage statistics\u003C\u002Fli>\n\u003Cli>Purpose: Plugin improvement and support\u003C\u002Fli>\n\u003Cli>Privacy: No personal data, fully anonymous\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>GDPR Compliance:\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>✅ No personal data storage without consent\u003C\u002Fli>\n\u003Cli>✅ Clear consent mechanisms\u003C\u002Fli>\n\u003Cli>✅ Easy opt-out options\u003C\u002Fli>\n\u003Cli>✅ Transparent data practices\u003C\u002Fli>\n\u003Cli>✅ Data minimization principles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Main Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>IP & Country Blocking:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Block specific IP addresses or ranges (CIDR notation supported)\u003Cbr \u002F>\n* Block entire countries or allow only specific countries\u003Cbr \u002F>\n* Whitelist important IPs for access\u003Cbr \u002F>\n* Real-time blocking with immediate effect\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two-Factor Authentication (2FA):\u003C\u002Fstrong>\u003Cbr \u002F>\n* Email-based 2FA for easy setup\u003Cbr \u002F>\n* Authenticator app support (Google Authenticator, Authy, etc.)\u003Cbr \u002F>\n* Recovery codes for account access\u003Cbr \u002F>\n* Secure code generation and validation\u003Cbr \u002F>\n* Admin email verification\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Emergency Recovery System:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Generate secure recovery URLs to disable plugin if locked out\u003Cbr \u002F>\n* Time-limited recovery hashes (24 hours expiration)\u003Cbr \u002F>\n* One-click plugin deactivation via recovery URL\u003Cbr \u002F>\n* Secure hash verification to prevent unauthorized access\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Admin Interface:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Modern, responsive dashboard\u003Cbr \u002F>\n* Tabbed navigation for easy access\u003Cbr \u002F>\n* Real-time statistics and charts\u003Cbr \u002F>\n* Activity logs with filtering\u003Cbr \u002F>\n* Bulk operations for efficiency\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Monitoring:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Track blocked access attempts\u003Cbr \u002F>\n* Country-wise visitor statistics\u003Cbr \u002F>\n* Failed login monitoring\u003Cbr \u002F>\n* Security event logging\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Performance Optimized:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Lightweight codebase\u003Cbr \u002F>\n* Minimal database queries\u003Cbr \u002F>\n* Fast IP lookups\u003Cbr \u002F>\n* Caching support\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin uses the IP-API.com service to detect the user’s location based on their IP address.\u003Cbr \u002F>\n– \u003Cstrong>Service\u003C\u002Fstrong>: IP-API.com (http:\u002F\u002Fip-api.com)\u003Cbr \u002F>\n– \u003Cstrong>Purpose\u003C\u002Fstrong>: IP geolocation for country-based blocking\u003Cbr \u002F>\n– \u003Cstrong>Data Sent\u003C\u002Fstrong>: User’s IP address only\u003Cbr \u002F>\n– \u003Cstrong>Privacy Policy\u003C\u002Fstrong>: http:\u002F\u002Fip-api.com\u002Fdocs\u002Flegal\u003Cbr \u002F>\n– \u003Cstrong>Data Storage\u003C\u002Fstrong>: No personal data is stored by this plugin\u003C\u002Fp>\n\u003Cp>The plugin works without this service but country blocking features will be limited.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, bug reports, or feature requests:\u003Cbr \u002F>\n– \u003Cstrong>WordPress.org Support Forum\u003C\u002Fstrong>: https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fip-blocker-lite\u002F\u003Cbr \u002F>\n– \u003Cstrong>GitHub Issues\u003C\u002Fstrong>: Report bugs and request features\u003Cbr \u002F>\n– \u003Cstrong>Email\u003C\u002Fstrong>: Contact through WordPress.org profile\u003C\u002Fp>\n\u003Ch3>Contributing\u003C\u002Fh3>\n\u003Cp>Contributions are welcome! Please feel free to submit pull requests or open issues on GitHub.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Developer\u003C\u002Fstrong>: Nurul Islam (faqnurul)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Icons\u003C\u002Fstrong>: Dashicons (WordPress)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Geolocation\u003C\u002Fstrong>: IP-API.com (free tier)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Charts\u003C\u002Fstrong>: Chart.js library\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003Cbr \u002F>\nLicense URI: http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fp>\n\u003Cp>Take control of your website’s security and protect it from unwanted visitors with IP & Country Blocker Lite!\u003C\u002Fp>\n","Advanced WordPress security plugin with IP\u002Fcountry blocking and two-factor authentication for comprehensive website protection.",400,2077,"2026-01-05T16:17:00.000Z","4.0","7.0",[22,24,91,92,93],"login-security","two-factor-authentication","website-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fip-blocker-lite.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":105,"num_ratings":69,"last_updated":106,"tested_up_to":16,"requires_at_least":107,"requires_php":108,"tags":109,"homepage":113,"download_link":114,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":115},"block-website-access-by-region-lite","Country Blocker and Geoblocker FREE","1.1.0","Simple Tools","https:\u002F\u002Fprofiles.wordpress.org\u002Fjimmyredline80\u002F","\u003Cp>\u003Cstrong>Country Blocker\u003C\u002Fstrong> is the easiest way to block website visitors by country, region, or IP address. No API keys required, no complicated setup – just activate, select countries to block, and protect your site instantly.\u003C\u002Fp>\n\u003Cp>Perfect for compliance, security, and content licensing:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>GDPR compliance\u003C\u002Fstrong> – Block EU countries to avoid cookie consent requirements\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CCPA compliance\u003C\u002Fstrong> – Block California traffic if you can’t meet data privacy requirements\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gambling & gaming sites\u003C\u002Fstrong> – Restrict access from prohibited jurisdictions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Streaming & licensed content\u003C\u002Fstrong> – Enforce geographic licensing restrictions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Financial services\u003C\u002Fstrong> – Block countries you’re not licensed to operate in\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reduce spam & attacks\u003C\u002Fstrong> – Block high-risk countries and VPN traffic\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Choose Country Blocker?\u003C\u002Fh3>\n\u003Cp>✅ \u003Cstrong>One-click setup\u003C\u002Fstrong> – No API keys or database downloads required\u003Cbr \u002F>\n✅ \u003Cstrong>Actually works\u003C\u002Fstrong> – Powered by our reliable geolocation server infrastructure\u003Cbr \u002F>\n✅ \u003Cstrong>VPN & proxy detection\u003C\u002Fstrong> – Optional blocking of VPNs, proxies, data centers, and hosting providers\u003Cbr \u002F>\n✅ \u003Cstrong>SEO friendly\u003C\u002Fstrong> – Automatically allows Google, Bing, and other search engine crawlers\u003Cbr \u002F>\n✅ \u003Cstrong>Won’t lock you out\u003C\u002Fstrong> – WordPress admin and login pages always remain accessible\u003Cbr \u002F>\n✅ \u003Cstrong>Privacy focused\u003C\u002Fstrong> – Minimal data storage with IP hashing for security\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Blocking & Access Control:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Block visitors from any country with a simple checkbox (250+ countries)\u003Cbr \u002F>\n* Optional VPN, proxy, and datacenter detection and blocking\u003Cbr \u002F>\n* Search engine crawler bypass (Google, Bing, DuckDuckGo, etc.)\u003Cbr \u002F>\n* Choose to allow or block visitors when country cannot be determined\u003Cbr \u002F>\n* Emergency bypass URL parameter for troubleshooting\u003Cbr \u002F>\n* WordPress admin and login pages are never blocked\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Geolocation:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Works instantly without API keys or configuration\u003Cbr \u002F>\n* Powered by our managed geolocation server (no setup required)\u003Cbr \u002F>\n* Cloudflare IP detection support\u003Cbr \u002F>\n* Supports proxy headers (X-Forwarded-For, X-Real-IP, CF-Connecting-IP)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Logging & Monitoring:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Track all blocked and allowed access attempts\u003Cbr \u002F>\n* View visitor country codes and decision reasons\u003Cbr \u002F>\n* Automatic log cleanup (configurable retention period)\u003Cbr \u002F>\n* Rate limiting to prevent log spam\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy & Security:\u003C\u002Fstrong>\u003Cbr \u002F>\n* IP addresses are hashed by default for privacy\u003Cbr \u002F>\n* GDPR and CCPA friendly minimal data storage\u003Cbr \u002F>\n* Configurable data retention policies\u003Cbr \u002F>\n* No tracking scripts or external cookies\u003C\u002Fp>\n\u003Ch3>Pro Version\u003C\u002Fh3>\n\u003Cp>Need more granular control? \u003Cstrong>Country Blocker Pro\u003C\u002Fstrong> includes:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Region-Level Blocking:\u003C\u002Fstrong>\u003Cbr \u002F>\n* 🇺🇸 Block specific US states (all 50 states + DC, Puerto Rico, Guam, US Virgin Islands)\u003Cbr \u002F>\n* 🇨🇦 Block Canadian provinces and territories\u003Cbr \u002F>\n* 🇬🇧 Block UK regions (England, Scotland, Wales, Northern Ireland)\u003Cbr \u002F>\n* 🇦🇺 Block Australian states and territories\u003Cbr \u002F>\n* 🇩🇪 Block German states (Bundesländer)\u003Cbr \u002F>\n* 🇮🇳 Block Indian states and union territories\u003Cbr \u002F>\n* 🇨🇳 Block Chinese provinces and municipalities\u003Cbr \u002F>\n* 🌍 Block entire continents with one click\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advanced Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n* IP whitelist – Never block specific IPs (supports CIDR notation)\u003Cbr \u002F>\n* IP blacklist – Always block specific IPs regardless of location\u003Cbr \u002F>\n* Custom block page with full color customization\u003Cbr \u002F>\n* Custom CSS editor for complete design control\u003Cbr \u002F>\n* Redirect blocked visitors to any URL\u003Cbr \u002F>\n* Advanced logging with CSV export\u003Cbr \u002F>\n* Smart log retention and database optimization\u003Cbr \u002F>\n* Priority email support\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.plugins-for-wp.com\u002Fproduct\u002Fcountry-blocker-and-geoblocker-pro\u002F\" rel=\"nofollow ugc\">Get Country Blocker Pro \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to external services for geolocation functionality and anonymous usage reporting. By using this plugin, you acknowledge that data will be sent to these third-party services.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>1. Geolocation Service\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>To determine a visitor’s country, the plugin sends the visitor’s IP address to our geolocation server:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Simple Tools for WP Geolocation API\u003C\u002Fstrong>\u003Cbr \u002F>\n* Service: IP geolocation lookup\u003Cbr \u002F>\n* Data sent: Visitor IP address, your site URL\u003Cbr \u002F>\n* When: On each unique visitor’s first page load (cached for 24 hours)\u003Cbr \u002F>\n* Endpoint: https:\u002F\u002Fplugins-for-wp.com\u002Fwp-json\u002Fssp-geo\u002Fv1\u002Flookup\u003Cbr \u002F>\n* Privacy: IP addresses are processed only for geolocation purposes and are not stored permanently on our servers\u003Cbr \u002F>\n* Terms: https:\u002F\u002Fplugins-for-wp.com\u002Fterms\u002F\u003Cbr \u002F>\n* Privacy Policy: https:\u002F\u002Fplugins-for-wp.com\u002Fprivacy\u002F\u003C\u002Fp>\n\u003Cp>\u003Cstrong>2. Anonymous Usage Statistics\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Twice daily the plugin sends aggregated blocking event statistics to our servers to help us monitor plugin health, improve geolocation accuracy, and understand how the plugin is being used:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Simple Tools for WP Reporting API\u003C\u002Fstrong>\u003Cbr \u002F>\n* Service: Anonymous blocking event reporting\u003Cbr \u002F>\n* Data sent: Hashed visitor IP addresses (SHA-256, non-reversible), country codes, block\u002Fallow decisions, plugin version, WordPress version, PHP version, your site URL\u003Cbr \u002F>\n* When: Sent in batches twice daily (8 AM and 8 PM server time)\u003Cbr \u002F>\n* Endpoint: https:\u002F\u002Fplugins-for-wp.com\u002Fwp-json\u002Fssp-geo\u002Fv1\u002Freport-batch\u003Cbr \u002F>\n* Privacy: Hashed IPs cannot be reversed to identify individuals. No personally identifiable information is transmitted.\u003Cbr \u002F>\n* Terms: https:\u002F\u002Fplugins-for-wp.com\u002Fterms\u002F\u003Cbr \u002F>\n* Privacy Policy: https:\u002F\u002Fplugins-for-wp.com\u002Fprivacy\u002F\u003Cbr \u002F>\n* Opt-out: To disable usage reporting for your site, contact support@plugins-for-wp.com\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Data Retention:\u003C\u002Fstrong>\u003Cbr \u002F>\nThe plugin stores minimal data on your WordPress database: hashed IP addresses (for rate limiting), country codes, access decisions (blocked\u002Fallowed), and timestamps. You can configure automatic log cleanup in settings. The plugin does not track individual visitors or create profiles.\u003C\u002Fp>\n\u003Ch3>Service Terms & Future Pricing\u003C\u002Fh3>\n\u003Cp>The geolocation service is currently provided free of charge. We are covering the server and infrastructure costs during this introductory period.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Future pricing may apply:\u003C\u002Fstrong> We reserve the right to introduce usage-based pricing for the geolocation service in the future. If pricing is introduced, it would be based on the number of geolocation requests your site makes to our servers.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why this is permitted:\u003C\u002Fstrong> This plugin operates under a Software-as-a-Service (SaaS) model where the core functionality depends on our external geolocation servers. Under standard software licensing practices and the GPL license, while the plugin code itself is free and open source, external services that the plugin connects to may have their own terms, conditions, and pricing structures. This is similar to how many WordPress plugins offer free plugins that connect to paid external services (email marketing, backup storage, CDN services, etc.).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What this means for you:\u003C\u002Fstrong>\u003Cbr \u002F>\n* The plugin will continue to function as described\u003Cbr \u002F>\n* You will be notified in advance of any pricing changes\u003Cbr \u002F>\n* You are not obligated to continue using the service if pricing is introduced\u003Cbr \u002F>\n* Alternative geolocation solutions can be implemented if you choose not to use our service\u003C\u002Fp>\n\u003Cp>By installing and using this plugin, you acknowledge and accept these terms.\u003C\u002Fp>\n\u003Ch3>Privacy & Data Usage\u003C\u002Fh3>\n\u003Cp>This plugin is designed with privacy in mind:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>IP addresses are hashed by default before storage\u003C\u002Fli>\n\u003Cli>Only country codes and access decisions are logged, not full visitor profiles\u003C\u002Fli>\n\u003Cli>Logs can be automatically cleaned up after a configurable retention period\u003C\u002Fli>\n\u003Cli>No cookies are set on the visitor’s browser\u003C\u002Fli>\n\u003Cli>No tracking scripts are loaded\u003C\u002Fli>\n\u003Cli>Geolocation lookups are cached for 24 hours to minimize server requests\u003C\u002Fli>\n\u003Cli>Anonymous blocking statistics are sent twice daily using non-reversible hashed IPs\u003C\u002Fli>\n\u003Cli>To opt out of anonymous reporting, contact support@plugins-for-wp.com\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For GDPR compliance, the plugin blocks visitors from specified countries, which may reduce your data collection obligations. However, you should still review your complete privacy obligations with a legal professional.\u003C\u002Fp>\n","Block visitors by country in one click. Geo blocker with VPN detection, IP blocking & country restrictions. GDPR & CCPA compliance made easy.",80,1786,20,"2026-04-05T22:42:00.000Z","5.6","7.4",[22,110,23,111,112],"gdpr","security","vpn-blocker","https:\u002F\u002Fplugins-for-wp.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-website-access-by-region-lite.zip","2026-04-06T09:54:40.288Z",{"slug":20,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":125,"num_ratings":126,"last_updated":127,"tested_up_to":128,"requires_at_least":129,"requires_php":18,"tags":130,"homepage":133,"download_link":134,"security_score":135,"vuln_count":69,"unpatched_count":69,"last_vuln_date":136,"fetched_at":28},"Block Country","1.0","nitinmaurya12","https:\u002F\u002Fprofiles.wordpress.org\u002Fnitinmaurya12\u002F","\u003Cp>Set country and IP to block your website. You can also set IP address to unblock for any special IP Address.\u003C\u002Fp>\n","Set country and IP to block your website. You can also set IP address to unblock for any special IP Address.",70,5788,60,6,"2013-12-10T22:05:00.000Z","3.6.1","3.2",[20,131,132],"block-ip-address","unblock-any-ip-address","http:\u002F\u002Fnitinmaurya.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-country.zip",63,"2025-10-13 00:00:00",{"attackSurface":138,"codeSignals":156,"taintFlows":217,"riskAssessment":273,"analyzedAt":283},{"hooks":139,"ajaxHandlers":152,"restRoutes":153,"shortcodes":154,"cronEvents":155,"entryPointCount":26,"unprotectedCount":26},[140,146,149],{"type":141,"name":142,"callback":143,"file":144,"line":145},"action","wp_loaded","closure","country-access-blocker.php",18,{"type":141,"name":147,"callback":143,"file":144,"line":148},"admin_menu",66,{"type":141,"name":150,"callback":143,"file":144,"line":151},"admin_enqueue_scripts",77,[],[],[],[],{"dangerousFunctions":157,"sqlUsage":158,"outputEscaping":160,"fileOperations":26,"externalRequests":69,"nonceChecks":69,"capabilityChecks":26,"bundledLibraries":216},[],{"prepared":26,"raw":26,"locations":159},[],{"escaped":105,"rawEcho":161,"locations":162},26,[163,166,168,170,172,174,176,178,180,182,184,186,188,190,192,194,196,198,200,202,204,206,208,210,212,214],{"file":144,"line":164,"context":165},148,"raw output",{"file":144,"line":167,"context":165},162,{"file":144,"line":169,"context":165},169,{"file":144,"line":171,"context":165},172,{"file":144,"line":173,"context":165},173,{"file":144,"line":175,"context":165},176,{"file":144,"line":177,"context":165},177,{"file":144,"line":179,"context":165},181,{"file":144,"line":181,"context":165},197,{"file":144,"line":183,"context":165},198,{"file":144,"line":185,"context":165},201,{"file":144,"line":187,"context":165},202,{"file":144,"line":189,"context":165},203,{"file":144,"line":191,"context":165},204,{"file":144,"line":193,"context":165},207,{"file":144,"line":195,"context":165},208,{"file":144,"line":197,"context":165},213,{"file":144,"line":199,"context":165},214,{"file":144,"line":201,"context":165},217,{"file":144,"line":203,"context":165},220,{"file":144,"line":205,"context":165},224,{"file":144,"line":207,"context":165},225,{"file":144,"line":209,"context":165},230,{"file":144,"line":211,"context":165},231,{"file":144,"line":213,"context":165},232,{"file":144,"line":215,"context":165},247,[],[218,253],{"entryPoint":219,"graph":220,"unsanitizedCount":69,"severity":252},"cab_admin_page (country-access-blocker.php:105)",{"nodes":221,"edges":246},[222,227,233,237,241],{"id":223,"type":224,"label":225,"file":144,"line":226},"n0","source","$_SERVER (x2)",114,{"id":228,"type":229,"label":230,"file":144,"line":231,"wp_function":232},"n1","sink","echo() [XSS]",161,"echo",{"id":234,"type":224,"label":235,"file":144,"line":236},"n2","$_SERVER",154,{"id":238,"type":239,"label":240,"file":144,"line":236},"n3","transform","→ cab_get_country()",{"id":242,"type":229,"label":243,"file":144,"line":244,"wp_function":245},"n4","wp_remote_get() [SSRF]",52,"wp_remote_get",[247,249,251],{"from":223,"to":228,"sanitized":248},true,{"from":234,"to":238,"sanitized":250},false,{"from":238,"to":242,"sanitized":250},"medium",{"entryPoint":254,"graph":255,"unsanitizedCount":14,"severity":252},"\u003Ccountry-access-blocker> (country-access-blocker.php:0)",{"nodes":256,"edges":268},[257,259,260,261,262,264,266],{"id":223,"type":224,"label":235,"file":144,"line":258},27,{"id":228,"type":229,"label":243,"file":144,"line":244,"wp_function":245},{"id":234,"type":224,"label":225,"file":144,"line":226},{"id":238,"type":229,"label":230,"file":144,"line":231,"wp_function":232},{"id":242,"type":224,"label":225,"file":144,"line":263},28,{"id":265,"type":239,"label":240,"file":144,"line":263},"n5",{"id":267,"type":229,"label":243,"file":144,"line":244,"wp_function":245},"n6",[269,270,271,272],{"from":223,"to":228,"sanitized":248},{"from":234,"to":238,"sanitized":248},{"from":242,"to":265,"sanitized":250},{"from":265,"to":267,"sanitized":250},{"summary":274,"deductions":275},"The country-access-blocker plugin version 1.6 exhibits a generally good security posture based on the static analysis and vulnerability history provided. The complete absence of known CVEs and a lack of critical or high severity issues in its history are positive indicators.  Furthermore, the code signals show a healthy approach to database interaction, with 100% of SQL queries using prepared statements and no dangerous functions or file operations detected. The plugin also correctly implements a nonce check, which is a fundamental security measure.\n\nHowever, there are areas of concern that warrant attention. The most significant is the output escaping, where only 43% of outputs are properly escaped. This suggests a potential for cross-site scripting (XSS) vulnerabilities if user-supplied data is directly reflected in the output without sufficient sanitization. Additionally, the taint analysis revealed two flows with unsanitized paths, which, while not classified as critical or high severity in this analysis, represent potential pathways for malicious input to reach sensitive functions. The presence of one external HTTP request also introduces a dependency that could be exploited if the external resource is compromised.\n\nIn conclusion, while the plugin has strengths in its database security and lack of historical vulnerabilities, the weaknesses in output escaping and the identified unsanitized paths in the taint analysis present tangible risks. These issues should be prioritized for remediation to further strengthen the plugin's security.",[276,278,281],{"reason":277,"points":126},"Low output escaping percentage",{"reason":279,"points":280},"Taint flow with unsanitized paths",4,{"reason":282,"points":14},"External HTTP request","2026-03-16T19:36:50.077Z",{"wat":285,"direct":295},{"assetPaths":286,"generatorPatterns":289,"scriptPaths":290,"versionParams":292},[287,288],"\u002Fwp-content\u002Fplugins\u002Fcountry-access-blocker\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fcountry-access-blocker\u002Fassets\u002Fjs\u002Fadmin.js",[],[291],"assets\u002Fjs\u002Fadmin.js",[293,294],"country-access-blocker\u002Fassets\u002Fcss\u002Fadmin.css?ver=","country-access-blocker\u002Fassets\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":296,"htmlComments":316,"htmlAttributes":317,"restEndpoints":321,"jsGlobals":322,"shortcodeOutput":323},[297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315],"cab-page","cab-enabled","cab-disabled","cab-enable-gate","cab-enable-card","cab-enable-title","cab-enable-sub","cab-enable-toggle","cab-enable-checkbox","cab-enable-label","cab-enable-actions","cab-enable-save","cab-card","cab-card--delayed","cab-close","cab-content","cab-actions","cab-btn","cab-btn-secondary",[],[318,319,320],"data-mine","data-just-enabled","data-dismiss-key",[],[],[],{"error":248,"url":325,"statusCode":326,"statusMessage":327,"message":327},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fcountry-access-blocker\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":329,"versions":330},3,[331,336,343],{"version":6,"download_url":25,"svn_tag_url":332,"released_at":27,"has_diff":250,"diff_files_changed":333,"diff_lines":27,"trac_diff_url":334,"vulnerabilities":335,"is_current":248},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcountry-access-blocker\u002Ftags\u002F1.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcountry-access-blocker%2Ftags%2F1.5&new_path=%2Fcountry-access-blocker%2Ftags%2F1.6",[],{"version":337,"download_url":338,"svn_tag_url":339,"released_at":27,"has_diff":250,"diff_files_changed":340,"diff_lines":27,"trac_diff_url":341,"vulnerabilities":342,"is_current":250},"1.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcountry-access-blocker.1.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcountry-access-blocker\u002Ftags\u002F1.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcountry-access-blocker%2Ftags%2F1.4&new_path=%2Fcountry-access-blocker%2Ftags%2F1.5",[],{"version":344,"download_url":345,"svn_tag_url":346,"released_at":27,"has_diff":250,"diff_files_changed":347,"diff_lines":27,"trac_diff_url":27,"vulnerabilities":348,"is_current":250},"1.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcountry-access-blocker.1.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcountry-access-blocker\u002Ftags\u002F1.4\u002F",[],[]]