WP-Safety

IP & Country Blocker Lite Security & Risk Analysis

wordpress.org/plugins/ip-blocker-lite

Advanced WordPress security plugin with IP/country blocking and two-factor authentication for comprehensive website protection.

300 active installs v3.0.0 PHP 7.0+ WP 4.0+ Updated Jan 5, 2026
country-blockerip-blockerlogin-securitytwo-factor-authenticationwebsite-security
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is IP & Country Blocker Lite Safe to Use in 2026?

Generally Safe

Score 100/100

IP & Country Blocker Lite has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "ip-blocker-lite" v3.0.0 plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by exclusively using prepared statements for SQL queries and showing a robust number of nonce and capability checks. The absence of any recorded vulnerabilities in its history is also a strong indicator of a generally secure development process.

However, there are significant concerns regarding the attack surface. With 28 AJAX handlers, 16 of which lack proper authentication checks, a substantial portion of the plugin's functionality is potentially exposed to unauthorized users. The taint analysis, while limited in scope, revealed two flows with unsanitized paths, suggesting a potential for insecure handling of user-supplied data that could lead to vulnerabilities if exploited. Furthermore, the output escaping is only properly handled in 59% of cases, indicating a risk of Cross-Site Scripting (XSS) vulnerabilities in the remaining 41% of outputs.

While the plugin's history is clean, the identified weaknesses in the current version warrant caution. The large number of unprotected AJAX endpoints and the presence of unsanitized data flows are the most pressing concerns, outweighing the positive aspects of its SQL handling and vulnerability history. Remediation of these unprotected entry points and improved output sanitization are crucial for improving its overall security.

Key Concerns

  • Unprotected AJAX handlers
  • Unsanitized paths in taint flows
  • Insufficient output escaping
Vulnerabilities
None known

IP & Country Blocker Lite Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

IP & Country Blocker Lite Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
210
303 escaped
Nonce Checks
49
Capability Checks
18
File Operations
0
External Requests
6
Bundled Libraries
0

Output Escaping

59% escaped513 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
faqnurul_ipcbl_admin_page (ip-blocker-lite.php:1009)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
16 unprotected

IP & Country Blocker Lite Attack Surface

Entry Points28
Unprotected16

AJAX Handlers 28

authwp_ajax_search_blocked_ipsip-blocker-lite.php:206
authwp_ajax_search_blocked_countriesip-blocker-lite.php:207
authwp_ajax_search_whitelistip-blocker-lite.php:208
authwp_ajax_search_countriesip-blocker-lite.php:209
authwp_ajax_ipcbl_submit_deactivation_feedbackip-blocker-lite.php:210
authwp_ajax_remove_whitelistip-blocker-lite.php:211
authwp_ajax_faqnurul_ipcbl_add_whitelistip-blocker-lite.php:212
authwp_ajax_faqnurul_ipcbl_get_whitelistip-blocker-lite.php:213
authwp_ajax_faqnurul_regenerate_recovery_codesip-blocker-lite.php:214
authwp_ajax_faqnurul_download_recovery_codesip-blocker-lite.php:215
authwp_ajax_faqnurul_send_2fa_email_ajaxip-blocker-lite.php:216
noprivwp_ajax_faqnurul_send_2fa_email_ajaxip-blocker-lite.php:217
authwp_ajax_regenerate_totp_secretip-blocker-lite.php:218
authwp_ajax_faqnurul_verify_totp_codeip-blocker-lite.php:219
authwp_ajax_faqnurul_enable_2faip-blocker-lite.php:220
authwp_ajax_faqnurul_check_2fa_statusip-blocker-lite.php:221
authwp_ajax_faqnurul_disable_2faip-blocker-lite.php:222
authwp_ajax_submit_feedbackip-blocker-lite.php:223
authwp_ajax_ipcbl_optin_choiceip-blocker-lite.php:224
authwp_ajax_generate_recovery_haship-blocker-lite.php:225
authwp_ajax_faqnurul_ipcbl_block_ip_ajaxip-blocker-lite.php:2689
authwp_ajax_faqnurul_ipcbl_unblock_ip_ajaxip-blocker-lite.php:2690
authwp_ajax_faqnurul_ipcbl_block_country_ajaxip-blocker-lite.php:2691
authwp_ajax_faqnurul_ipcbl_unblock_country_ajaxip-blocker-lite.php:2692
authwp_ajax_faqnurul_ipcbl_get_blocked_ips_ajaxip-blocker-lite.php:2693
authwp_ajax_faqnurul_ipcbl_add_whitelistip-blocker-lite.php:2696
authwp_ajax_faqnurul_ipcbl_get_whitelistip-blocker-lite.php:2697
authwp_ajax_faqnurul_ipcbl_ajax_download_recovery_codesip-blocker-lite.php:2698
WordPress Hooks 48
filterwp_authenticate_userincludes\functions.php:2605
actionlogin_initincludes\functions.php:2611
actionadmin_post_faqnurul_2fa_verifyincludes\functions.php:2614
actionadmin_post_nopriv_faqnurul_2fa_verifyincludes\functions.php:2615
actioninitip-blocker-lite.php:77
actionadmin_noticesip-blocker-lite.php:169
actionadmin_noticesip-blocker-lite.php:174
actionadmin_post_submit_plugin_feedbackip-blocker-lite.php:180
actionadmin_enqueue_scriptsip-blocker-lite.php:196
actionadmin_menuip-blocker-lite.php:200
actionadmin_enqueue_scriptsip-blocker-lite.php:203
actionlogin_formip-blocker-lite.php:229
actionregister_formip-blocker-lite.php:230
actionlostpassword_formip-blocker-lite.php:231
actioncomment_form_after_fieldsip-blocker-lite.php:232
filterwp_authenticate_userip-blocker-lite.php:233
filterregistration_errorsip-blocker-lite.php:234
filterlostpassword_postip-blocker-lite.php:235
filterpreprocess_commentip-blocker-lite.php:236
actionwoocommerce_login_formip-blocker-lite.php:240
actionwoocommerce_register_formip-blocker-lite.php:241
actionwoocommerce_lostpassword_formip-blocker-lite.php:242
actionwoocommerce_checkout_processip-blocker-lite.php:243
filterwoocommerce_process_registration_errorsip-blocker-lite.php:244
actionlogin_formip-blocker-lite.php:248
actionregister_formip-blocker-lite.php:249
actionlostpassword_formip-blocker-lite.php:250
actioncomment_form_after_fieldsip-blocker-lite.php:251
filterwp_authenticate_userip-blocker-lite.php:252
filterregistration_errorsip-blocker-lite.php:253
filterlostpassword_postip-blocker-lite.php:254
filterpreprocess_commentip-blocker-lite.php:255
actionwoocommerce_login_formip-blocker-lite.php:259
actionwoocommerce_register_formip-blocker-lite.php:260
actionwoocommerce_lostpassword_formip-blocker-lite.php:261
actionwoocommerce_checkout_processip-blocker-lite.php:262
filterwoocommerce_process_registration_errorsip-blocker-lite.php:263
filterwp_authenticate_userip-blocker-lite.php:267
actionwp_login_failedip-blocker-lite.php:268
actionwp_loginip-blocker-lite.php:269
actionactivated_pluginip-blocker-lite.php:272
actiondeactivated_pluginip-blocker-lite.php:273
actiondeleted_pluginip-blocker-lite.php:274
actioninitip-blocker-lite.php:282
actiontemplate_redirectip-blocker-lite.php:344
actionwp_scheduled_deleteip-blocker-lite.php:402
actionwp_enqueue_scriptsip-blocker-lite.php:2665
actionlogin_enqueue_scriptsip-blocker-lite.php:2678
Maintenance & Trust

IP & Country Blocker Lite Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 5, 2026
PHP min version7.0
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs300
Alternatives

IP & Country Blocker Lite Alternatives

All-In-One Security (AIOS) – Security and Firewall

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

A
93

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs
Wordfence Login Security

Wordfence Login Security

wordfence-login-security

A
92

Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.

70K No CVEs
Country Access Blocker

Country Access Blocker

country-access-blocker

A
100

Block or allow website visitors from specific countries based on IP geolocation.

500 No CVEs
Bearmor Security

Bearmor Security

bearmor-security

A
100

Lightweight, powerful WordPress security for small businesses. Malware scanning, login protection, 2FA, hardening - most features FREE.

50 No CVEs
Facial Recognition Authentication

Facial Recognition Authentication

facial-recognition-authentication

A
100

Facial Recognition Authentication plugin integrates facial recognition with WordPress login for enhanced security and user experience.

0 No CVEs
Developer Profile

IP & Country Blocker Lite Developer Profile

Nurul Islam

1 plugin · 300 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect IP & Country Blocker Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ip-blocker-lite/assets/css/style.css/wp-content/plugins/ip-blocker-lite/assets/js/scripts.js/wp-content/plugins/ip-blocker-lite/assets/js/ip-blocker-lite-admin.js
Script Paths
/wp-content/plugins/ip-blocker-lite/assets/js/scripts.js/wp-content/plugins/ip-blocker-lite/assets/js/ip-blocker-lite-admin.js
Version Parameters
ip-blocker-lite/style.css?ver=ip-blocker-lite/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
ipcbl-ip-blocker-lite-settings
HTML Comments
<!-- IP & Country Blocker Lite Settings Page --><!-- IP & Country Blocker Lite Admin Scripts -->
Data Attributes
data-plugin-name="IP & Country Blocker Lite"data-plugin-version="3.0.0"
JS Globals
ip_blocker_lite_admin_ajax_object
FAQ

Frequently Asked Questions about IP & Country Blocker Lite