[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fPC-tLINIxLpZRH638s27AAq5qZgIHXjwq44pljp8OgQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":125,"fingerprints":757},"ip-geo-block","IP Geo Block","3.0.17.4","tokkonopapa","https:\u002F\u002Fprofiles.wordpress.org\u002Ftokkonopapa\u002F","\u003Cp>The more you install themes and plugins, the more likely your sites will be vulnerable, even if you \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FHardening_WordPress\" title=\"Hardening WordPress « WordPress Codex\" rel=\"nofollow ugc\">securely harden your sites\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>While WordPress.org \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fabout\u002Fsecurity\u002F\" title=\"Security | WordPress.org\" rel=\"ugc\">provides\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fthemes\u002Ftheme-security\u002F\" title=\"Theme Security | Theme Developer Handbook | WordPress Developer Resources\" rel=\"nofollow ugc\">excellent\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002Fsecurity\u002F\" title=\"Plugin Security | Plugin Developer Handbook | WordPress Developer Resources\" rel=\"nofollow ugc\">resources\u003C\u002Fa>, themes and plugins may often get vulnerable due to developers’ \u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Fsearch?q=human+factors+in+security\" title=\"human factors in security - Google Search\" rel=\"nofollow ugc\">human factors\u003C\u002Fa> such as lack of security awareness, misuse and disuse of the best practices in those resources.\u003C\u002Fp>\n\u003Cp>This plugin focuses on insights into such developers’ human factors instead of detecting the specific attack vectors after they were disclosed. This brings a smart and powerful methods named as “\u003Cstrong>WP Zero-day Exploit Prevention\u003C\u002Fstrong>” and “\u003Cstrong>WP Metadata Exploit Protection\u003C\u002Fstrong>“.\u003C\u002Fp>\n\u003Cp>Combined with those methods and IP address geolocation, you’ll be surprised to find a bunch of malicious or undesirable access blocked in the logs of this plugin after several days of installation.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Privacy by design:\u003C\u002Fstrong>\u003Cbr \u002F>\nIP address is always encrypted on recording in logs\u002Fcache. Moreover, it can be anonymized and restricted on sending to the 3rd parties such as geolocation APIs or whois service.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Immigration control:\u003C\u002Fstrong>\u003Cbr \u002F>\nAccess to the basic and important entrances into back-end such as \u003Ccode>wp-comments-post.php\u003C\u002Fcode>, \u003Ccode>xmlrpc.php\u003C\u002Fcode>, \u003Ccode>wp-login.php\u003C\u002Fcode>, \u003Ccode>wp-signup.php\u003C\u002Fcode>, \u003Ccode>wp-admin\u002Fadmin.php\u003C\u002Fcode>, \u003Ccode>wp-admin\u002Fadmin-ajax.php\u003C\u002Fcode>, \u003Ccode>wp-admin\u002Fadmin-post.php\u003C\u002Fcode> will be validated by means of a country code based on IP address. It allows you to configure either whitelist or blacklist to \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FISO_3166-1_alpha-2#Officially_assigned_code_elements\" title=\"ISO 3166-1 alpha-2 - Wikipedia\" rel=\"nofollow ugc\">specify the countires\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FClassless_Inter-Domain_Routing\" title=\"Classless Inter-Domain Routing - Wikipedia\" rel=\"nofollow ugc\">CIDR notation\u003C\u002Fa> for a range of IP addresses and \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FAutonomous_system_(Internet)\" title=\"Autonomous system (Internet) - Wikipedia\" rel=\"nofollow ugc\">AS number\u003C\u002Fa> for a group of IP networks.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Zero-day Exploit Prevention:\u003C\u002Fstrong>\u003Cbr \u002F>\nUnlike other security firewalls based on attack patterns (vectors), the original feature “\u003Cstrong>W\u003C\u002Fstrong>ord\u003Cstrong>P\u003C\u002Fstrong>ress \u003Cstrong>Z\u003C\u002Fstrong>ero-day \u003Cstrong>E\u003C\u002Fstrong>xploit \u003Cstrong>P\u003C\u002Fstrong>revention” (WP-ZEP) is focused on patterns of vulnerability. It is simple but still smart and strong enough to block any malicious accesses to \u003Ccode>wp-admin\u002F*.php\u003C\u002Fcode>, \u003Ccode>plugins\u002F*.php\u003C\u002Fcode> and \u003Ccode>themes\u002F*.php\u003C\u002Fcode> even from the permitted countries. It will protect your site against certain types of attack such as CSRF, LFI, SQLi, XSS and so on, \u003Cstrong>even if you have some vulnerable plugins and themes in your site\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Guard against login attempts:\u003C\u002Fstrong>\u003Cbr \u002F>\nIn order to prevent hacking through the login form and XML-RPC by brute-force and the reverse-brute-force attacks, the number of login attempts will be limited per IP address even from the permitted countries.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Minimize server load against brute-force attacks:\u003C\u002Fstrong>\u003Cbr \u002F>\nYou can configure this plugin as a \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FMust_Use_Plugins\" title=\"Must Use Plugins « WordPress Codex\" rel=\"nofollow ugc\">Must Use Plugins\u003C\u002Fa> so that this plugin can be loaded prior to regular plugins. It can massively \u003Ca href=\"https:\u002F\u002Fwww.ipgeoblock.com\u002Fcodex\u002Fvalidation-timing.html\" title=\"Validation timing | IP Geo Block\" rel=\"nofollow ugc\">reduce the load on server\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Prevent malicious down\u002Fuploading:\u003C\u002Fstrong>\u003Cbr \u002F>\nA malicious request such as exposing \u003Ccode>wp-config.php\u003C\u002Fcode> or uploading malwares via vulnerable plugins\u002Fthemes can be blocked.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Block badly-behaved bots and crawlers:\u003C\u002Fstrong>\u003Cbr \u002F>\nA simple logic may help to reduce the number of rogue bots and crawlers scraping your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Support of BuddyPress and bbPress:\u003C\u002Fstrong>\u003Cbr \u002F>\nYou can configure this plugin so that a registered user can login as a membership from anywhere, while a request such as a new user registration, lost password, creating a new topic and subscribing comment can be blocked by country. It is suitable for \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbuddypress\u002F\" title=\"BuddyPress — WordPress Plugins\" rel=\"ugc\">BuddyPress\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbbpress\u002F\" title=\"WordPress › bbPress « WordPress Plugins\" rel=\"ugc\">bbPress\u003C\u002Fa> to help reducing spams.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Referrer suppressor for external links:\u003C\u002Fstrong>\u003Cbr \u002F>\nWhen you click an external hyperlink on admin screens, http referrer will be eliminated to hide a footprint of your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Multiple source of IP Geolocation databases:\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.maxmind.com\" title=\"MaxMind - IP Geolocation and Online Fraud Prevention\" rel=\"nofollow ugc\">MaxMind GeoLite2 free databases\u003C\u002Fa> (it requires PHP 5.4.0+) and \u003Ca href=\"https:\u002F\u002Fwww.ip2location.com\u002F\" title=\"IP Address Geolocation to Identify Website Visitor's Geographical Location\" rel=\"nofollow ugc\">IP2Location LITE databases\u003C\u002Fa> can be installed in this plugin. Also free Geolocation REST APIs and whois information can be available for audit purposes.\u003Cbr \u002F>\nFather more, \u003Ca href=\"https:\u002F\u002Fwww.ipgeoblock.com\u002Farticle\u002Fapi-class-library.html\" title=\"CloudFlare & CloudFront API class library | IP Geo Block\" rel=\"nofollow ugc\">dedicated API class libraries\u003C\u002Fa> can be installed for CloudFlare and CloudFront as a reverse proxy service.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Customizing response:\u003C\u002Fstrong>\u003Cbr \u002F>\nHTTP response code can be selectable as \u003Ccode>403 Forbidden\u003C\u002Fcode> to deny access pages, \u003Ccode>404 Not Found\u003C\u002Fcode> to hide pages or even \u003Ccode>200 OK\u003C\u002Fcode> to redirect to the top page.\u003Cbr \u002F>\nYou can also have a human friendly page (like \u003Ccode>404.php\u003C\u002Fcode>) in your parent\u002Fchild theme template directory to fit your site design.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Validation logs:\u003C\u002Fstrong>\u003Cbr \u002F>\nValidation logs for useful information to audit attack patterns can be manageable.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Cooperation with full spec security plugin:\u003C\u002Fstrong>\u003Cbr \u002F>\nThis plugin is lite enough to be able to cooperate with other full spec security plugin such as \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordfence\u002F\" title=\"Wordfence Security — WordPress Plugins\" rel=\"ugc\">Wordfence Security\u003C\u002Fa>. See \u003Ca href=\"https:\u002F\u002Fwww.ipgeoblock.com\u002Fcodex\u002Fpage-speed-performance.html\" title=\"Page speed performance | IP Geo Block\" rel=\"nofollow ugc\">this report\u003C\u002Fa> about page speed performance.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Extendability:\u003C\u002Fstrong>\u003Cbr \u002F>\nYou can customize the behavior of this plugin via \u003Ccode>add_filter()\u003C\u002Fcode> with \u003Ca href=\"https:\u002F\u002Fwww.ipgeoblock.com\u002Fcodex\u002F\" title=\"Codex | IP Geo Block\" rel=\"nofollow ugc\">pre-defined filter hook\u003C\u002Fa>. See various use cases in \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftokkonopapa\u002FWordPress-IP-Geo-Block\u002Fblob\u002Fmaster\u002Fip-geo-block\u002Fsamples.php\" title=\"WordPress-IP-Geo-Block\u002Fsamples.php at master - tokkonopapa\u002FWordPress-IP-Geo-Block - GitHub\" rel=\"nofollow ugc\">samples.php\u003C\u002Fa> bundled within this package.\u003Cbr \u002F>\nYou can also get the extension \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fddur\u002FWordPress-IP-Geo-Allow\" title=\"GitHub - ddur\u002FWordPress-IP-Geo-Allow: WordPress Plugin Exension for WordPress-IP-Geo-Block Plugin\" rel=\"nofollow ugc\">IP Geo Allow\u003C\u002Fa> by \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fddur\" title=\"ddur (Dragan) - GitHub\" rel=\"nofollow ugc\">Dragan\u003C\u002Fa>. It makes admin screens strictly private with more flexible way than specifying IP addresses.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Self blocking prevention and easy rescue:\u003C\u002Fstrong>\u003Cbr \u002F>\nWebsite owners do not prefer themselves to be blocked. This plugin prevents such a sad thing unless you force it. And futhermore, if such a situation occurs, you can \u003Ca href=\"https:\u002F\u002Fwww.ipgeoblock.com\u002Fcodex\u002Fwhat-should-i-do-when-i-m-locked-out.html\" title=\"What should I do when I'm locked out? | IP Geo Block\" rel=\"nofollow ugc\">rescue yourself\u003C\u002Fa> easily.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Clean uninstallation:\u003C\u002Fstrong>\u003Cbr \u002F>\nNothing is left in your precious mySQL database after uninstallation. So you can feel free to install and activate to make a trial of this plugin’s functionality.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Attribution\u003C\u002Fh4>\n\u003Cp>This package includes GeoLite2 library distributed by MaxMind, available from \u003Ca href=\"https:\u002F\u002Fwww.maxmind.com\" title=\"MaxMind - IP Geolocation and Online Fraud Prevention\" rel=\"nofollow ugc\">MaxMind\u003C\u002Fa> (it requires PHP 5.4.0+), and also includes IP2Location open source libraries available from \u003Ca href=\"https:\u002F\u002Fwww.ip2location.com\" title=\"IP Address Geolocation to Identify Website Visitor's Geographical Location\" rel=\"nofollow ugc\">IP2Location\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Also thanks for providing the following great services and REST APIs for free.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fip-api.com\u002F\" title=\"IP-API.com - Free Geolocation API\" rel=\"nofollow ugc\">http:\u002F\u002Fip-api.com\u002F\u003C\u002Fa> (IPv4, IPv6 \u002F free for non-commercial use)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fgeoiplookup.net\u002F\" title=\"What Is My IP Address | GeoIP Lookup\" rel=\"nofollow ugc\">http:\u002F\u002Fgeoiplookup.net\u002F\u003C\u002Fa> (IPv4, IPv6 \u002F free)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fipinfo.io\u002F\" title=\"IP Address API and Data Solutions\" rel=\"nofollow ugc\">https:\u002F\u002Fipinfo.io\u002F\u003C\u002Fa> (IPv4, IPv6 \u002F free)\u003C\u002Fli>\n\u003Cli>[https:\u002F\u002Fipapi.com\u002F](https:\u002F\u002Fipapi.com\u002F “ipapi – IP Address Lookup and Geolocation API) (IPv4, IPv6 \u002F free, need API key)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fipdata.co\u002F\" title=\"ipdata.co - IP Geolocation and Threat Data API\" rel=\"nofollow ugc\">https:\u002F\u002Fipdata.co\u002F\u003C\u002Fa> (IPv4, IPv6 \u002F free, need API key)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fipstack.com\u002F\" title=\"ipstack - Free IP Geolocation API\" rel=\"nofollow ugc\">https:\u002F\u002Fipstack.com\u002F\u003C\u002Fa> (IPv4, IPv6 \u002F free for registered user, need API key)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fipinfodb.com\u002F\" title=\"Free IP Geolocation Tools and API| IPInfoDB\" rel=\"nofollow ugc\">https:\u002F\u002Fipinfodb.com\u002F\u003C\u002Fa> (IPv4, IPv6 \u002F free for registered user, need API key)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Development\u003C\u002Fh4>\n\u003Cp>Development of this plugin is promoted at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftokkonopapa\u002FWordPress-IP-Geo-Block\" title=\"tokkonopapa\u002FWordPress-IP-Geo-Block - GitHub\" rel=\"nofollow ugc\">WordPress-IP-Geo-Block\u003C\u002Fa> and class libraries to handle geo-location database are developed separately as “add-in”s at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftokkonopapa\u002FWordPress-IP-Geo-API\" title=\"tokkonopapa\u002FWordPress-IP-Geo-API - GitHub\" rel=\"nofollow ugc\">WordPress-IP-Geo-API\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>All contributions will always be welcome. Or visit my \u003Ca href=\"https:\u002F\u002Fwww.ipgeoblock.com\u002F\" title=\"IP Geo Block\" rel=\"nofollow ugc\">development blog\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Known issues\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>No image is shown after drag & drop a image in grid view at “Media Library”. For more details, please refer to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftokkonopapa\u002FWordPress-IP-Geo-Block\u002Fissues\u002F2\" title=\"No image is shown after drag & drop a image in grid view at \"Media Library\". - Issue #2 - tokkonopapa\u002FWordPress-IP-Geo-Block - GitHub\" rel=\"nofollow ugc\">this ticket at Github\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>From \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002F2016\u002F03\u002F09\u002Fcomment-changes-in-wordpress-4-5\u002F\" title=\"Comment Changes in WordPress 4.5 – Make WordPress Core\" rel=\"nofollow ugc\">WordPress 4.5\u003C\u002Fa>, \u003Ccode>rel=nofollow\u003C\u002Fcode> had no longer be attached to the links in \u003Ccode>comment_content\u003C\u002Fcode>. This change prevents to block “\u003Ca href=\"https:\u002F\u002Fwww.owasp.org\u002Findex.php\u002FServer_Side_Request_Forgery\" title=\"Server Side Request Forgery - OWASP\" rel=\"nofollow ugc\">Server Side Request Forgeries\u003C\u002Fa>” (not Cross Site but a malicious internal link in the comment field).\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fapps.wordpress.com\u002Fmobile\u002F\" title=\"WordPress.com Apps - Mobile Apps\" rel=\"nofollow ugc\">WordPress.com Mobile App\u003C\u002Fa> can’t execute image uploading because of its own authentication system via XMLRPC.\u003C\u002Fli>\n\u003C\u002Ful>\n","It blocks spam posts, login attempts and malicious access to the back-end requested from the specific countries, and also prevents zero-day exploit.",9000,777726,82,96,"2019-01-22T03:59:00.000Z","5.0.25","3.7","",[20,21,22,23,24],"brute-force","firewall","login","security","vulnerability","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fip-geo-block\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fip-geo-block.3.0.17.4.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},1,30,84,"2026-04-03T21:59:16.260Z",[38,59,77,93,110],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":18,"tags":53,"homepage":18,"download_link":56,"security_score":48,"vuln_count":57,"unpatched_count":28,"last_vuln_date":58,"fetched_at":30},"limit-login-attempts-reloaded","Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall","2.26.28","WPChef","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpchefgadget\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\" rel=\"nofollow ugc\">Limit Login Attempts Reloaded\u003C\u002Fa> functions as a robust deterrent against \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fcracking-the-code-unveiling-the-mechanics-behind-brute-force-attacks\u002F\" rel=\"nofollow ugc\">brute force attacks\u003C\u002Fa>, bolstering your website’s security measures and optimizing its performance. It achieves this by \u003Cstrong>restricting the number of login attempts allowed\u003C\u002Fstrong>. This applies not only to the standard login method, but also to XMLRPC, Woocommerce, and custom login pages. With more than 2.5 million active users, this plugin fulfills all your login security requirements.\u003C\u002Fp>\n\u003Cp>The plugin functions by automatically preventing further attempts from a particular Internet Protocol (IP) address and\u002For username once a predetermined limit of retries has been surpassed. This significantly weakens the effectiveness of brute force attacks on your website.\u003C\u002Fp>\n\u003Cp>By default, WordPress permits an unlimited number of login attempts, posing a vulnerability where passwords can be easily deciphered through brute force methods.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Limit Login Attempts Reloaded Premium (Try Free with \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fpremium-security-zero-cost-discover-the-benefits-of-micro-cloud\u002F\" rel=\"nofollow ugc\">Micro Cloud\u003C\u002Fa>)\u003C\u002Fstrong>\u003Cbr \u002F>\nUpgrade to \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fplans\u002F\" rel=\"nofollow ugc\">Limit Login Attempts Reloaded Premium\u003C\u002Fa> to extend cloud-based protection to the Limit Login Attempts Reloaded plugin, thereby enhancing your login security. The premium version includes a range of highly beneficial features, including \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Ffeatures\u002Fip-intelligence\u002F\" rel=\"nofollow ugc\">IP intelligence\u003C\u002Fa> to \u003Cstrong>detect, counter and deny malicious login attempts\u003C\u002Fstrong>. Your \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Ffailed-login-attempts-in-wordpress\u002F\" rel=\"nofollow ugc\">failed login attempts\u003C\u002Fa> will be safely neutralized in the cloud so your website can function at its optimal performance during an attack.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FJfkvIiQft14?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Features (Free Version):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>2FA\u003C\u002Fstrong> – Coming soon.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit Logins\u003C\u002Fstrong> – Limit the number of retry attempts when logging in (per each IP).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Lockout Timings\u003C\u002Fstrong> – Modify the amount of time a user or IP must wait after a lockout.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remaining Tries\u003C\u002Fstrong> – Informs the user about the remaining retries or lockout time on the login page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lockout Email Notifications\u003C\u002Fstrong> – Informs the admin via email of lockouts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Denied Attempt Logs\u003C\u002Fstrong> – View a log of all denied attempts and lockouts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP & Username Safelist\u002FDenylist\u003C\u002Fstrong> – Control access to usernames and IPs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New User Registration Protection (Micro Cloud Accounts)\u003C\u002Fstrong> – Protects default WP registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sucuri\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Wordfence\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ultimate Member\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WPS Hide Login\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>MemberPress\u003C\u002Fstrong> compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XMLRPC\u003C\u002Fstrong> gateway protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Woocommerce\u003C\u002Fstrong> login page protection.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-site compatibility\u003C\u002Fstrong> with extra MU settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR\u003C\u002Fstrong> compliant.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom IP origins support\u003C\u002Fstrong> (Cloudflare, Sucuri, etc.).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>llar_admin\u003C\u002Fstrong> own capability.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features (Premium Version):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Performance Optimizer\u003C\u002Fstrong> – Offload the burden of excessive failed logins from your server to protect your server resources, resulting in improved speed and efficiency of your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced IP Intelligence\u003C\u002Fstrong> – Identify repetitive and suspicious login attempts to detect potential brute force attacks. IPs with known malicious activity are stored and used to help prevent and counter future attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Throttling\u003C\u002Fstrong> – Longer lockout intervals each time a malicious IP or username tries to login unsuccessfully.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deny By Country\u003C\u002Fstrong> – \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fblock-logins-by-country-in-wordpress\u002F\" rel=\"nofollow ugc\">Block logins by country\u003C\u002Fa> by simply selecting the countries you want to deny.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto IP Denylist\u003C\u002Fstrong> – Automatically add IP addresses to your active cloud deny list that repeatedly fail login attempts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New User Registration Protection\u003C\u002Fstrong> – Protects default WP registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Global Denylist Protection\u003C\u002Fstrong> – Utilize our active cloud IP data from thousands of websites in the LLAR network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Synchronized Lockouts\u003C\u002Fstrong> –  Lockout IP data can be shared between multiple domains for enhanced protection in your network.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Synchronized Safelist\u002FDenylist\u003C\u002Fstrong> – Safelist\u002FDenylist IP and username data can be shared between multiple domains.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support\u003C\u002Fstrong> – Email support with a security tech.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto Backups of All IP Data\u003C\u002Fstrong> – Store your active IP data in the cloud.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Successful Logins Log\u003C\u002Fstrong> – Store successful logins in the cloud including IP info, city, state and lat\u002Flong.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced lockout logs\u003C\u002Fstrong> – Gain valuable insights into the origins of IPs that are attempting logins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSV Download of IP Data\u003C\u002Fstrong> – Download IP data direclty from the cloud.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Supports IPV6 Ranges For Safelist\u002FDenylist\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unlock The Locked Admin\u003C\u002Fstrong> – Easily \u003Ca href=\"https:\u002F\u002Fwww.limitloginattempts.com\u002Fhow-to-unlock-your-site-if-you-are-locked-out-by-limit-login-attempts-reloaded\u002F\" rel=\"nofollow ugc\">unlock the locked admin\u003C\u002Fa> through the cloud.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>*Some features require higher level plans.\u003C\u002Fp>\n\u003Ch4>Upgrading from the old Limit Login Attempts plugin?\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to the Plugins section in your site’s backend.\u003C\u002Fli>\n\u003Cli>Remove the Limit Login Attempts plugin.\u003C\u002Fli>\n\u003Cli>Install the Limit Login Attempts Reloaded plugin.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>All your settings will be kept intact!\u003C\u002Fp>\n\u003Cp>Many languages are currently supported in the Limit Login Attempts Reloaded plugin but we welcome any additional ones.\u003C\u002Fp>\n\u003Cp>Help us bring Limit Login Attempts Reloaded to even more countries.\u003C\u002Fp>\n\u003Cp>Translations: Bulgarian, Brazilian Portuguese, Catalan, Chinese (Traditional), Czech, Dutch, Finnish, French, German, Hungarian, Norwegian, Persian, Romanian, Russian, Spanish, Swedish, Turkish\u003C\u002Fp>\n\u003Cp>Plugin uses standard actions and filters only.\u003C\u002Fp>\n\u003Cp>Based on the original code from Limit Login Attempts plugin by Johan Eenfeldt.\u003C\u002Fp>\n\u003Ch4>Branding Guidelines\u003C\u002Fh4>\n\u003Cp>Limit Login Attempts Reloaded™ is a trademark of Atlantic Silicon Inc. When writing about the plugin, please make sure to use Reloaded after Limit Login Attempts. Limit Login Attempts is the old plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Limit Login Attempts Reloaded (correct)\u003C\u002Fli>\n\u003Cli>Limit Login Attempts (incorrect)\u003C\u002Fli>\n\u003C\u002Ful>\n","Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.",2000000,79399145,98,1441,"2026-01-12T16:01:00.000Z","6.9.4","3.0",[54,20,21,55,23],"2fa","login-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flimit-login-attempts-reloaded.2.26.28.zip",4,"2023-12-20 00:00:00",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":34,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":51,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":75,"download_link":76,"security_score":68,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"securicheck","Securicheck – Audit et Renforcement de Sécurité WordPress","2.1.9","Mickael Hauwy","https:\u002F\u002Fprofiles.wordpress.org\u002F8pixl\u002F","\u003Cp>\u003Cstrong>Votre site WordPress est-il vraiment sécurisé ? 43% des sites WordPress sont vulnérables à des attaques.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Securicheck est le \u003Cstrong>plugin de sécurité WordPress\u003C\u002Fstrong> gratuit qui vous permet de \u003Cstrong>réaliser un audit de sécurité complet\u003C\u002Fstrong> en un seul clic. Analysez plus de 40 points critiques, détectez les vulnérabilités, bloquez les attaques brute force et protégez votre page de connexion — sans aucune compétence technique. Pour chaque anomalie détectée, Securicheck vous indique \u003Cstrong>comment y remédier\u003C\u002Fstrong>, étape par étape.\u003C\u002Fp>\n\u003Cp>Simple à utiliser. Léger. Efficace dès la première activation.\u003C\u002Fp>\n\u003Ch3>🔎 Audit de sécurité WordPress en un clic\u003C\u002Fh3>\n\u003Cp>Lancez votre premier \u003Cstrong>scan de sécurité WordPress\u003C\u002Fstrong> et obtenez immédiatement :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Analyse de \u003Cstrong>plus de 40 points critiques\u003C\u002Fstrong> de sécurité WordPress\u003C\u002Fli>\n\u003Cli>Détection des \u003Cstrong>vulnérabilités WordPress\u003C\u002Fstrong> courantes\u003C\u002Fli>\n\u003Cli>Vérification des configurations sensibles (XML-RPC, REST API, éditeur de fichiers…)\u003C\u002Fli>\n\u003Cli>Analyse des \u003Cstrong>en-têtes HTTP de sécurité\u003C\u002Fstrong> (HSTS, CSP, X-Frame-Options, Referrer-Policy…)\u003C\u002Fli>\n\u003Cli>Vérification de la version PHP, TLS et de la visibilité de la version WordPress\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Score global de sécurité\u003C\u002Fstrong> clair, compréhensible et exportable en JSON\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Conseils de remédiation\u003C\u002Fstrong> détaillés pour chaque anomalie détectée\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>En moins d’une minute, vous savez exactement si votre WordPress est sécurisé — ou exposé aux pirates.\u003C\u002Fp>\n\u003Ch3>💡 Conseils de remédiation pour chaque anomalie détectée\u003C\u002Fh3>\n\u003Cp>Détecter une vulnérabilité, c’est bien. Savoir comment la corriger, c’est mieux.\u003C\u002Fp>\n\u003Cp>Pour chaque problème identifié lors de l’audit, Securicheck vous fournit :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Une \u003Cstrong>explication claire\u003C\u002Fstrong> du problème et de ses risques\u003C\u002Fli>\n\u003Cli>Un \u003Cstrong>conseil précis\u003C\u002Fstrong> pour y remédier, adapté à votre niveau technique\u003C\u002Fli>\n\u003Cli>Une \u003Cstrong>indication de priorité\u003C\u002Fstrong> pour savoir par où commencer\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Pas besoin d’être développeur ou expert en sécurité. Securicheck vous guide pas à pas pour \u003Cstrong>renforcer la sécurité de votre WordPress\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>🛡️ Protection brute force et sécurisation de la connexion\u003C\u002Fh3>\n\u003Cp>Les \u003Cstrong>attaques brute force\u003C\u002Fstrong> visent directement votre page de connexion WordPress (\u003Ccode>wp-login.php\u003C\u002Fcode> et \u003Ccode>wp-admin\u003C\u002Fcode>). Sans protection, votre site est une cible facile.\u003C\u002Fp>\n\u003Cp>Securicheck vous protège :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Blocage automatique des IP\u003C\u002Fstrong> après un nombre configurable de tentatives échouées\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limitation des tentatives de connexion\u003C\u002Fstrong> pour stopper les attaques par dictionnaire\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Logs de connexion\u003C\u002Fstrong> en temps réel (IP, navigateur, résultat)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Masquage de l’URL de connexion WordPress\u003C\u002Fstrong> (wp-login.php) pour la rendre introuvable\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Restriction de l’accès à wp-admin\u003C\u002Fstrong> aux utilisateurs autorisés\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Notifications email\u003C\u002Fstrong> lors du blocage ou déblocage d’une IP suspecte\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Ces mesures réduisent drastiquement les risques de piratage de votre site WordPress.\u003C\u002Fp>\n\u003Ch3>🎯 Pour qui est fait Securicheck ?\u003C\u002Fh3>\n\u003Cp>Securicheck s’adresse à tous ceux qui veulent \u003Cstrong>sécuriser leur WordPress\u003C\u002Fstrong> sans prise de tête :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Blogueurs et créateurs de contenu\u003C\u002Fli>\n\u003Cli>Indépendants et freelances\u003C\u002Fli>\n\u003Cli>PME et TPE\u003C\u002Fli>\n\u003Cli>Boutiques \u003Cstrong>WooCommerce\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Agences web gérant plusieurs sites WordPress\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Si vous cherchez un \u003Cstrong>plugin sécurité WordPress\u003C\u002Fstrong> fiable, clair et sans configuration complexe, Securicheck est la solution qu’il vous faut.\u003C\u002Fp>\n\u003Ch3>⚡ Pourquoi choisir Securicheck ?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Audit complet\u003C\u002Fstrong> : plus de 40 vérifications de sécurité WordPress\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protection brute force\u003C\u002Fstrong> avec blocage automatique d’IP\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Masquage de l’URL de connexion\u003C\u002Fstrong> pour réduire les attaques automatisées\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Logs de connexion\u003C\u002Fstrong> pour surveiller les accès suspects en temps réel\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Notifications email\u003C\u002Fstrong> configurables (blocage IP, résultats d’audit)\u003C\u002Fli>\n\u003Cli>Interface intuitive, aucun paramétrage technique requis\u003C\u002Fli>\n\u003Cli>Plugin \u003Cstrong>léger et optimisé\u003C\u002Fstrong> : aucun impact sur les performances de votre site\u003C\u002Fli>\n\u003Cli>Compatible avec la dernière version de WordPress\u003C\u002Fli>\n\u003Cli>Disponible en \u003Cstrong>français et en anglais\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🌐 Multilingue\u003C\u002Fh3>\n\u003Cp>Securicheck est disponible en \u003Cstrong>français\u003C\u002Fstrong> et en \u003Cstrong>anglais\u003C\u002Fstrong>, pour sécuriser votre WordPress quelle que soit votre langue.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Installez Securicheck maintenant et vérifiez la sécurité de votre site WordPress en moins d’une minute.\u003C\u002Fstrong>\u003C\u002Fp>\n","Auditez et sécurisez votre WordPress en 1 clic : 40+ vérifications, protection brute force, masquage login, blocage IP automatique.",2982,100,2,"2026-03-08T15:34:00.000Z","6.2","7.4",[74,20,21,22,23],"audit","https:\u002F\u002Fwp-securicheck.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecuricheck.2.1.9.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":28,"downloaded":85,"rating":28,"num_ratings":28,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":18,"tags":89,"homepage":91,"download_link":92,"security_score":68,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"custom-login-url-login-designer","Dotsquares Custom Login URL & Security Suite","1.6.2","maheshsharmads","https:\u002F\u002Fprofiles.wordpress.org\u002Fmaheshsharmads\u002F","\u003Cp>Dotsquares Custom Login URL & Security Suite helps secure your WordPress site by allowing you to change the default login URL and apply additional security layers.\u003C\u002Fp>\n\u003Cp>Features included in this plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Custom login slug (redirect wp-login.php to your custom slug)\u003C\u002Fli>\n\u003Cli>Optionally hide wp-login.php (404 for guests)\u003C\u002Fli>\n\u003Cli>Optionally hide wp-admin for guests (404)\u003C\u002Fli>\n\u003Cli>Login page designer (colors, background, form width, custom CSS)\u003C\u002Fli>\n\u003Cli>Brute force protection (limit failed login attempts)\u003C\u002Fli>\n\u003Cli>Firewall (block XML-RPC, block suspicious query strings, IP allow\u002Fblock lists, disallow file editor)\u003C\u002Fli>\n\u003Cli>Malware scanner (heuristic scan for suspicious PHP patterns)\u003C\u002Fli>\n\u003Cli>Hardening (Advanced): DB prefix change + wp-content rename with backup + rollback support\u003C\u002Fli>\n\u003Cli>Rollback system (restores backed-up wp-config.php \u002F .htaccess from plugin backups)\u003C\u002Fli>\n\u003Cli>Security dashboard for monitoring key protection settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Important\u003C\u002Fh3>\n\u003Cp>Hardening actions such as \u003Cstrong>DB prefix change\u003C\u002Fstrong> and \u003Cstrong>wp-content rename\u003C\u002Fstrong> are advanced operations.\u003Cbr \u002F>\nAlways run these features on a \u003Cstrong>staging environment\u003C\u002Fstrong> and ensure you have a \u003Cstrong>full backup\u003C\u002Fstrong> before applying them on production.\u003C\u002Fp>\n","Change your WordPress login URL, design the login page, and enhance your site's security with built-in protection tools.",307,"2026-03-06T13:54:00.000Z","6.8.5","6.0",[20,21,22,90,23],"malware-scanner","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-login-url-login-designer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-login-url-login-designer.1.6.2.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":28,"downloaded":101,"rating":28,"num_ratings":28,"last_updated":102,"tested_up_to":51,"requires_at_least":103,"requires_php":104,"tags":105,"homepage":108,"download_link":109,"security_score":68,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"cyber-smart-defence","Cyber Smart Defence","3.1.3","cybersmartempire","https:\u002F\u002Fprofiles.wordpress.org\u002Fcybersmartempire\u002F","\u003Cp>Cyber Smart Defence is a lightweight WordPress security plugin designed to protect your website against unauthorized access, brute-force login attempts, and suspicious request patterns.\u003C\u002Fp>\n\u003Cp>The plugin runs quietly in the background and integrates directly with WordPress. It monitors login activity, blocks abusive behavior, and records security-related events for administrative review.\u003C\u002Fp>\n\u003Cp>No complex configuration is required. Once activated, protection is enabled automatically.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Login attempt monitoring\u003C\u002Fli>\n\u003Cli>Automatic temporary lockout after multiple failed login attempts\u003C\u002Fli>\n\u003Cli>IP-based threat detection\u003C\u002Fli>\n\u003Cli>Firewall protection against common malicious request patterns\u003C\u002Fli>\n\u003Cli>Secure threat logging for administrators\u003C\u002Fli>\n\u003Cli>Lightweight and performance-friendly\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to an external service provided by Cyber Smart Empire to check IP reputation.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What data is sent\u003C\u002Fstrong>\u003Cbr \u002F>\n* IP address of the visitor being checked\u003C\u002Fp>\n\u003Cp>\u003Cstrong>When data is sent\u003C\u002Fstrong>\u003Cbr \u002F>\n* Only when an IP reputation check is performed\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service provider\u003C\u002Fstrong>\u003Cbr \u002F>\n* Cyber Smart Empire\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service URL\u003C\u002Fstrong>\u003Cbr \u002F>\n* https:\u002F\u002Fcybersmartempire.com\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy Policy\u003C\u002Fstrong>\u003Cbr \u002F>\n* https:\u002F\u002Fcybersmartempire.com\u002Fprivacy\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Terms of Service\u003C\u002Fstrong>\u003Cbr \u002F>\n* https:\u002F\u002Fcybersmartempire.com\u002Fterms\u002F\u003C\u002Fp>\n","Lightweight WordPress security firewall with login protection and threat monitoring.",138,"2025-12-24T16:40:00.000Z","5.5","7.2",[20,21,106,23,107],"login-protection","website-security","https:\u002F\u002Fcybersmartempire.com\u002Fcyberdefence\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcyber-smart-defence.zip",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":28,"downloaded":118,"rating":28,"num_ratings":28,"last_updated":119,"tested_up_to":51,"requires_at_least":120,"requires_php":72,"tags":121,"homepage":123,"download_link":124,"security_score":68,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"liveupx-security","Liveupx Security","1.5.2","Liveupx","https:\u002F\u002Fprofiles.wordpress.org\u002Fliveupx\u002F","\u003Cp>Liveupx Security is a lightweight yet powerful WordPress security plugin that protects your website from hackers, brute force attacks, and malicious activity. Developed by \u003Ca href=\"https:\u002F\u002Fliveupx.com\" rel=\"nofollow ugc\">Liveupx.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Login Security\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Brute force protection with automatic IP lockout\u003C\u002Fli>\n\u003Cli>Configurable failed login attempts and lockout duration\u003C\u002Fli>\n\u003Cli>Honeypot field to catch automated bots\u003C\u002Fli>\n\u003Cli>Simple math CAPTCHA for human verification\u003C\u002Fli>\n\u003Cli>Hide specific login error messages\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Firewall Protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block malicious query strings (SQL injection, XSS)\u003C\u002Fli>\n\u003Cli>Block known vulnerability scanners and bad bots\u003C\u002Fli>\n\u003Cli>Disable XML-RPC to prevent DDoS attacks\u003C\u002Fli>\n\u003Cli>Disable pingbacks\u003C\u002Fli>\n\u003Cli>Remove WordPress version from source code\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>User Security\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>User enumeration protection\u003C\u002Fli>\n\u003Cli>REST API user endpoint protection\u003C\u002Fli>\n\u003Cli>Strong password enforcement\u003C\u002Fli>\n\u003Cli>Block common admin usernames\u003C\u002Fli>\n\u003Cli>Disable theme\u002Fplugin file editor\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>IP Management\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Manual IP blocking with reason\u003C\u002Fli>\n\u003Cli>IP whitelisting for trusted addresses\u003C\u002Fli>\n\u003Cli>Automatic blocking after security violations\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Activity Monitoring\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Comprehensive security event logging\u003C\u002Fli>\n\u003Cli>Track login attempts and user activity\u003C\u002Fli>\n\u003Cli>Automatic cleanup of old log entries\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Server Protection (Apache)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>.htaccess security rules\u003C\u002Fli>\n\u003Cli>Protect wp-config.php\u003C\u002Fli>\n\u003Cli>Disable directory browsing\u003C\u002Fli>\n\u003Cli>Block common exploits\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Why Choose Liveupx Security?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Lightweight\u003C\u002Fstrong> – Minimal impact on site performance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No External Services\u003C\u002Fstrong> – All protection happens on your server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy to Use\u003C\u002Fstrong> – Simple settings with sensible defaults\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Open Source\u003C\u002Fstrong> – 100% free with no premium upsells\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Focused\u003C\u002Fstrong> – No data sent to third parties\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Data Storage\u003C\u002Fh4>\n\u003Cp>This plugin stores security-related data in your WordPress database including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Failed login attempts (IP address, username, timestamp)\u003C\u002Fli>\n\u003Cli>Login lockouts (IP address, duration, reason)\u003C\u002Fli>\n\u003Cli>Blocked and whitelisted IP addresses\u003C\u002Fli>\n\u003Cli>Security activity log (events, user info, IP addresses)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All data is stored locally on your server and is never transmitted to external services.\u003C\u002Fp>\n\u003Ch4>Documentation\u003C\u002Fh4>\n\u003Cp>For documentation and support, visit \u003Ca href=\"https:\u002F\u002Fliveupx.com\u002Fdocs\" rel=\"nofollow ugc\">liveupx.com\u002Fdocs\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Contributing\u003C\u002Fh4>\n\u003Cp>Liveupx Security is open source. Contribute on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fliveupx\u002Fliveupx-security\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Liveupx Security stores the following data locally in your WordPress database:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Login Attempts\u003C\u002Fstrong>: IP addresses, usernames, and timestamps of failed login attempts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lockouts\u003C\u002Fstrong>: IP addresses and lockout details for brute force protection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity Log\u003C\u002Fstrong>: Security events including user actions, IP addresses, and timestamps\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Lists\u003C\u002Fstrong>: Manually blocked and whitelisted IP addresses\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This data is used solely for security purposes and is never shared with third parties. Data is automatically cleaned up based on configurable retention periods (default: 7 days for failed logins, 30 days for activity logs).\u003C\u002Fp>\n\u003Cp>You can clear all stored data at any time from the plugin settings. When the plugin is uninstalled, all data is permanently deleted from your database.\u003C\u002Fp>\n","Comprehensive WordPress security plugin with login protection, firewall, brute force prevention, IP blocking, and activity logging.",116,"2026-01-09T19:58:00.000Z","5.0",[20,21,106,122,23],"malware","https:\u002F\u002Fliveupx.com\u002Fliveupx-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fliveupx-security.1.5.2.zip",{"attackSurface":126,"codeSignals":384,"taintFlows":597,"riskAssessment":743,"analyzedAt":756},{"hooks":127,"ajaxHandlers":376,"restRoutes":381,"shortcodes":382,"cronEvents":383,"entryPointCount":33,"unprotectedCount":33},[128,134,140,144,148,152,155,159,162,166,168,172,176,180,184,188,192,195,200,204,207,210,213,216,219,222,225,228,231,235,237,241,244,247,250,254,258,262,266,269,273,276,281,284,285,290,293,297,299,303,306,309,312,316,320,324,328,332,336,340,344,348,352,356,360,364,368,372],{"type":129,"name":130,"callback":131,"file":132,"line":133},"action","init","admin_init","admin\\class-ip-geo-block-admin.php",39,{"type":135,"name":136,"callback":137,"priority":138,"file":132,"line":139},"filter","wp_redirect","add_redirect_nonce",10,45,{"type":129,"name":141,"callback":142,"file":132,"line":143},"admin_menu","setup_admin_page",66,{"type":129,"name":145,"callback":146,"file":132,"line":147},"admin_post_ip_geo_block","admin_ajax_callback",67,{"type":135,"name":149,"callback":150,"priority":138,"file":132,"line":151},"wp_prepare_revision_for_js","add_revision_nonce",69,{"type":129,"name":153,"callback":142,"file":132,"line":154},"network_admin_menu",76,{"type":129,"name":156,"callback":157,"priority":138,"file":132,"line":158},"wpmu_new_blog","create_blog",77,{"type":129,"name":160,"callback":160,"priority":138,"file":132,"line":161},"delete_blog",78,{"type":135,"name":163,"callback":164,"file":132,"line":165},"admin_body_class","add_webview_class",89,{"type":135,"name":163,"callback":164,"file":132,"line":167},94,{"type":135,"name":169,"callback":170,"file":132,"line":171},"google-charts","google_charts_cn",246,{"type":135,"name":173,"callback":174,"file":132,"line":175},"google-maps","google_maps_cn",247,{"type":135,"name":177,"callback":178,"file":132,"line":179},"google-maps-nokey","google_maps_nokey_cn",248,{"type":135,"name":181,"callback":182,"priority":138,"file":132,"line":183},"plugin_row_meta","add_plugin_meta_links",653,{"type":129,"name":185,"callback":186,"priority":28,"file":132,"line":187},"admin_enqueue_scripts","enqueue_nonce",658,{"type":129,"name":189,"callback":190,"file":132,"line":191},"admin_notices","show_admin_notices",661,{"type":129,"name":193,"callback":190,"file":132,"line":194},"network_admin_notices",662,{"type":129,"name":196,"callback":197,"file":198,"line":199},"shutdown","deactivate_plugin","classes\\class-ip-geo-block-actv.php",93,{"type":129,"name":130,"callback":201,"file":202,"line":203},"validate_direct","classes\\class-ip-geo-block.php",101,{"type":129,"name":131,"callback":205,"file":202,"line":206},"validate_admin",103,{"type":129,"name":130,"callback":208,"file":202,"line":209},"anonymous",109,{"type":129,"name":130,"callback":211,"file":202,"line":212},"validate_comment",115,{"type":129,"name":130,"callback":214,"file":202,"line":215},"validate_public",121,{"type":129,"name":217,"callback":211,"file":202,"line":218},"pre_comment_on_post",130,{"type":129,"name":220,"callback":211,"file":202,"line":221},"pre_trackback_post",131,{"type":135,"name":223,"callback":211,"file":202,"line":224},"preprocess_comment",132,{"type":129,"name":226,"callback":211,"file":202,"line":227},"bbp_post_request_bbp-new-topic",135,{"type":129,"name":229,"callback":211,"file":202,"line":230},"bbp_post_request_bbp-new-reply",136,{"type":135,"name":232,"callback":233,"file":202,"line":234},"bbp_current_user_can_access_create_topic_form","validate_front",137,{"type":135,"name":236,"callback":233,"file":202,"line":101},"bbp_current_user_can_access_create_reply_form",{"type":129,"name":238,"callback":239,"file":202,"line":240},"login_init","validate_login",143,{"type":129,"name":242,"callback":239,"file":202,"line":243},"bp_core_screen_signup",147,{"type":129,"name":245,"callback":239,"file":202,"line":246},"bp_signup_pre_validate",148,{"type":129,"name":248,"callback":186,"file":202,"line":249},"wp_enqueue_scripts",158,{"type":135,"name":136,"callback":251,"priority":252,"file":202,"line":253},"logout_redirect",20,162,{"type":135,"name":255,"callback":256,"file":202,"line":257},"http_request_args","request_nonce",163,{"type":135,"name":259,"callback":260,"file":202,"line":261},"document_title_parts","change_title",494,{"type":135,"name":263,"callback":264,"file":202,"line":265},"xmlrpc_login_error","auth_fail",609,{"type":129,"name":267,"callback":264,"file":202,"line":268},"wp_login_failed",643,{"type":135,"name":270,"callback":271,"priority":138,"file":202,"line":272},"site_url","filter_login_url",652,{"type":129,"name":274,"callback":214,"file":202,"line":275},"wp",999,{"type":129,"name":277,"callback":278,"file":279,"line":280},"plugins_loaded","ip_geo_block_update","ip-geo-block.php",80,{"type":129,"name":277,"callback":282,"file":279,"line":283},"get_instance",86,{"type":129,"name":277,"callback":282,"file":279,"line":48},{"type":135,"name":286,"callback":287,"file":288,"line":289},"ip-geo-block-ip-addr","my_replace_ip","samples.php",29,{"type":135,"name":286,"callback":291,"file":288,"line":292},"my_retrieve_ip",51,{"type":135,"name":294,"callback":295,"file":288,"line":296},"ip-geo-block-login","my_emergency",65,{"type":135,"name":298,"callback":295,"file":288,"line":143},"ip-geo-block-admin",{"type":135,"name":300,"callback":301,"file":288,"line":302},"ip-geo-block-comment","my_blacklist",92,{"type":135,"name":294,"callback":304,"file":288,"line":305},"my_whitelist",117,{"type":135,"name":307,"callback":304,"file":288,"line":308},"ip-geo-block-xmlrpc",118,{"type":135,"name":298,"callback":310,"file":288,"line":311},"my_permitted_ajax",141,{"type":135,"name":313,"callback":314,"priority":138,"file":288,"line":315},"ip-geo-block-extra-ips","my_extra_ips_hook",189,{"type":135,"name":317,"callback":318,"file":288,"line":319},"ip-geo-block-xmlrpc-status","my_xmlrpc_status",203,{"type":135,"name":321,"callback":322,"file":288,"line":323},"ip-geo-block-login-status","my_login_status",204,{"type":135,"name":325,"callback":326,"file":288,"line":327},"ip-geo-block-login-reason","my_login_reason",205,{"type":135,"name":329,"callback":330,"file":288,"line":331},"ip-geo-block-bypass-admins","my_bypass_admins",227,{"type":135,"name":333,"callback":334,"file":288,"line":335},"ip-geo-block-bypass-plugins","my_bypass_plugins",245,{"type":135,"name":337,"callback":338,"file":288,"line":339},"ip-geo-block-bypass-themes","my_bypass_themes",263,{"type":135,"name":341,"callback":342,"file":288,"line":343},"ip-geo-block-headers","my_user_agent",279,{"type":135,"name":345,"callback":346,"file":288,"line":347},"ip-geo-block-maxmind-dir","my_maxmind_dir",294,{"type":135,"name":349,"callback":350,"file":288,"line":351},"ip-geo-block-maxmind-zip-ipv4","my_maxmind_ipv4",312,{"type":135,"name":353,"callback":354,"file":288,"line":355},"ip-geo-block-maxmind-zip-ipv6","my_maxmind_ipv6",313,{"type":135,"name":357,"callback":358,"file":288,"line":359},"ip-geo-block-ip2location-path","my_ip2location_path",327,{"type":135,"name":361,"callback":362,"priority":138,"file":288,"line":363},"ip-geo-block-backup-dir","my_backup_dir",345,{"type":135,"name":365,"callback":366,"priority":138,"file":288,"line":367},"ip-geo-block-record-logs","my_record_logs",404,{"type":135,"name":369,"callback":370,"file":288,"line":371},"ip-geo-block-dns","my_gethostbyaddr",418,{"type":129,"name":189,"callback":373,"file":374,"line":375},"ip_geo_block_mu_notice","wp-content\\mu-plugins\\ip-geo-block-mu.php",58,[377],{"action":378,"nopriv":379,"callback":146,"hasNonce":379,"hasCapCheck":379,"file":132,"line":380},"ip_geo_block",false,68,[],[],[],{"dangerousFunctions":385,"sqlUsage":395,"outputEscaping":442,"fileOperations":590,"externalRequests":591,"nonceChecks":33,"capabilityChecks":592,"bundledLibraries":593},[386,390],{"fn":387,"file":132,"line":388,"context":389},"assert",172,"defined( 'IP_GEO_BLOCK_DEBUG' ) and IP_GEO_BLOCK_DEBUG and assert( is_main_site(), 'Not main blog.' ",{"fn":391,"file":392,"line":393,"context":394},"unserialize","classes\\class-ip-geo-block-logs.php",283,"return empty( $data ) ? self::$default : unserialize( $data[0]['data'] ) + self::$default;",{"prepared":396,"raw":397,"locations":398},55,19,[399,402,405,407,410,412,413,415,418,421,424,426,428,429,431,433,435,437,439],{"file":132,"line":400,"context":401},1446,"$wpdb->get_col() with variable interpolation",{"file":403,"line":404,"context":401},"admin\\includes\\class-admin-ajax.php",316,{"file":403,"line":406,"context":401},360,{"file":408,"line":409,"context":401},"admin\\includes\\tab-settings.php",1457,{"file":198,"line":411,"context":401},61,{"file":198,"line":203,"context":401},{"file":414,"line":221,"context":401},"classes\\class-ip-geo-block-cron.php",{"file":392,"line":416,"context":417},220,"$wpdb->query() with variable interpolation",{"file":392,"line":419,"context":420},235,"$wpdb->get_var() with variable interpolation",{"file":392,"line":422,"context":423},240,"$wpdb->get_results() with variable interpolation",{"file":392,"line":425,"context":417},264,{"file":392,"line":427,"context":423},282,{"file":392,"line":268,"context":420},{"file":392,"line":430,"context":417},762,{"file":392,"line":432,"context":420},1013,{"file":392,"line":434,"context":417},1016,{"file":392,"line":436,"context":420},1027,{"file":392,"line":438,"context":420},1177,{"file":440,"line":441,"context":401},"uninstall.php",48,{"escaped":308,"rawEcho":302,"locations":443},[444,447,449,451,452,454,456,457,459,460,462,464,466,468,469,470,472,474,475,476,478,479,481,483,484,485,486,487,488,489,491,492,493,495,496,498,500,501,502,503,505,506,508,510,512,514,516,518,519,520,521,523,524,525,526,528,530,532,533,535,537,540,542,545,547,548,550,551,552,553,554,556,557,558,559,560,561,562,563,565,566,568,570,573,575,576,578,580,582,584,586,588],{"file":132,"line":445,"context":446},392,"raw output",{"file":132,"line":448,"context":446},394,{"file":132,"line":450,"context":446},701,{"file":132,"line":450,"context":446},{"file":132,"line":453,"context":446},779,{"file":132,"line":455,"context":446},782,{"file":132,"line":455,"context":446},{"file":132,"line":458,"context":446},795,{"file":132,"line":458,"context":446},{"file":132,"line":461,"context":446},815,{"file":132,"line":463,"context":446},816,{"file":132,"line":465,"context":446},817,{"file":132,"line":467,"context":446},820,{"file":132,"line":467,"context":446},{"file":132,"line":467,"context":446},{"file":132,"line":471,"context":446},853,{"file":132,"line":473,"context":446},879,{"file":132,"line":473,"context":446},{"file":132,"line":473,"context":446},{"file":132,"line":477,"context":446},880,{"file":132,"line":477,"context":446},{"file":132,"line":480,"context":446},882,{"file":132,"line":482,"context":446},893,{"file":132,"line":482,"context":446},{"file":132,"line":482,"context":446},{"file":132,"line":482,"context":446},{"file":132,"line":482,"context":446},{"file":132,"line":482,"context":446},{"file":132,"line":482,"context":446},{"file":132,"line":490,"context":446},895,{"file":132,"line":490,"context":446},{"file":132,"line":490,"context":446},{"file":132,"line":494,"context":446},897,{"file":132,"line":494,"context":446},{"file":132,"line":497,"context":446},899,{"file":132,"line":499,"context":446},908,{"file":132,"line":499,"context":446},{"file":132,"line":499,"context":446},{"file":132,"line":499,"context":446},{"file":132,"line":504,"context":446},911,{"file":132,"line":504,"context":446},{"file":132,"line":507,"context":446},913,{"file":132,"line":509,"context":446},922,{"file":132,"line":511,"context":446},924,{"file":132,"line":513,"context":446},926,{"file":132,"line":515,"context":446},934,{"file":132,"line":517,"context":446},945,{"file":132,"line":517,"context":446},{"file":132,"line":517,"context":446},{"file":132,"line":517,"context":446},{"file":132,"line":522,"context":446},952,{"file":132,"line":522,"context":446},{"file":132,"line":522,"context":446},{"file":132,"line":522,"context":446},{"file":132,"line":527,"context":446},960,{"file":132,"line":529,"context":446},966,{"file":132,"line":531,"context":446},971,{"file":403,"line":234,"context":446},{"file":403,"line":534,"context":446},274,{"file":403,"line":536,"context":446},464,{"file":538,"line":539,"context":446},"admin\\includes\\tab-accesslog.php",206,{"file":538,"line":541,"context":446},207,{"file":543,"line":544,"context":446},"admin\\includes\\tab-network.php",112,{"file":543,"line":546,"context":446},113,{"file":543,"line":234,"context":446},{"file":543,"line":549,"context":446},140,{"file":543,"line":549,"context":446},{"file":543,"line":549,"context":446},{"file":543,"line":549,"context":446},{"file":543,"line":549,"context":446},{"file":543,"line":555,"context":446},152,{"file":543,"line":555,"context":446},{"file":543,"line":249,"context":446},{"file":543,"line":249,"context":446},{"file":543,"line":249,"context":446},{"file":543,"line":253,"context":446},{"file":543,"line":253,"context":446},{"file":543,"line":253,"context":446},{"file":408,"line":564,"context":446},1641,{"file":408,"line":564,"context":446},{"file":408,"line":567,"context":446},1651,{"file":408,"line":569,"context":446},1659,{"file":571,"line":572,"context":446},"admin\\includes\\tab-statistics.php",348,{"file":571,"line":574,"context":446},366,{"file":571,"line":367,"context":446},{"file":571,"line":577,"context":446},405,{"file":571,"line":579,"context":446},410,{"file":571,"line":581,"context":446},411,{"file":571,"line":583,"context":446},416,{"file":571,"line":585,"context":446},417,{"file":202,"line":587,"context":446},297,{"file":374,"line":589,"context":446},71,32,3,6,[594],{"name":595,"version":29,"knownCves":596},"DataTables",[],[598,614,624,642,659,668,681,690,703,715,725],{"entryPoint":599,"graph":600,"unsanitizedCount":33,"severity":613},"export_logs (admin\\includes\\class-admin-ajax.php:101)",{"nodes":601,"edges":611},[602,606],{"id":603,"type":604,"label":605,"file":403,"line":206},"n0","source","$_SERVER",{"id":607,"type":608,"label":609,"file":403,"line":224,"wp_function":610},"n1","sink","header() [Header Injection]","header",[612],{"from":603,"to":607,"sanitized":379},"medium",{"entryPoint":615,"graph":616,"unsanitizedCount":33,"severity":613},"export_cache (admin\\includes\\class-admin-ajax.php:235)",{"nodes":617,"edges":622},[618,620],{"id":603,"type":604,"label":605,"file":403,"line":619},237,{"id":607,"type":608,"label":609,"file":403,"line":621,"wp_function":610},269,[623],{"from":603,"to":607,"sanitized":379},{"entryPoint":625,"graph":626,"unsanitizedCount":69,"severity":613},"validate_settings (admin\\includes\\class-admin-ajax.php:427)",{"nodes":627,"edges":639},[628,631,633,635],{"id":603,"type":604,"label":629,"file":403,"line":630},"$_POST",433,{"id":607,"type":608,"label":609,"file":403,"line":632,"wp_function":610},463,{"id":634,"type":604,"label":629,"file":403,"line":630},"n2",{"id":636,"type":608,"label":637,"file":403,"line":536,"wp_function":638},"n3","echo() [XSS]","echo",[640,641],{"from":603,"to":607,"sanitized":379},{"from":634,"to":636,"sanitized":379},{"entryPoint":643,"graph":644,"unsanitizedCount":57,"severity":613},"\u003Cclass-admin-ajax> (admin\\includes\\class-admin-ajax.php:0)",{"nodes":645,"edges":655},[646,648,649,650,651,653],{"id":603,"type":604,"label":647,"file":403,"line":206},"$_SERVER (x2)",{"id":607,"type":608,"label":609,"file":403,"line":224,"wp_function":610},{"id":634,"type":604,"label":629,"file":403,"line":630},{"id":636,"type":608,"label":609,"file":403,"line":632,"wp_function":610},{"id":652,"type":604,"label":629,"file":403,"line":630},"n4",{"id":654,"type":608,"label":637,"file":403,"line":536,"wp_function":638},"n5",[656,657,658],{"from":603,"to":607,"sanitized":379},{"from":634,"to":636,"sanitized":379},{"from":652,"to":654,"sanitized":379},{"entryPoint":660,"graph":661,"unsanitizedCount":591,"severity":613},"render_network (admin\\includes\\tab-network.php:106)",{"nodes":662,"edges":666},[663,665],{"id":603,"type":604,"label":664,"file":543,"line":308},"$_REQUEST (x3)",{"id":607,"type":608,"label":637,"file":543,"line":234,"wp_function":638},[667],{"from":603,"to":607,"sanitized":379},{"entryPoint":669,"graph":670,"unsanitizedCount":33,"severity":613},"backup_logs (classes\\class-ip-geo-block-logs.php:498)",{"nodes":671,"edges":679},[672,675],{"id":603,"type":604,"label":673,"file":392,"line":674},"$_SERVER['REQUEST_TIME']",503,{"id":607,"type":608,"label":676,"file":392,"line":677,"wp_function":678},"file_put_contents() [File Write]",500,"file_put_contents",[680],{"from":603,"to":607,"sanitized":379},{"entryPoint":682,"graph":683,"unsanitizedCount":591,"severity":689},"\u003Ctab-network> (admin\\includes\\tab-network.php:0)",{"nodes":684,"edges":687},[685,686],{"id":603,"type":604,"label":664,"file":543,"line":308},{"id":607,"type":608,"label":637,"file":543,"line":234,"wp_function":638},[688],{"from":603,"to":607,"sanitized":379},"low",{"entryPoint":691,"graph":692,"unsanitizedCount":69,"severity":702},"record_logs (classes\\class-ip-geo-block-logs.php:612)",{"nodes":693,"edges":700},[694,696],{"id":603,"type":604,"label":647,"file":392,"line":695},666,{"id":607,"type":608,"label":697,"file":392,"line":698,"wp_function":699},"query() [SQLi]",677,"query",[701],{"from":603,"to":607,"sanitized":379},"high",{"entryPoint":704,"graph":705,"unsanitizedCount":69,"severity":702},"get_recent_logs (classes\\class-ip-geo-block-logs.php:900)",{"nodes":706,"edges":713},[707,709],{"id":603,"type":604,"label":647,"file":392,"line":708},909,{"id":607,"type":608,"label":710,"file":392,"line":711,"wp_function":712},"get_results() [SQLi]",910,"get_results",[714],{"from":603,"to":607,"sanitized":379},{"entryPoint":716,"graph":717,"unsanitizedCount":33,"severity":702},"delete_expired (classes\\class-ip-geo-block-logs.php:1203)",{"nodes":718,"edges":723},[719,721],{"id":603,"type":604,"label":605,"file":392,"line":720},1208,{"id":607,"type":608,"label":697,"file":392,"line":722,"wp_function":699},1209,[724],{"from":603,"to":607,"sanitized":379},{"entryPoint":726,"graph":727,"unsanitizedCount":397,"severity":702},"\u003Cclass-ip-geo-block-logs> (classes\\class-ip-geo-block-logs.php:0)",{"nodes":728,"edges":739},[729,730,731,733,734,737],{"id":603,"type":604,"label":673,"file":392,"line":674},{"id":607,"type":608,"label":676,"file":392,"line":677,"wp_function":678},{"id":634,"type":604,"label":732,"file":392,"line":695},"$_SERVER (x8)",{"id":636,"type":608,"label":697,"file":392,"line":698,"wp_function":699},{"id":652,"type":604,"label":735,"file":392,"line":736},"$_SERVER (x10)",683,{"id":654,"type":608,"label":710,"file":392,"line":738,"wp_function":712},807,[740,741,742],{"from":603,"to":607,"sanitized":379},{"from":634,"to":636,"sanitized":379},{"from":652,"to":654,"sanitized":379},{"summary":744,"deductions":745},"The ip-geo-block plugin version 3.0.17.4 presents a mixed security posture. While it demonstrates some good practices like a high percentage of prepared SQL statements and a decent number of capability checks, there are significant concerns.  The presence of a single AJAX handler without authentication checks, coupled with 100% of analyzed taint flows having unsanitized paths with high severity, indicates a potentially exploitable attack surface.  The use of dangerous functions like 'assert' and 'unserialize' further amplifies these risks. The absence of any recorded vulnerabilities historically is a positive sign, suggesting the plugin might not have a history of exploitable flaws. However, this does not negate the immediate risks identified in the static and taint analysis.  The plugin's strengths lie in its SQL query preparation and some use of capability checks. Its weaknesses are the unprotected AJAX endpoint, critical taint flows, and the use of dangerous functions, which introduce significant potential for compromise.",[746,749,752,754],{"reason":747,"points":748},"AJAX handler without authentication",8,{"reason":750,"points":751},"4 high severity unsanitized taint flows",12,{"reason":753,"points":138},"Dangerous functions: assert, unserialize",{"reason":755,"points":57},"56% of outputs properly escaped","2026-03-16T17:51:31.280Z",{"wat":758,"direct":771},{"assetPaths":759,"generatorPatterns":764,"scriptPaths":765,"versionParams":766},[760,761,762,763],"\u002Fwp-content\u002Fplugins\u002Fip-geo-block\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fip-geo-block\u002Fassets\u002Fcss\u002Fcommon.css","\u002Fwp-content\u002Fplugins\u002Fip-geo-block\u002Fassets\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fip-geo-block\u002Fassets\u002Fjs\u002Fcommon.js",[],[762,763],[767,768,769,770],"ip-geo-block\u002Fassets\u002Fcss\u002Fadmin.css?ver=","ip-geo-block\u002Fassets\u002Fcss\u002Fcommon.css?ver=","ip-geo-block\u002Fassets\u002Fjs\u002Fadmin.js?ver=","ip-geo-block\u002Fassets\u002Fjs\u002Fcommon.js?ver=",{"cssClasses":772,"htmlComments":773,"htmlAttributes":775,"restEndpoints":776,"jsGlobals":777,"shortcodeOutput":778},[4],[774],"\u003C!-- ADD `\u002F` TO THE TOP OR END OF THIS LINE TO ACTIVATE THE FOLLOWINGS -->",[],[],[],[]]