[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fcIC8fadnVfHKWfNiJoSqiuC4_2g68832QMn0_iN5MJk":3,"$fPNIHemS8nLa8IDAxYVGz1YJzKHfmWMw27ENhg2iM6KE":219,"$fJAFxB4M7Z0sAcgnwkgpGJ0SDAwUyPufp0B45GsfxsZI":223},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":34,"analysis":134,"fingerprints":198},"countrylock","CountryLock","1.0.8","topsyde","https:\u002F\u002Fprofiles.wordpress.org\u002Ftopsyde\u002F","\u003Cp>CountryLock provides a simple, lightweight way to allow or block countries from accessing your WordPress site.\u003C\u002Fp>\n\u003Cp>It’s designed to be \u003Cstrong>“set it and forget it”\u003C\u002Fstrong> with no upsells, ads, or complex configurations.\u003C\u002Fp>\n\u003Ch3>✨ Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Master Toggle:\u003C\u002Fstrong> Enable or disable the firewall with a single click.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Allowed Countries List:\u003C\u002Fstrong> Specify which two-letter country codes (e.g., \u003Ccode>US\u003C\u002Fcode>, \u003Ccode>CA\u003C\u002Fcode>) are allowed. Everyone else is blocked.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Bypass:\u003C\u002Fstrong> Logged-in administrators can always bypass the block (toggleable).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Allowlist:\u003C\u002Fstrong> A simple list of IPs or CIDR ranges (like \u003Ccode>123.45.67.89\u003C\u002Fcode> or \u003Ccode>10.0.0.0\u002F8\u003C\u002Fcode>) that are always allowed.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block Logging:\u003C\u002Fstrong> See which countries and IPs are being blocked (toggleable).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero-Lookup Detection:\u003C\u002Fstrong> Automatically uses Cloudflare (\u003Ccode>HTTP_CF_IPCOUNTRY\u003C\u002Fcode>) and other common server-level GEO headers for instant decisions with zero performance impact.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remote Lookup:\u003C\u002Fstrong> As a fallback, it can query an external service (\u003Ccode>ipapi.co\u003C\u002Fcode>) if no headers are found.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin uses one external service as a fallback to determine a visitor’s country if no local GEO headers (like those from Cloudflare or a server-level GeoIP module) are present.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service:\u003C\u002Fstrong> \u003Ccode>ipapi.co\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>What it’s used for:\u003C\u002Fstrong> To look up the country of origin for a visitor’s IP address.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent:\u003C\u002Fstrong> The visitor’s IP address is sent to the service. This happens \u003Cem>only\u003C\u002Fem> if the “Use remote lookup if no geo headers” setting is enabled AND no local GeoIP headers are detected.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service Policies:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fipapi.co\u002Fterms\u002F\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fipapi.co\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Block\u002Fallow countries with one toggle. Lightweight, no upsells. Includes admin bypass, IP allowlist, and block stats.",30,345,100,1,"2025-11-17T14:19:00.000Z","6.8.5","5.0","",[20,21,22,23,24],"block","block-country","country","geo","geoip","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcountrylock.1.0.8.zip",0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":13,"avg_patch_time_days":11,"trust_score":32,"computed_at":33},94,"2026-05-19T23:56:00.270Z",[35,52,70,95,115],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":26,"downloaded":43,"rating":26,"num_ratings":26,"last_updated":44,"tested_up_to":45,"requires_at_least":17,"requires_php":46,"tags":47,"homepage":18,"download_link":51,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"geosec","Geosec","1.0.1","rbonfil","https:\u002F\u002Fprofiles.wordpress.org\u002Frbonfil\u002F","\u003Cp>\u003Cstrong>Geosec\u003C\u002Fstrong> is a lightweight security plugin designed to protect your WordPress administration panel (\u003Ccode>wp-admin\u003C\u002Fcode>). It works by detecting the visitor’s country using their IP address and allowing access \u003Cstrong>only\u003C\u002Fstrong> if they are in your “Allowed Countries” whitelist.\u003C\u002Fp>\n\u003Cp>This significantly hardens your admin panel against brute-force attacks, bot login attempts, and unauthorized access from foreign countries.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Whitelist-based Protection:\u003C\u002Fstrong> Only allow access from specific countries.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Emergency Key:\u003C\u002Fstrong> Create a unique URL to bypass the lock if you are traveling.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cloudflare Compatible:\u003C\u002Fstrong> Works seamlessly with Cloudflare and standard server setups.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed Statistics:\u003C\u002Fstrong> View logs of blocked attempts and valid logins, including Top Blocked Countries and IPs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight:\u003C\u002Fstrong> Optimized for performance, querying external APIs only when necessary and caching results.\u003C\u002Fli>\n\u003C\u002Ful>\n","Geosec protects your admin panel (wp-admin) by allowing access only from the countries you authorize.",187,"2026-02-06T17:01:00.000Z","6.9.4","7.2",[48,21,24,49,50],"access-control","protection","security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgeosec.1.0.1.zip",{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":13,"num_ratings":62,"last_updated":63,"tested_up_to":45,"requires_at_least":17,"requires_php":18,"tags":64,"homepage":18,"download_link":69,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"country-access-blocker","Country Access Blocker","1.6","Valeri Kluger","https:\u002F\u002Fprofiles.wordpress.org\u002Fvalerikluger\u002F","\u003Cp>Country Access Blocker lets you restrict or allow access to your WordPress site based on visitor countries.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\n* Block visitors from specific countries\u003Cbr \u002F>\n* Clean, GDPR-compliant country list\u003Cbr \u002F>\n* Easy admin interface to configure blocked countries\u003Cbr \u002F>\n* Enable or disable IP-based country blocking with one checkbox\u003Cbr \u002F>\n* No external dependencies or WooCommerce required\u003Cbr \u002F>\n* Uses ip-api.com free API for geolocation\u003C\u002Fp>\n\u003Cp>This plugin is ideal if you want to restrict access from certain countries or comply with geo-based regulations.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support or bug reports, please open an issue on the plugin’s GitHub repository or contact the author.\u003C\u002Fp>\n","Block or allow website visitors from specific countries based on IP geolocation.",600,2056,2,"2026-01-24T22:53:00.000Z",[21,65,66,67,68],"block-ip","country-blocker","geo-blocking","ip-blocker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcountry-access-blocker.1.6.zip",{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":80,"num_ratings":81,"last_updated":82,"tested_up_to":45,"requires_at_least":83,"requires_php":84,"tags":85,"homepage":90,"download_link":91,"security_score":92,"vuln_count":93,"unpatched_count":26,"last_vuln_date":94,"fetched_at":28},"ip2location-country-blocker","IP2Location Country Blocker","2.41.2","IP2Location","https:\u002F\u002Fprofiles.wordpress.org\u002Fip2location\u002F","\u003Cp>\u003Cem>This plugin will NOT work if any cache plugin is enabled.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>This plugin enables user to block unwanted traffic from accessing your frontend (blog pages) or backend (admin area) by countries or proxy servers. It helps to reduce spam and unwanted sign ups easily by preventing unwanted visitors from browsing a particular page or entire website.\u003C\u002Fp>\n\u003Cp>Key Features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Allow you to block the access from multiple countries.\u003C\u002Fli>\n\u003Cli>Allow you to block the access by country grouping, such as EU, APAC, and so on.\u003C\u002Fli>\n\u003Cli>Allow you to block the access from anonymous proxies.\u003C\u002Fli>\n\u003Cli>Allow you to block the access by IP ranges.\u003C\u002Fli>\n\u003Cli>Allow you to whitelist the crawler, for example, Google, Bing, Yandex, and so on, to index your pages (SEO friendly).\u003C\u002Fli>\n\u003Cli>Supports IPv4 and IPv6\u003C\u002Fli>\n\u003Cli>Default to 403 error (Permission Denied) display\u003C\u002Fli>\n\u003Cli>Allow you to customize your own 403 page.\u003C\u002Fli>\n\u003Cli>Send you an email notification if some one is trying to access your admin area.\u003C\u002Fli>\n\u003Cli>Provide you statistical report of traffics blocked.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin supports both IP2Location BIN data and web service for IP geolocation lookup. If you would like to use the IP2Location geolocation BIN data, you can easily download and update the BIN data via the plugin settings page. Alternatively, you can also download and update the BIN data file manually using the below links:\u003C\u002Fp>\n\u003Cp>IP Geolocation file download:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Flite.ip2location.com\" title=\"IP2Location LITE database\" rel=\"nofollow ugc\">IP2Location & IP2Proxy LITE database (Free)\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fip2location.com\" title=\"IP2Location commercial database\" rel=\"nofollow ugc\">IP2Location & IP2Proxy Commercial database (Comprehensive)\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>To use the IP2Location IP geolocation web service (REST API) for geolocation, you’ll need to register an account at \u003Ca href=\"https:\u002F\u002Fwww.ip2location.io\" title=\"IP2Location.io IP Geolocation API\" rel=\"nofollow ugc\">IP2Location.io IP Geolocation API\u003C\u002Fa>. A free plan is available.\u003C\u002Fp>\n\u003Ch4>More Information\u003C\u002Fh4>\n\u003Cp>Please visit us at \u003Ca href=\"https:\u002F\u002Fwww.ip2location.com\" title=\"https:\u002F\u002Fwww.ip2location.com\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.ip2location.com\u003C\u002Fa>\u003C\u002Fp>\n","Blocks unwanted visitors from accessing your frontend (blog pages) or backend (admin area) by countries or proxy servers.",30000,1636207,84,124,"2025-12-03T07:19:00.000Z","4.6","7.4",[21,86,87,88,89],"block-proxy","ip-address","ip2location","redirection","https:\u002F\u002Fip2location.com\u002Fresources\u002Fwordpress-ip2location-country-blocker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fip2location-country-blocker.2.41.2.zip",93,9,"2025-02-21 19:56:54",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":105,"num_ratings":106,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":18,"tags":110,"homepage":113,"download_link":114,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"ip-location-block","IP Location Block","1.3.8","Darko G.","https:\u002F\u002Fprofiles.wordpress.org\u002Fdarkog\u002F","\u003Cp>IP Location Block plugin that allows you to block access to your site based on the visitor location while also keeping your site safe from malicious attacks. The plugin brings a smart and powerful protection methods such as “\u003Cstrong>WP Metadata Exploit Protection\u003C\u002Fstrong>“.\u003C\u002Fp>\n\u003Cp>Combined with those methods and IP address geolocation, you’ll be surprised to find a bunch of malicious or undesirable access blocked in the logs of this plugin after several days of installation.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> This plugin is based on the now abandoned “IP Geo Block” plugin by tokkonopapa. I fixed various issues and improved the overall codebase.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Native Geo-Location Provider\u003C\u002Fstrong>\u003Cbr \u002F>\nIP Location Block provides \u003Ca href=\"https:\u002F\u002Fiplocationblock.com\u002Fcodex\u002Fnative-geo-location-provider\u002F?utm_source=plugin&utm_medium=wporgpage&utm_campaign=readme\" rel=\"nofollow ugc\">Native Geo-Location Provider\u003C\u002Fa> that is faster, more secure and provides the needed \u003Cstrong>precision\u003C\u002Fstrong> for matching \u003Cstrong>CITY\u003C\u002Fstrong> and \u003Cstrong>STATE\u003C\u002Fstrong> besides the standard COUNTRY matching.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Privacy by design:\u003C\u002Fstrong>\u003Cbr \u002F>\nIP address is always encrypted on recording in logs\u002Fcache. Moreover, it can be anonymized and restricted on sending to the 3rd parties such as geolocation APIs or whois service.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Immigration control:\u003C\u002Fstrong>\u003Cbr \u002F>\nAccess to the basic and important entrances into back-end such as \u003Ccode>wp-comments-post.php\u003C\u002Fcode>, \u003Ccode>xmlrpc.php\u003C\u002Fcode>, \u003Ccode>wp-login.php\u003C\u002Fcode>, \u003Ccode>wp-signup.php\u003C\u002Fcode>, \u003Ccode>wp-admin\u002Fadmin.php\u003C\u002Fcode>, \u003Ccode>wp-admin\u002Fadmin-ajax.php\u003C\u002Fcode>, \u003Ccode>wp-admin\u002Fadmin-post.php\u003C\u002Fcode> will be validated by means of a country code based on IP address. It allows you to configure either whitelist or blacklist to \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FISO_3166-1_alpha-2#Officially_assigned_code_elements\" title=\"ISO 3166-1 alpha-2 - Wikipedia\" rel=\"nofollow ugc\">specify the countires\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FClassless_Inter-Domain_Routing\" title=\"Classless Inter-Domain Routing - Wikipedia\" rel=\"nofollow ugc\">CIDR notation\u003C\u002Fa> for a range of IP addresses and \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FAutonomous_system_(Internet)\" title=\"Autonomous system (Internet) - Wikipedia\" rel=\"nofollow ugc\">AS number\u003C\u002Fa> for a group of IP networks.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Guard against login attempts:\u003C\u002Fstrong>\u003Cbr \u002F>\nIn order to prevent hacking through the login form and XML-RPC by brute-force and the reverse-brute-force attacks, the number of login attempts will be limited per IP address even from the permitted countries.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Minimize server load against brute-force attacks:\u003C\u002Fstrong>\u003Cbr \u002F>\nYou can configure this plugin as a \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FMust_Use_Plugins\" title=\"Must Use Plugins « WordPress Codex\" rel=\"nofollow ugc\">Must Use Plugins\u003C\u002Fa> so that this plugin can be loaded prior to regular plugins. It can massively \u003Ca href=\"https:\u002F\u002Fiplocationblock.com\u002Fcodex\u002Fvalidation-timing\u002F\" title=\"Validation timing | IP Location Block\" rel=\"nofollow ugc\">reduce the load on server\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Prevent malicious down\u002Fuploading:\u003C\u002Fstrong>\u003Cbr \u002F>\nA malicious request such as exposing \u003Ccode>wp-config.php\u003C\u002Fcode> or uploading malwares via vulnerable plugins\u002Fthemes can be blocked.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Block badly-behaved bots and crawlers:\u003C\u002Fstrong>\u003Cbr \u002F>\nA simple logic may help to reduce the number of rogue bots and crawlers scraping your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Support of BuddyPress and bbPress:\u003C\u002Fstrong>\u003Cbr \u002F>\nYou can configure this plugin so that a registered user can login as a membership from anywhere, while a request such as a new user registration, lost password, creating a new topic and subscribing comment can be blocked by country. It is suitable for \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbuddypress\u002F\" title=\"BuddyPress — WordPress Plugins\" rel=\"ugc\">BuddyPress\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbbpress\u002F\" title=\"WordPress › bbPress « WordPress Plugins\" rel=\"ugc\">bbPress\u003C\u002Fa> to help reducing spams.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Referrer suppressor for external links:\u003C\u002Fstrong>\u003Cbr \u002F>\nWhen you click an external hyperlink on admin screens, http referrer will be eliminated to hide a footprint of your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Multiple source of IP Geolocation databases:\u003C\u002Fstrong>\u003Cbr \u002F>\nBesides the \u003Ca href=\"https:\u002F\u002Fiplocationblock.com\u002Fcodex\u002Fnative-geo-location-provider\u002F?utm_source=plugin&utm_medium=wporgpage&utm_campaign=readme\" rel=\"nofollow ugc\">Native Geo-Location provider\u003C\u002Fa>, this plugin supports \u003Ca href=\"https:\u002F\u002Fwww.maxmind.com\" title=\"MaxMind - IP Geolocation and Online Fraud Prevention\" rel=\"nofollow ugc\">MaxMind GeoLite2 free databases\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.ip2location.com\u002F\" title=\"IP Address Geolocation to Identify Website Visitor's Geographical Location\" rel=\"nofollow ugc\">IP2Location LITE databases\u003C\u002Fa>. Also free Geolocation REST APIs and whois information can be available for audit purposes.\u003Cbr \u002F>\nFather more, \u003Ca href=\"https:\u002F\u002Fiplocationblock.com\u002Fcloudflare-cloudfront-api-class-library\u002F\" title=\"CloudFlare & CloudFront API class library | IP Location Block\" rel=\"nofollow ugc\">dedicated API class libraries\u003C\u002Fa> can be installed for CloudFlare and CloudFront as a reverse proxy service.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Customizing response:\u003C\u002Fstrong>\u003Cbr \u002F>\nHTTP response code can be selectable as \u003Ccode>403 Forbidden\u003C\u002Fcode> to deny access pages, \u003Ccode>404 Not Found\u003C\u002Fcode> to hide pages or even \u003Ccode>200 OK\u003C\u002Fcode> to redirect to the top page.\u003Cbr \u002F>\nYou can also have a human friendly page (like \u003Ccode>404.php\u003C\u002Fcode>) in your parent\u002Fchild theme template directory to fit your site design.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Validation logs:\u003C\u002Fstrong>\u003Cbr \u002F>\nValidation logs for useful information to audit attack patterns can be manageable.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Cooperation with full spec security plugin:\u003C\u002Fstrong>\u003Cbr \u002F>\nThis plugin is lite enough to be able to cooperate with other full spec security plugin such as \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordfence\u002F\" title=\"Wordfence Security — WordPress Plugins\" rel=\"ugc\">Wordfence Security\u003C\u002Fa>. See \u003Ca href=\"https:\u002F\u002Fiplocationblock.com\u002Fcodex\u002Fpage-speed-performance\u002F\" title=\"Page speed performance | IP Location Block\" rel=\"nofollow ugc\">this report\u003C\u002Fa> about page speed performance.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Extendability:\u003C\u002Fstrong>\u003Cbr \u002F>\nYou can customize the behavior of this plugin via \u003Ccode>add_filter()\u003C\u002Fcode> with \u003Ca href=\"https:\u002F\u002Fiplocationblock.com\u002Fcodex\u002F\" title=\"Codex | IP Location Block\" rel=\"nofollow ugc\">pre-defined filter hook\u003C\u002Fa>. See various use cases in \u003Ca href=\"https:\u002F\u002Fiplocationblock.com\u002Fcodex\u002Fexample-use-cases-for-the-developer-hooks\u002F\" rel=\"nofollow ugc\">samples.php\u003C\u002Fa> bundled within this package.\u003Cbr \u002F>\nYou can also get the extension \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fddur\u002FWordPress-IP-Geo-Allow\" title=\"GitHub - ddur\u002FWordPress-IP-Geo-Allow: WordPress Plugin Exension for WordPress-IP-Geo-Block Plugin\" rel=\"nofollow ugc\">IP Geo Allow\u003C\u002Fa> by \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fddur\" title=\"ddur (Dragan) - GitHub\" rel=\"nofollow ugc\">Dragan\u003C\u002Fa>. It makes admin screens strictly private with more flexible way than specifying IP addresses.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Self blocking prevention and easy rescue:\u003C\u002Fstrong>\u003Cbr \u002F>\nWebsite owners do not prefer themselves to be blocked. This plugin prevents such a sad thing unless you force it. And futhermore, if such a situation occurs, you can \u003Ca href=\"https:\u002F\u002Fiplocationblock.com\u002Fcodex\u002Fwhat-should-i-do-when-im-locked-out\u002F\" title=\"What should I do when I'm locked out? | IP Location Block\" rel=\"nofollow ugc\">rescue yourself\u003C\u002Fa> easily.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Clean uninstallation:\u003C\u002Fstrong>\u003Cbr \u002F>\nNothing is left in your precious mySQL database after uninstallation. So you can feel free to install and activate to make a trial of this plugin’s functionality.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Documentation\u003C\u002Fh4>\n\u003Cp>Documentation and more information can always be found on our \u003Ca href=\"https:\u002F\u002Fiplocationblock.com\u002F\" title=\"IP Location Block\" rel=\"nofollow ugc\">plugin website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Attribution\u003C\u002Fh4>\n\u003Cp>This package includes GeoLite2 library distributed by MaxMind, available from \u003Ca href=\"https:\u002F\u002Fwww.maxmind.com\" title=\"MaxMind - IP Geolocation and Online Fraud Prevention\" rel=\"nofollow ugc\">MaxMind\u003C\u002Fa>, and also includes IP2Location open source libraries available from \u003Ca href=\"https:\u002F\u002Fwww.ip2location.com\" title=\"IP Address Geolocation to Identify Website Visitor's Geographical Location\" rel=\"nofollow ugc\">IP2Location\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Also thanks for providing the following services and REST APIs for free.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fgeoiplookup.net\u002F\" title=\"What Is My IP Address | GeoIP Lookup\" rel=\"nofollow ugc\">http:\u002F\u002Fgeoiplookup.net\u002F\u003C\u002Fa> (IPv4, IPv6 \u002F free)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fipinfo.io\u002F\" title=\"IP Address API and Data Solutions\" rel=\"nofollow ugc\">https:\u002F\u002Fipinfo.io\u002F\u003C\u002Fa> (IPv4, IPv6 \u002F free)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fipapi.com\u002F\" title=\"ipapi - IP Address Lookup and Geolocation API\" rel=\"nofollow ugc\">https:\u002F\u002Fipapi.com\u002F\u003C\u002Fa> (IPv4, IPv6 \u002F free, need API key)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fipstack.com\u002F\" title=\"ipstack - Free IP Geolocation API\" rel=\"nofollow ugc\">https:\u002F\u002Fipstack.com\u002F\u003C\u002Fa> (IPv4, IPv6 \u002F free, need API key)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fipinfodb.com\u002F\" title=\"Free IP Geolocation Tools and API| IPInfoDB\" rel=\"nofollow ugc\">https:\u002F\u002Fipinfodb.com\u002F\u003C\u002Fa> (IPv4, IPv6 \u002F free, need API key)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Development\u003C\u002Fh4>\n\u003Cp>Development of this plugin happens at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fgdarko\u002Fip-location-block\" title=\"gdarko\u002Fip-location-block - GitHub\" rel=\"nofollow ugc\">IP Location Block – GitHub\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>All contributions will always be welcome.\u003C\u002Fp>\n\u003Ch4>Known issues\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>From \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002F2016\u002F03\u002F09\u002Fcomment-changes-in-wordpress-4-5\u002F\" title=\"Comment Changes in WordPress 4.5 – Make WordPress Core\" rel=\"nofollow ugc\">WordPress 4.5\u003C\u002Fa>, \u003Ccode>rel=nofollow\u003C\u002Fcode> had no longer be attached to the links in \u003Ccode>comment_content\u003C\u002Fcode>. This change prevents to block “\u003Ca href=\"https:\u002F\u002Fwww.owasp.org\u002Findex.php\u002FServer_Side_Request_Forgery\" title=\"Server Side Request Forgery - OWASP\" rel=\"nofollow ugc\">Server Side Request Forgeries\u003C\u002Fa>” (not Cross Site but a malicious internal link in the comment field).\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fapps.wordpress.com\u002Fmobile\u002F\" title=\"WordPress.com Apps - Mobile Apps\" rel=\"nofollow ugc\">WordPress.com Mobile App\u003C\u002Fa> can’t execute image uploading because of its own authentication system via XMLRPC.\u003C\u002Fli>\n\u003C\u002Ful>\n","Easily block visitors by country, state or ISP provider. Also, protects your site from spam, login attempts, malicious access & more.",10000,198024,92,33,"2026-03-13T00:57:00.000Z","7.0","3.7",[20,22,111,87,112],"geolocation","ip-geo-block","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fip-location-block\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fip-location-block.1.3.8.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":105,"num_ratings":125,"last_updated":126,"tested_up_to":45,"requires_at_least":127,"requires_php":46,"tags":128,"homepage":132,"download_link":133,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"login-ip-country-restriction","Login IP & Country Restriction","6.8.1","Iulia Cazan","https:\u002F\u002Fprofiles.wordpress.org\u002Fiulia-cazan\u002F","\u003Cp>This plugin hooks in the authenticate filter. By default, the plugin is set to allow all access and you can configure the plugin to allow the login only from some specified IPs or the specified countries. PLEASE MAKE SURE THAT YOU CONFIGURE THE PLUGIN TO ALLOW YOUR OWN ACCESS. If you set a restriction by IP, then you have to add your own IP (if you are using the plugin in a local setup the IP is 127.0.0.1 or ::1, this is added in your list by default). If you set a restriction by country, then you have to select from the list of countries at least your country. Both types of restrictions work independent, so you can set only one type of restriction or both if you want. Also, you can configure the redirects to frontpage when the URLs are accessed by someone that has a restriction. The restriction is either by country, or not in the specified IPs list.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\u003C\u002Fp>\n","Tighten your website security and fight against dictionary bot attacks originating from other countries, by denying access.",7000,113472,51,"2025-11-22T14:06:00.000Z","5.1",[21,65,129,130,131],"country-firewall","country-restriction","login-restriction","https:\u002F\u002Fiuliacazan.ro\u002Flogin-ip-country-restriction\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-ip-country-restriction.6.8.1.zip",{"attackSurface":135,"codeSignals":166,"taintFlows":189,"riskAssessment":190,"analyzedAt":197},{"hooks":136,"ajaxHandlers":156,"restRoutes":163,"shortcodes":164,"cronEvents":165,"entryPointCount":14,"unprotectedCount":26},[137,142,146,150,153],{"type":138,"name":139,"callback":139,"file":140,"line":141},"action","admin_menu","countrylock.php",25,{"type":138,"name":143,"callback":144,"file":140,"line":145},"admin_init","register_settings",26,{"type":138,"name":147,"callback":148,"file":140,"line":149},"admin_enqueue_scripts","enqueue_admin_assets",27,{"type":138,"name":151,"callback":152,"priority":26,"file":140,"line":11},"plugins_loaded","maybe_block_non_us",{"type":138,"name":154,"callback":155,"file":140,"line":106},"admin_notices","activation_notice",[157],{"action":158,"nopriv":159,"callback":160,"hasNonce":161,"hasCapCheck":161,"file":140,"line":162},"tscl_clear_logs",false,"ajax_clear_logs",true,34,[],[],[],{"dangerousFunctions":167,"sqlUsage":168,"outputEscaping":184,"fileOperations":26,"externalRequests":14,"nonceChecks":14,"capabilityChecks":187,"bundledLibraries":188},[],{"prepared":62,"raw":169,"locations":170},5,[171,174,177,179,182],{"file":140,"line":172,"context":173},371,"$wpdb->query() with variable interpolation",{"file":140,"line":175,"context":176},493,"$wpdb->get_var() with variable interpolation",{"file":140,"line":178,"context":176},495,{"file":180,"line":181,"context":173},"uninstall.php",17,{"file":180,"line":183,"context":173},21,{"escaped":185,"rawEcho":26,"locations":186},39,[],4,[],[],{"summary":191,"deductions":192},"The \"countrylock\" plugin version 1.0.8 demonstrates a generally good security posture based on the provided static analysis.  The plugin has no known historical vulnerabilities (CVEs), which is a significant positive indicator.  Furthermore, the code shows strong adherence to security best practices, with 100% of outputs properly escaped and a respectable 29% of SQL queries utilizing prepared statements. The presence of nonce and capability checks on its single AJAX handler, coupled with no identified unsanitized taint flows, further reinforces this positive assessment. The absence of shortcodes, cron events, and REST API routes also limits the overall attack surface.  The only external HTTP request is not inherently a risk without further context on its purpose and implementation, but warrants a minor observation.  While the plugin shows strong defensive coding, the limited number of SQL queries analyzed and the lack of deeper taint analysis might mean some less obvious vulnerabilities could be present but not detected by this specific analysis.  Overall, \"countrylock\" v1.0.8 appears to be a secure plugin with a low risk profile.",[193,195],{"reason":194,"points":169},"Low percentage of prepared statements in SQL queries",{"reason":196,"points":62},"Single external HTTP request","2026-03-16T22:04:23.819Z",{"wat":199,"direct":209},{"assetPaths":200,"generatorPatterns":203,"scriptPaths":204,"versionParams":206},[201,202],"\u002Fwp-content\u002Fplugins\u002Fcountrylock\u002Fassets\u002Ftscl-admin.css","\u002Fwp-content\u002Fplugins\u002Fcountrylock\u002Fassets\u002Ftscl-admin.js",[],[205],"assets\u002Ftscl-admin.js",[207,208],"tscl-admin.css?ver=","tscl-admin.js?ver=",{"cssClasses":210,"htmlComments":212,"htmlAttributes":213,"restEndpoints":215,"jsGlobals":216,"shortcodeOutput":218},[211],"notice-success",[],[214],"data-nonce",[],[217],"tscl_data",[],{"error":161,"url":220,"statusCode":221,"statusMessage":222,"message":222},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fcountrylock\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":62,"versions":224},[225,230],{"version":6,"download_url":25,"svn_tag_url":226,"released_at":27,"has_diff":159,"diff_files_changed":227,"diff_lines":27,"trac_diff_url":228,"vulnerabilities":229,"is_current":161},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcountrylock\u002Ftags\u002F1.0.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcountrylock%2Ftags%2F1.0.7&new_path=%2Fcountrylock%2Ftags%2F1.0.8",[],{"version":231,"download_url":232,"svn_tag_url":233,"released_at":27,"has_diff":159,"diff_files_changed":234,"diff_lines":27,"trac_diff_url":27,"vulnerabilities":235,"is_current":159},"1.0.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcountrylock.1.0.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcountrylock\u002Ftags\u002F1.0.7\u002F",[],[]]