[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJjhZVqEp6g-MLkY5u1WuLisw57Vf-g1nZ6HBzg93XMc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":135,"fingerprints":399},"ip-statistic","alx ip statistic","2.3","alxinthome","https:\u002F\u002Fprofiles.wordpress.org\u002Falex27648\u002F","\u003Cp>Receiving ip addresses , browser identifiers, error passwords (disable by default)  of visitors on the login page and if use “shortcode” at any page of the site.  Also work with guest users\u003C\u002Fp>\n\u003Cp>Allows you to save data about visitors to the database for further viewing, and obtaining statistics.\u003Cbr \u002F>\nIn the settings you can specify where you want to receive this data. It is also possible to insert a shortcode on the page or record:\u003C\u002Fp>\n\u003Cp>[ip_statistics]\u003C\u002Fp>\n\u003Cp>When viewed on your login page or on other page (where you insert shortcode), the Data (ip adress and user agent) will be save in database. By default, only login error is logging\u003C\u002Fp>\n\u003Cp>The plugin provides its own admin options page in the WordPress admin. Here you can define options where you whant to use this plugin and see statistics of clients. The plugin’s admin page also provides some tips.\u003C\u002Fp>\n","Receiving ip addresses and browser identifiers of visitors on the login page and on any page of the site.",100,3628,90,2,"2022-04-25T16:42:00.000Z","5.9.13","4.7","5.6",[20,21,22,23,24],"ip","log","security","shortcode","shortcut","https:\u002F\u002Finthome.ml\u002F?page_id=366","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fip-statistic.2.3.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"alex27648",1,30,84,"2026-04-04T15:54:51.165Z",[39,61,79,96,115],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":36,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":59,"download_link":60,"security_score":11,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"expire-user-passwords","Expire User Passwords","1.4.2","Matt Miller","https:\u002F\u002Fprofiles.wordpress.org\u002Fmillermedianow\u002F","\u003Cp>Note: This is a forked version of the now unsupported \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexpire-passwords\u002F\" rel=\"ugc\">Expire Passwords\u003C\u002Fa> plugin. The notes below are copied over from the original plugin and will be updated as relevant updates become available. Please help by contributing to the GitHub repository \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">Expire Passwords\u003C\u002Fa> on GitHub\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fexpire-user-passwords\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Harden the security of your site by preventing unauthorized access to stale user accounts.\u003C\u002Fp>\n\u003Cp>This plugin is also ideal for sites needing to meet certain industry security compliances – such as government, banking or healthcare.\u003C\u002Fp>\n\u003Cp>In the plugin settings you can set the maximum number of days users are allowed to use the same password (90 days by default), as well as which user roles will be required to reset their passwords regularly (non-Administrators by default).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Languages supported:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Albanian (Shqip)\u003C\u002Fli>\n\u003Cli>Arabic (العربية)\u003C\u002Fli>\n\u003Cli>Armenian (Հայերեն)\u003C\u002Fli>\n\u003Cli>Basque (Euskara)\u003C\u002Fli>\n\u003Cli>Bengali (বাংলা)\u003C\u002Fli>\n\u003Cli>Bulgarian (Български)\u003C\u002Fli>\n\u003Cli>Catalan (Català)\u003C\u002Fli>\n\u003Cli>Chinese Simplified (简体中文)\u003C\u002Fli>\n\u003Cli>Croatian (Hrvatski)\u003C\u002Fli>\n\u003Cli>Czech (Čeština)\u003C\u002Fli>\n\u003Cli>Danish (Dansk)\u003C\u002Fli>\n\u003Cli>Dutch (Nederlands)\u003C\u002Fli>\n\u003Cli>Estonian (Eesti)\u003C\u002Fli>\n\u003Cli>Finnish (Suomi)\u003C\u002Fli>\n\u003Cli>French (Français)\u003C\u002Fli>\n\u003Cli>Galician (Galego)\u003C\u002Fli>\n\u003Cli>Georgian (ქართული)\u003C\u002Fli>\n\u003Cli>German (Deutsch)\u003C\u002Fli>\n\u003Cli>Greek (Ελληνικά)\u003C\u002Fli>\n\u003Cli>Hebrew (עברית)\u003C\u002Fli>\n\u003Cli>Hindi (हिन्दी)\u003C\u002Fli>\n\u003Cli>Hungarian (Magyar)\u003C\u002Fli>\n\u003Cli>Indonesian (Bahasa Indonesia)\u003C\u002Fli>\n\u003Cli>Irish (Gaeilge)\u003C\u002Fli>\n\u003Cli>Italian (Italiano)\u003C\u002Fli>\n\u003Cli>Japanese (日本語)\u003C\u002Fli>\n\u003Cli>Korean (한국어)\u003C\u002Fli>\n\u003Cli>Latvian (Latviešu)\u003C\u002Fli>\n\u003Cli>Lithuanian (Lietuvių)\u003C\u002Fli>\n\u003Cli>Macedonian (Македонски)\u003C\u002Fli>\n\u003Cli>Norwegian (Norsk)\u003C\u002Fli>\n\u003Cli>Persian (فارسی)\u003C\u002Fli>\n\u003Cli>Persian – Afghanistan (دری)\u003C\u002Fli>\n\u003Cli>Polish (Polski)\u003C\u002Fli>\n\u003Cli>Portuguese – Brazil (Português do Brasil)\u003C\u002Fli>\n\u003Cli>Portuguese – Portugal (Português)\u003C\u002Fli>\n\u003Cli>Romanian (Română)\u003C\u002Fli>\n\u003Cli>Russian (Русский)\u003C\u002Fli>\n\u003Cli>Serbian (Српски)\u003C\u002Fli>\n\u003Cli>Slovak (Slovenčina)\u003C\u002Fli>\n\u003Cli>Slovenian (Slovenščina)\u003C\u002Fli>\n\u003Cli>Spanish (Español)\u003C\u002Fli>\n\u003Cli>Swedish (Svenska)\u003C\u002Fli>\n\u003Cli>Tamil (தமிழ்)\u003C\u002Fli>\n\u003Cli>Thai (ไทย)\u003C\u002Fli>\n\u003Cli>Turkish (Türkçe)\u003C\u002Fli>\n\u003Cli>Ukrainian (Українська)\u003C\u002Fli>\n\u003Cli>Urdu (اردو)\u003C\u002Fli>\n\u003Cli>Vietnamese (Tiếng Việt)\u003C\u002Fli>\n\u003Cli>Welsh (Cymraeg)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Development of this plugin is done \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>. Pull requests welcome. Please see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMiller-Media\u002Fexpire-passwords\u002Fissues\" rel=\"nofollow ugc\">issues reported\u003C\u002Fa> there before going to the plugin forum.\u003C\u002Fstrong>\u003C\u002Fp>\n","Require certain users to change their passwords on a regular basis.",3000,57937,5,"2026-02-17T09:27:00.000Z","6.9.4","4.0","8.1",[55,56,57,22,58],"login","membership","passwords","users","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpire-user-passwords.1.4.2.zip",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":71,"num_ratings":35,"last_updated":72,"tested_up_to":51,"requires_at_least":73,"requires_php":59,"tags":74,"homepage":77,"download_link":78,"security_score":11,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"cloudguard","CloudGuard","1.4.6","pipdig","https:\u002F\u002Fprofiles.wordpress.org\u002Fpipdig\u002F","\u003Cp>Use the power of the cloud and a global CDN to restrict access to your login page.\u003C\u002Fp>\n\u003Cp>CloudGuard brings global and cloud driven protection to your login page. Using Cloudflare’s free Geolocation service, this super lightweight plugin restricts access to your login page, allowing access to only your chosen countries.  This means that any login attempts from the rest of the world will be automatically blocked.\u003C\u002Fp>\n\u003Cp>Additionally, this plugin tracks any unauthorized login attempts and displays them on a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcloudguard\u002Fscreenshots\u002F\" rel=\"ugc\">world map\u003C\u002Fa> in your dashboard.\u003C\u002Fp>\n\u003Ch3>Main Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Protect your login page globally.\u003C\u002Fli>\n\u003Cli>Reduce server load.\u003C\u002Fli>\n\u003Cli>Country based IP ranges constantly updated by Cloudflare.\u003C\u002Fli>\n\u003Cli>Monitor login attempts via your dashboard.\u003C\u002Fli>\n\u003Cli>Block access to the login page or redirect to a URL.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Cloudflare’s Geolocation?\u003C\u002Fh3>\n\u003Cp>There are other plugins which can \u003Cstrong>restrict your login page by geographic location\u003C\u002Fstrong>. However, these plugins use your server to detect the IP and compare this to a geographic location. This adds extra overhead to your site, takes up space on your server, and requires frequent updates to keep the IP list relevant.\u003C\u002Fp>\n\u003Cp>CloudGuard is different. Since we leverage Cloudflare’s geolocation service, your server simply has to read the data, rather than compute and store it locally. Cloudflare does the grunt work, leaving your site safe, secure and optimized.\u003C\u002Fp>\n\u003Cp>Note: This plugin requires that you have an account (including the free option) on \u003Ca href=\"https:\u002F\u002Fwww.cloudflare.com\" rel=\"nofollow ugc\">Cloudflare\u003C\u002Fa> with \u003Ca href=\"https:\u002F\u002Fsupport.cloudflare.com\u002Fhc\u002Fen-us\u002Farticles\u002F200168236-What-does-Cloudflare-IP-Geolocation-do-\" rel=\"nofollow ugc\">Geolocation\u003C\u002Fa> enabled.\u003C\u002Fp>\n\u003Cp>This free plugin is brought to you by \u003Ca href=\"https:\u002F\u002Fwww.pipdig.co\u002F\" rel=\"nofollow ugc\">pipdig\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fcloudguard?rate=5#postform\" rel=\"ugc\">leaving a 5-star rating\u003C\u002Fa> if this plugin has helped you.\u003C\u002Fp>\n","Use Cloudflare's free geolocation service to restrict access to your site's login page.",1000,28284,98,"2025-12-03T16:06:00.000Z","4.9",[75,76,20,55,22],"cloudflare","geolocation","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcloudguard\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcloudguard.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":11,"num_ratings":89,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":59,"tags":93,"homepage":59,"download_link":95,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"prevent-concurrent-logins","Prevent Concurrent Logins","0.4.0","Frankie Jarrett","https:\u002F\u002Fprofiles.wordpress.org\u002Ffjarrett\u002F","\u003Cp>\u003Cstrong>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fprevent-concurrent-logins\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Deters members\u002Fsubscribers from sharing their accounts with others\u003C\u002Fli>\n\u003Cli>Hardens security by destoying old sessions automatically\u003C\u002Fli>\n\u003Cli>Prompts old sessions to login again if they want to continue\u003C\u002Fli>\n\u003Cli>Ideal for membership sites and web applications\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Important:\u003C\u002Fstrong> If you plan to network-activate this plugin on a multisite network, please install the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fproper-network-activation\u002F\" rel=\"ugc\">Proper Network Activation\u003C\u002Fa> plugin \u003Cem>beforehand\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Development of this plugin is done \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffjarrett\u002Fprevent-concurrent-logins\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>. Pull requests welcome. Please see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffjarrett\u002Fprevent-concurrent-logins\u002Fissues\" rel=\"nofollow ugc\">issues reported\u003C\u002Fa> there before going to the plugin forum.\u003C\u002Fstrong>\u003C\u002Fp>\n","Prevents users from staying logged into the same account from multiple places.",900,17293,17,"2016-08-16T22:21:00.000Z","4.6.30","4.1",[55,56,22,94,58],"sensei","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprevent-concurrent-logins.0.4.0.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":11,"num_ratings":34,"last_updated":106,"tested_up_to":51,"requires_at_least":52,"requires_php":107,"tags":108,"homepage":59,"download_link":114,"security_score":11,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"ip-blocker-lite","IP & Country Blocker Lite","3.0.0","Nurul Islam","https:\u002F\u002Fprofiles.wordpress.org\u002Ffaqnurul\u002F","\u003Cp>IP & Country Blocker Lite is a comprehensive WordPress security plugin that provides multiple layers of protection for your website. Block unwanted visitors based on IP addresses or countries, and add an extra layer of security with two-factor authentication (2FA).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>IP Address Blocking\u003C\u002Fstrong>: Block or allow specific IP addresses, IP ranges, or subnets\u003Cbr \u002F>\n* \u003Cstrong>Country-Based Blocking\u003C\u002Fstrong>: Restrict access based on visitors’ countries\u003Cbr \u002F>\n* \u003Cstrong>Two-Factor Authentication\u003C\u002Fstrong>: Secure admin logins with email-based 2FA or authenticator apps\u003Cbr \u002F>\n* \u003Cstrong>Recovery Codes\u003C\u002Fstrong>: Backup access codes for account recovery\u003Cbr \u002F>\n* \u003Cstrong>Emergency Recovery\u003C\u002Fstrong>: Generate secure recovery URLs to disable the plugin if locked out\u003Cbr \u002F>\n* \u003Cstrong>Advanced Security Dashboard\u003C\u002Fstrong>: Monitor blocked attempts and security events\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Benefits:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Protect against spam, bots, and malicious traffic\u003Cbr \u002F>\n* Prevent brute force attacks on admin login\u003Cbr \u002F>\n* Block entire countries or regions\u003Cbr \u002F>\n* Easy-to-use admin interface with real-time monitoring\u003Cbr \u002F>\n* Lightweight and fast performance\u003Cbr \u002F>\n* No external dependencies for core functionality\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Easy Management:\u003C\u002Fstrong>\u003Cbr \u002F>\n* One-click blocking\u002Funblocking\u003Cbr \u002F>\n* Intuitive admin panel with tabbed interface\u003Cbr \u002F>\n* Real-time activity logs\u003Cbr \u002F>\n* Bulk operations support\u003Cbr \u002F>\n* Custom blocked page templates\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Monitoring & Analytics:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Track blocked IP attempts\u003Cbr \u002F>\n* View country-wise access statistics\u003Cbr \u002F>\n* Monitor security events\u003Cbr \u002F>\n* Export blocking rules\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy & Compliance:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Uses free IP-API.com service for geolocation\u003Cbr \u002F>\n* No personal data storage\u003Cbr \u002F>\n* GDPR compliant\u003Cbr \u002F>\n* Respects user privacy\u003C\u002Fp>\n\u003Ch3>Data Collection & Privacy\u003C\u002Fh3>\n\u003Cp>For transparency, here’s what data the plugin collects and why:\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Essential Data Collection (Always Required for Functionality):\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>IP Addresses\u003C\u002Fstrong>: Collected for security blocking and geolocation features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Enable IP\u002Fcountry blocking, security monitoring, and access control\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Storage\u003C\u002Fstrong>: Temporary (not stored in database, only processed in memory)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Third Parties\u003C\u002Fstrong>: Sent to IP-API.com for country lookup (free service)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Country Information\u003C\u002Fstrong>: Derived from IP addresses via geolocation\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Enable country-based blocking and access statistics\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Storage\u003C\u002Fstrong>: Not stored permanently (only used for blocking decisions)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Third Parties\u003C\u002Fstrong>: Retrieved from IP-API.com (free geolocation service)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Optional Data Collection (Only with User Consent):\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Plugin Usage Statistics\u003C\u002Fstrong>: Anonymous plugin performance data\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Improve plugin quality and fix bugs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Collected\u003C\u002Fstrong>: Plugin version, WordPress version, PHP version, activation date\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Storage\u003C\u002Fstrong>: Remote server (only if user consents)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy\u003C\u002Fstrong>: Completely anonymous, no personal identifiers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>User Feedback\u003C\u002Fstrong>: Plugin reviews and feedback submissions\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Understand user needs and improve features\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Collected\u003C\u002Fstrong>: Feedback text, rating, plugin version, PHP version\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Storage\u003C\u002Fstrong>: Remote server (only if user consents)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy\u003C\u002Fstrong>: Anonymous feedback, no personal data required\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Policy\u003C\u002Fstrong>: http:\u002F\u002Fcodecanvasbd\u002Fprivacy-policy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Data Collection Controls:\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Consent Required\u003C\u002Fstrong>: Optional data collection requires explicit user consent\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Opt-out\u003C\u002Fstrong>: Users can decline consent at any time\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Automatic Collection\u003C\u002Fstrong>: No data sent without user permission\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Transparent Process\u003C\u002Fstrong>: Clear consent modal explains what data is collected\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Third-Party Services:\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>IP-API.com\u003C\u002Fstrong>: Free geolocation service for country detection\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Data sent: Visitor IP addresses\u003C\u002Fli>\n\u003Cli>Purpose: Determine visitor country for blocking features\u003C\u002Fli>\n\u003Cli>Privacy: IP-API.com privacy policy applies\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Remote Analytics Server\u003C\u002Fstrong> (optional, consent required):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Data sent: Anonymous usage statistics\u003C\u002Fli>\n\u003Cli>Purpose: Plugin improvement and support\u003C\u002Fli>\n\u003Cli>Privacy: No personal data, fully anonymous\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>GDPR Compliance:\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>✅ No personal data storage without consent\u003C\u002Fli>\n\u003Cli>✅ Clear consent mechanisms\u003C\u002Fli>\n\u003Cli>✅ Easy opt-out options\u003C\u002Fli>\n\u003Cli>✅ Transparent data practices\u003C\u002Fli>\n\u003Cli>✅ Data minimization principles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Main Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>IP & Country Blocking:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Block specific IP addresses or ranges (CIDR notation supported)\u003Cbr \u002F>\n* Block entire countries or allow only specific countries\u003Cbr \u002F>\n* Whitelist important IPs for access\u003Cbr \u002F>\n* Real-time blocking with immediate effect\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two-Factor Authentication (2FA):\u003C\u002Fstrong>\u003Cbr \u002F>\n* Email-based 2FA for easy setup\u003Cbr \u002F>\n* Authenticator app support (Google Authenticator, Authy, etc.)\u003Cbr \u002F>\n* Recovery codes for account access\u003Cbr \u002F>\n* Secure code generation and validation\u003Cbr \u002F>\n* Admin email verification\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Emergency Recovery System:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Generate secure recovery URLs to disable plugin if locked out\u003Cbr \u002F>\n* Time-limited recovery hashes (24 hours expiration)\u003Cbr \u002F>\n* One-click plugin deactivation via recovery URL\u003Cbr \u002F>\n* Secure hash verification to prevent unauthorized access\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Admin Interface:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Modern, responsive dashboard\u003Cbr \u002F>\n* Tabbed navigation for easy access\u003Cbr \u002F>\n* Real-time statistics and charts\u003Cbr \u002F>\n* Activity logs with filtering\u003Cbr \u002F>\n* Bulk operations for efficiency\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Monitoring:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Track blocked access attempts\u003Cbr \u002F>\n* Country-wise visitor statistics\u003Cbr \u002F>\n* Failed login monitoring\u003Cbr \u002F>\n* Security event logging\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Performance Optimized:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Lightweight codebase\u003Cbr \u002F>\n* Minimal database queries\u003Cbr \u002F>\n* Fast IP lookups\u003Cbr \u002F>\n* Caching support\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin uses the IP-API.com service to detect the user’s location based on their IP address.\u003Cbr \u002F>\n– \u003Cstrong>Service\u003C\u002Fstrong>: IP-API.com (http:\u002F\u002Fip-api.com)\u003Cbr \u002F>\n– \u003Cstrong>Purpose\u003C\u002Fstrong>: IP geolocation for country-based blocking\u003Cbr \u002F>\n– \u003Cstrong>Data Sent\u003C\u002Fstrong>: User’s IP address only\u003Cbr \u002F>\n– \u003Cstrong>Privacy Policy\u003C\u002Fstrong>: http:\u002F\u002Fip-api.com\u002Fdocs\u002Flegal\u003Cbr \u002F>\n– \u003Cstrong>Data Storage\u003C\u002Fstrong>: No personal data is stored by this plugin\u003C\u002Fp>\n\u003Cp>The plugin works without this service but country blocking features will be limited.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, bug reports, or feature requests:\u003Cbr \u002F>\n– \u003Cstrong>WordPress.org Support Forum\u003C\u002Fstrong>: https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fip-blocker-lite\u002F\u003Cbr \u002F>\n– \u003Cstrong>GitHub Issues\u003C\u002Fstrong>: Report bugs and request features\u003Cbr \u002F>\n– \u003Cstrong>Email\u003C\u002Fstrong>: Contact through WordPress.org profile\u003C\u002Fp>\n\u003Ch3>Contributing\u003C\u002Fh3>\n\u003Cp>Contributions are welcome! Please feel free to submit pull requests or open issues on GitHub.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Developer\u003C\u002Fstrong>: Nurul Islam (faqnurul)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Icons\u003C\u002Fstrong>: Dashicons (WordPress)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Geolocation\u003C\u002Fstrong>: IP-API.com (free tier)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Charts\u003C\u002Fstrong>: Chart.js library\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003Cbr \u002F>\nLicense URI: http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fp>\n\u003Cp>Take control of your website’s security and protect it from unwanted visitors with IP & Country Blocker Lite!\u003C\u002Fp>\n","Advanced WordPress security plugin with IP\u002Fcountry blocking and two-factor authentication for comprehensive website protection.",300,1883,"2026-01-05T16:17:00.000Z","7.0",[109,110,111,112,113],"country-blocker","ip-blocker","login-security","two-factor-authentication","website-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fip-blocker-lite.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":28,"num_ratings":28,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":128,"tags":129,"homepage":132,"download_link":133,"security_score":134,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"ip-informant-logger","IP Informant Logger","1.27","whittakerj","https:\u002F\u002Fprofiles.wordpress.org\u002Fwhittakerj\u002F","\u003Cp>IP Informant Logger is a WordPress plugin that logs and displays visitor IP addresses. This tool is essential for website administrators who wish to monitor their site’s traffic and enhance security measures.\u003C\u002Fp>\n\u003Cp>Key Features:\u003Cbr \u002F>\n– Log visitor IPs\u003Cbr \u002F>\n– Display logged IP addresses in the WordPress admin\u003Cbr \u002F>\n– Integration with IPinfo.io for detailed IP information\u003C\u002Fp>\n","Logs and displays visitor IP addresses for website security and monitoring.",40,1672,"2024-04-22T16:37:00.000Z","6.5.8","5.0","7.2",[20,130,22,131],"logging","visitors","https:\u002F\u002Fjeremywhittaker.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fip-informant-logger.1.27.zip",92,{"attackSurface":136,"codeSignals":185,"taintFlows":384,"riskAssessment":385,"analyzedAt":398},{"hooks":137,"ajaxHandlers":177,"restRoutes":178,"shortcodes":179,"cronEvents":184,"entryPointCount":34,"unprotectedCount":28},[138,144,148,151,155,160,164,168,172],{"type":139,"name":140,"callback":141,"file":142,"line":143},"action","admin_init","ip_statistic_init","ip-statics.php",25,{"type":139,"name":145,"callback":146,"file":142,"line":147},"admin_notices","my_acf_admin_notice",34,{"type":139,"name":140,"callback":149,"file":142,"line":150},"register_ip_statistic_mysettings",110,{"type":139,"name":152,"callback":153,"file":142,"line":154},"admin_menu","ipsettings_admin_menu_setup",128,{"type":156,"name":157,"callback":158,"priority":14,"file":142,"line":159},"filter","plugin_action_links","ip_statistic_settings_link",132,{"type":139,"name":161,"callback":162,"file":142,"line":163},"wp_login","ip_statistic_login",321,{"type":139,"name":165,"callback":166,"file":142,"line":167},"login_footer","ip_statistic_showlogin",326,{"type":139,"name":169,"callback":170,"file":142,"line":171},"wp_login_failed","ip_statistic_errlogin",331,{"type":139,"name":173,"callback":174,"priority":175,"file":142,"line":176},"wp_authenticate","catch_nonexist_user",10,580,[],[],[180],{"tag":181,"callback":182,"file":142,"line":183},"ip_statistics","ip_statistics_function",368,[],{"dangerousFunctions":186,"sqlUsage":187,"outputEscaping":254,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":383},[],{"prepared":188,"raw":189,"locations":190},4,29,[191,194,196,198,200,202,204,206,208,210,212,215,217,219,222,224,226,228,230,232,234,236,238,240,242,244,246,248,252],{"file":142,"line":192,"context":193},408,"$wpdb->get_var() with variable interpolation",{"file":142,"line":195,"context":193},409,{"file":142,"line":197,"context":193},413,{"file":142,"line":199,"context":193},414,{"file":142,"line":201,"context":193},418,{"file":142,"line":203,"context":193},419,{"file":142,"line":205,"context":193},423,{"file":142,"line":207,"context":193},424,{"file":142,"line":209,"context":193},429,{"file":142,"line":211,"context":193},430,{"file":142,"line":213,"context":214},445,"$wpdb->get_results() with variable interpolation",{"file":142,"line":216,"context":214},447,{"file":142,"line":218,"context":214},448,{"file":142,"line":220,"context":221},451,"$wpdb->get_row() with variable interpolation",{"file":142,"line":223,"context":193},512,{"file":142,"line":225,"context":193},513,{"file":142,"line":227,"context":193},517,{"file":142,"line":229,"context":193},518,{"file":142,"line":231,"context":193},522,{"file":142,"line":233,"context":193},523,{"file":142,"line":235,"context":193},527,{"file":142,"line":237,"context":193},528,{"file":142,"line":239,"context":193},532,{"file":142,"line":241,"context":193},533,{"file":142,"line":243,"context":214},548,{"file":142,"line":245,"context":214},549,{"file":142,"line":247,"context":221},553,{"file":249,"line":250,"context":251},"opt.php",20,"$wpdb->query() with variable interpolation",{"file":249,"line":253,"context":251},23,{"escaped":255,"rawEcho":256,"locations":257},24,64,[258,261,263,265,267,269,271,273,275,277,279,281,283,285,287,289,291,293,295,297,299,301,303,305,307,309,311,313,315,317,319,321,323,325,327,329,331,333,335,337,339,341,343,345,347,349,351,353,355,356,358,360,362,364,366,368,370,372,374,376,377,379,381,382],{"file":142,"line":259,"context":260},32,"raw output",{"file":142,"line":262,"context":260},149,{"file":142,"line":264,"context":260},154,{"file":142,"line":266,"context":260},155,{"file":142,"line":268,"context":260},159,{"file":142,"line":270,"context":260},160,{"file":142,"line":272,"context":260},164,{"file":142,"line":274,"context":260},165,{"file":142,"line":276,"context":260},168,{"file":142,"line":278,"context":260},169,{"file":142,"line":280,"context":260},171,{"file":142,"line":282,"context":260},172,{"file":142,"line":284,"context":260},174,{"file":142,"line":286,"context":260},175,{"file":142,"line":288,"context":260},177,{"file":142,"line":290,"context":260},180,{"file":142,"line":292,"context":260},181,{"file":142,"line":294,"context":260},183,{"file":142,"line":296,"context":260},184,{"file":142,"line":298,"context":260},195,{"file":142,"line":300,"context":260},197,{"file":142,"line":302,"context":260},202,{"file":142,"line":304,"context":260},203,{"file":142,"line":306,"context":260},219,{"file":142,"line":308,"context":260},220,{"file":142,"line":310,"context":260},221,{"file":142,"line":312,"context":260},230,{"file":142,"line":314,"context":260},238,{"file":142,"line":316,"context":260},257,{"file":142,"line":318,"context":260},258,{"file":142,"line":320,"context":260},259,{"file":142,"line":322,"context":260},260,{"file":142,"line":324,"context":260},261,{"file":142,"line":326,"context":260},266,{"file":142,"line":328,"context":260},274,{"file":142,"line":330,"context":260},281,{"file":142,"line":332,"context":260},288,{"file":142,"line":334,"context":260},295,{"file":142,"line":336,"context":260},309,{"file":142,"line":338,"context":260},310,{"file":142,"line":340,"context":260},383,{"file":142,"line":342,"context":260},386,{"file":142,"line":344,"context":260},387,{"file":142,"line":346,"context":260},389,{"file":142,"line":348,"context":260},439,{"file":142,"line":350,"context":260},458,{"file":142,"line":352,"context":260},463,{"file":142,"line":354,"context":260},464,{"file":142,"line":354,"context":260},{"file":142,"line":357,"context":260},465,{"file":142,"line":359,"context":260},487,{"file":142,"line":361,"context":260},490,{"file":142,"line":363,"context":260},491,{"file":142,"line":365,"context":260},492,{"file":142,"line":367,"context":260},494,{"file":142,"line":369,"context":260},542,{"file":142,"line":371,"context":260},560,{"file":142,"line":373,"context":260},565,{"file":142,"line":375,"context":260},566,{"file":142,"line":375,"context":260},{"file":142,"line":378,"context":260},567,{"file":249,"line":380,"context":260},28,{"file":249,"line":189,"context":260},{"file":249,"line":35,"context":260},[],[],{"summary":386,"deductions":387},"The \"ip-statistic\" plugin v2.3 exhibits a mixed security posture.  On the positive side, the static analysis reveals a very small attack surface with no apparent AJAX handlers or REST API routes exposed without authentication.  Furthermore, there are no recorded CVEs or known vulnerabilities, suggesting a history of stable and secure development.  The absence of dangerous functions, file operations, and external HTTP requests is also a good sign.\n\nHowever, significant concerns arise from the code analysis. A low percentage of SQL queries are using prepared statements, indicating a potential for SQL injection vulnerabilities. The output escaping is also alarmingly low, with only 27% of outputs properly escaped, posing a risk of cross-site scripting (XSS) attacks. The complete absence of nonce checks and capability checks on its single entry point (a shortcode) is a major security gap, as it allows any user, regardless of their role or permissions, to potentially trigger the plugin's functionality, which could then be exploited through the insecure SQL queries or unescaped outputs.\n\nWhile the plugin has no reported vulnerability history, the internal code practices expose it to common web vulnerabilities. The low number of prepared statements and insufficient output escaping, combined with the lack of authorization checks on its primary entry point, represent the most critical weaknesses. The plugin needs substantial improvements in secure coding practices to mitigate these risks.",[388,390,393,396],{"reason":389,"points":175},"Low percentage of prepared statements for SQL",{"reason":391,"points":392},"Low percentage of properly escaped output",8,{"reason":394,"points":395},"No nonce checks on entry points",7,{"reason":397,"points":395},"No capability checks on entry points","2026-03-16T21:14:28.597Z",{"wat":400,"direct":406},{"assetPaths":401,"generatorPatterns":403,"scriptPaths":404,"versionParams":405},[402],"\u002Fwp-content\u002Fplugins\u002Fip-statistic\u002Fincludes\u002Fcss\u002Fplugi.css",[],[],[],{"cssClasses":407,"htmlComments":408,"htmlAttributes":409,"restEndpoints":412,"jsGlobals":413,"shortcodeOutput":417},[],[],[410,411],"data-ip-statistic-login","data-ip-statistic-login-error",[],[414,415,416],"ip_statistic_login_array","ip_statistic_err_login_array","ip_statistic_showlogin_array",[418],"[ip_statistic_show]"]