Does IP Location Block have any unpatched vulnerabilities?

No. All known vulnerabilities in IP Location Block have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is IP Location Block compatible with WordPress 7.0?

According to WordPress.org data, IP Location Block 1.3.8 has been tested up to WordPress 7.0. Check the plugin's changelog for the latest compatibility information.

How often is IP Location Block updated?

IP Location Block was last updated on Mar 13, 2026. Frequent updates are generally a positive security signal.

What is IP Location Block's security score?

IP Location Block has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

IP Location Block Security & Risk Analysis

wordpress.org/plugins/ip-location-block

Easily block visitors by country, state or ISP provider. Also, protects your site from spam, login attempts, malicious access & more.

10K active installs v1.3.8 PHP + WP 3.7+ Updated Mar 13, 2026

blockcountrygeolocationip-addressip-geo-block

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is IP Location Block Safe to Use in 2026?

Generally Safe

Score 100/100

IP Location Block has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 21d ago

Risk Assessment

The "ip-location-block" v1.3.8 plugin exhibits a mixed security posture. While it has a clean vulnerability history with no recorded CVEs, its static analysis reveals several areas of concern that detract from its overall security. The presence of an unprotected AJAX handler is a significant weakness, presenting a direct entry point for potential attackers without any authorization checks. Furthermore, the taint analysis indicates 11 flows with unsanitized paths, with 4 classified as high severity, suggesting a risk of data being processed without proper sanitization, which could lead to various injection vulnerabilities if these flows are exploited. The use of dangerous functions like 'assert' and 'unserialize' also raises red flags, as these functions can be exploited if user-supplied data is passed to them without strict validation. While the plugin demonstrates some good practices like using prepared statements for a majority of its SQL queries and has a good number of output escaping routines, the critical issues identified in the attack surface and taint analysis outweigh these positives, indicating a moderate to high risk for users.

Key Concerns

Unprotected AJAX handler
High severity unsanitized taint flows (4)
Use of dangerous functions (assert, unserialize)
Unsanitized paths in all taint flows (11)
Low percentage of properly escaped output

Vulnerabilities

None known

IP Location Block Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

IP Location Block Code Analysis

Dangerous Functions

Raw SQL Queries

54 prepared

Unescaped Output

101

165 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

assertdefined( 'IP_LOCATION_BLOCK_DEBUG' ) and IP_LOCATION_BLOCK_DEBUG and assert( is_main_site(), 'Not maadmin\class-ip-location-block-admin.php:324

unserializereturn empty( $data ) ? self::$default : unserialize( $data[0]['data'] ) + self::$default;classes\class-ip-location-block-logs.php:284

unserialize$decoded = unserialize($data);includes\Net\DNS2\Cache\File.php:81

unserialize$decoded = unserialize($data);includes\Net\DNS2\Cache\File.php:173

unserialize$decoded = unserialize($data);includes\Net\DNS2\Cache\Shm.php:118

unserialize$decoded = unserialize($data);includes\Net\DNS2\Cache\Shm.php:216

unserializereturn unserialize($this->cache_data[$key]['object']);includes\Net\DNS2\Cache.php:82

Bundled Libraries

DataTables

SQL Query Safety

70% prepared77 total queries

Output Escaping

62% escaped266 total outputs

Data Flows

11 unsanitized

Data Flow Analysis

11 flows11 with unsanitized paths

export_logs (admin\includes\class-admin-ajax.php:128)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

IP Location Block Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_ip_location_blockadmin\class-ip-location-block-admin.php:196

WordPress Hooks 62

actioninitadmin\class-ip-location-block-admin.php:43

filterwp_redirectadmin\class-ip-location-block-admin.php:49

actionadmin_menuadmin\class-ip-location-block-admin.php:194

actionadmin_post_ip_location_blockadmin\class-ip-location-block-admin.php:195

filterwp_prepare_revision_for_jsadmin\class-ip-location-block-admin.php:197

actionadmin_enqueue_scriptsadmin\class-ip-location-block-admin.php:198

filterip-location-block-bypass-adminsadmin\class-ip-location-block-admin.php:201

actionnetwork_admin_menuadmin\class-ip-location-block-admin.php:206

actionwpmu_new_blogadmin\class-ip-location-block-admin.php:207

actiondelete_blogadmin\class-ip-location-block-admin.php:208

filteradmin_body_classadmin\class-ip-location-block-admin.php:219

filteradmin_body_classadmin\class-ip-location-block-admin.php:222

filtergoogle-chartsadmin\class-ip-location-block-admin.php:405

filterplugin_row_metaadmin\class-ip-location-block-admin.php:968

actionadmin_enqueue_scriptsadmin\class-ip-location-block-admin.php:973

actionadmin_noticesadmin\class-ip-location-block-admin.php:976

actionnetwork_admin_noticesadmin\class-ip-location-block-admin.php:977

actionadmin_noticesadmin\class-ip-location-block-admin.php:979

actionadmin_noticesadmin\class-ip-location-block-admin.php:981

actionadmin_noticesadmin\class-ip-location-block-admin.php:983

actionip-location-block-settings-updatedadmin\class-ip-location-block-admin.php:1722

actionshutdownclasses\class-ip-location-block-actv.php:84

filterip-location-block-ip-addrclasses\class-ip-location-block-cron.php:76

actioninitclasses\class-ip-location-block.php:118

actionadmin_initclasses\class-ip-location-block.php:121

actioninitclasses\class-ip-location-block.php:126

actioninitclasses\class-ip-location-block.php:131

actioninitclasses\class-ip-location-block.php:136

actionpre_comment_on_postclasses\class-ip-location-block.php:149

actionpre_trackback_postclasses\class-ip-location-block.php:153

filterpreprocess_commentclasses\class-ip-location-block.php:157

actionbbp_post_request_bbp-new-topicclasses\class-ip-location-block.php:163

actionbbp_post_request_bbp-new-replyclasses\class-ip-location-block.php:164

filterbbp_current_user_can_access_create_topic_formclasses\class-ip-location-block.php:165

filterbbp_current_user_can_access_create_reply_formclasses\class-ip-location-block.php:169

actionlogin_initclasses\class-ip-location-block.php:177

actionbp_core_screen_signupclasses\class-ip-location-block.php:181

actionbp_signup_pre_validateclasses\class-ip-location-block.php:182

actionwp_enqueue_scriptsclasses\class-ip-location-block.php:193

filterwp_redirectclasses\class-ip-location-block.php:197

filterhttp_request_argsclasses\class-ip-location-block.php:198

filterdocument_title_partsclasses\class-ip-location-block.php:736

filterip-location-block-xmlrpcclasses\class-ip-location-block.php:892

filterxmlrpc_login_errorclasses\class-ip-location-block.php:895

actionwp_login_failedclasses\class-ip-location-block.php:948

filtersite_urlclasses\class-ip-location-block.php:957

filterip-location-block-adminclasses\class-ip-location-block.php:1030

filterip-location-block-adminclasses\class-ip-location-block.php:1039

filterip-location-block-adminclasses\class-ip-location-block.php:1077

filterip-location-block-adminclasses\class-ip-location-block.php:1083

actionwpclasses\class-ip-location-block.php:1416

filterip-location-block-publicclasses\class-ip-location-block.php:1422

filterip-location-block-publicclasses\class-ip-location-block.php:1426

filterip-location-block-publicclasses\class-ip-location-block.php:1429

filterip-location-block-ip-addrclasses\class-ip-location-block.php:1432

actionadmin_noticesip-location-block.php:33

actionupgrader_process_completeip-location-block.php:103

actionplugins_loadedip-location-block.php:118

actionplugins_loadedip-location-block.php:124

actionplugins_loadedip-location-block.php:136

actionadmin_noticeswp-content\mu-plugins\ip-location-block-mu.php:34

actionadmin_noticeswp-content\mu-plugins\ip-location-block-mu.php:73

Maintenance & Trust

IP Location Block Maintenance & Trust

Maintenance Signals

WordPress version tested7.0

Last updatedMar 13, 2026

PHP min version

Downloads193K

Community Trust

Rating92/100

Number of ratings33

Active installs10K

Alternatives

IP Location Block Alternatives

IP2Location Country Blocker

ip2location-country-blocker

Blocks unwanted visitors from accessing your frontend (blog pages) or backend (admin area) by countries or proxy servers.

30K 9 CVEs

User IP and Location

user-ip-and-location

100

Want to show your website visitors their IP address, location, and other cool details? This plugin makes it super easy! Now works perfectly with cachi …

3K 1 CVE

Advanced Country Blocker

advanced-country-blocker

An advanced security plugin that blocks website visitors by country, with additional features like blacklisting, logging blocked attempts, admin bypas …

2K 1 CVE

Geo Blocker – Control Site Access by Region and IP

geo-blocker

100

🔐 Block or allow visitors by country. Track access attempts. View analytics. Stay in control — effortlessly.

700 No CVEs

Block Country

block-country

Set country and IP to block your website. You can also set IP address to unblock for any special IP Address.

70 1 unpatched

Developer Profile

IP Location Block Developer Profile

Darko G.

4 plugins · 10K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect IP Location Block

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ip-location-block/css/ip-location-block.css/wp-content/plugins/ip-location-block/js/ip-location-block.js/wp-content/plugins/ip-location-block/css/ip-location-block-admin.css/wp-content/plugins/ip-location-block/js/ip-location-block-admin.js

Version Parameters

ip-location-block/css/ip-location-block.css?ver=ip-location-block/js/ip-location-block.js?ver=ip-location-block/css/ip-location-block-admin.css?ver=ip-location-block/js/ip-location-block-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

ip-location-block-form-fieldip-location-block-log-tableip-location-block-country-flag

HTML Comments

<!-- ADD `/` TO THE TOP OR END OF THIS LINE TO ACTIVATE THE FOLLOWINGS --

Data Attributes

data-ip-location-block-country

JS Globals

ip_location_block_admin_optionsip_location_block_admin_settings

FAQ

IP Location Block Security & Risk Analysis

Is IP Location Block Safe to Use in 2026?

Generally Safe

Key Concerns

IP Location Block Security Vulnerabilities

IP Location Block Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

IP Location Block Attack Surface

AJAX Handlers 1

IP Location Block Maintenance & Trust

Maintenance Signals

Community Trust

IP Location Block Alternatives

IP2Location Country Blocker

User IP and Location

Advanced Country Blocker

Geo Blocker – Control Site Access by Region and IP

Block Country

IP Location Block Developer Profile

How We Detect IP Location Block

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about IP Location Block