[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsFerbR5JqYLi4W9RlM2152qYAK-Z9QOHDKXa8sDPZYc":3,"$fze5NkrFtGeOQVeAtvaT-XWK7OyswjJteaKmpmr4r6Q8":255,"$ffeAtm3yHenR3PE4QQvoS02JbxbgDD2DAUS91tj06mW8":259},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":37,"analysis":142,"fingerprints":235},"mr-blocker","Mr Blocker","1.2","Mohamed Al-Lawati","https:\u002F\u002Fprofiles.wordpress.org\u002Flawaty1\u002F","\u003Cp>Your website might get a suspicious traffic from certain countries and this plugin is very easy to use , Just to block the unwanted traffic and to keep your website safe , It is a very simple tool to block the annoying traffic , Just check the boxes then block the annoying\u002Fsuspicious traffic coming from unwanted countries .\u003C\u002Fp>\n","It is a very simple tool to block the annoying traffic , Just check the boxes then block the annoying\u002Fsuspicious traffic coming from unwanted countrie &hellip;",10,1346,100,3,"2017-11-28T01:08:00.000Z","4.9.29","3.3","",[20,21,22],"block-countries","ip-blocker","website-security","http:\u002F\u002Fmrblocker.extraviews.co","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmr-blocker.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"lawaty1",1,30,84,"2026-05-19T21:16:01.242Z",[38,57,82,103,121],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":13,"num_ratings":33,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":18,"download_link":56,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"ip-blocker-lite","IP & Country Blocker Lite","3.0.0","Nurul Islam","https:\u002F\u002Fprofiles.wordpress.org\u002Ffaqnurul\u002F","\u003Cp>IP & Country Blocker Lite is a comprehensive WordPress security plugin that provides multiple layers of protection for your website. Block unwanted visitors based on IP addresses or countries, and add an extra layer of security with two-factor authentication (2FA).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>IP Address Blocking\u003C\u002Fstrong>: Block or allow specific IP addresses, IP ranges, or subnets\u003Cbr \u002F>\n* \u003Cstrong>Country-Based Blocking\u003C\u002Fstrong>: Restrict access based on visitors’ countries\u003Cbr \u002F>\n* \u003Cstrong>Two-Factor Authentication\u003C\u002Fstrong>: Secure admin logins with email-based 2FA or authenticator apps\u003Cbr \u002F>\n* \u003Cstrong>Recovery Codes\u003C\u002Fstrong>: Backup access codes for account recovery\u003Cbr \u002F>\n* \u003Cstrong>Emergency Recovery\u003C\u002Fstrong>: Generate secure recovery URLs to disable the plugin if locked out\u003Cbr \u002F>\n* \u003Cstrong>Advanced Security Dashboard\u003C\u002Fstrong>: Monitor blocked attempts and security events\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Benefits:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Protect against spam, bots, and malicious traffic\u003Cbr \u002F>\n* Prevent brute force attacks on admin login\u003Cbr \u002F>\n* Block entire countries or regions\u003Cbr \u002F>\n* Easy-to-use admin interface with real-time monitoring\u003Cbr \u002F>\n* Lightweight and fast performance\u003Cbr \u002F>\n* No external dependencies for core functionality\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Easy Management:\u003C\u002Fstrong>\u003Cbr \u002F>\n* One-click blocking\u002Funblocking\u003Cbr \u002F>\n* Intuitive admin panel with tabbed interface\u003Cbr \u002F>\n* Real-time activity logs\u003Cbr \u002F>\n* Bulk operations support\u003Cbr \u002F>\n* Custom blocked page templates\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Monitoring & Analytics:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Track blocked IP attempts\u003Cbr \u002F>\n* View country-wise access statistics\u003Cbr \u002F>\n* Monitor security events\u003Cbr \u002F>\n* Export blocking rules\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy & Compliance:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Uses free IP-API.com service for geolocation\u003Cbr \u002F>\n* No personal data storage\u003Cbr \u002F>\n* GDPR compliant\u003Cbr \u002F>\n* Respects user privacy\u003C\u002Fp>\n\u003Ch3>Data Collection & Privacy\u003C\u002Fh3>\n\u003Cp>For transparency, here’s what data the plugin collects and why:\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Essential Data Collection (Always Required for Functionality):\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>IP Addresses\u003C\u002Fstrong>: Collected for security blocking and geolocation features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Enable IP\u002Fcountry blocking, security monitoring, and access control\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Storage\u003C\u002Fstrong>: Temporary (not stored in database, only processed in memory)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Third Parties\u003C\u002Fstrong>: Sent to IP-API.com for country lookup (free service)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Country Information\u003C\u002Fstrong>: Derived from IP addresses via geolocation\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Enable country-based blocking and access statistics\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Storage\u003C\u002Fstrong>: Not stored permanently (only used for blocking decisions)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Third Parties\u003C\u002Fstrong>: Retrieved from IP-API.com (free geolocation service)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Optional Data Collection (Only with User Consent):\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Plugin Usage Statistics\u003C\u002Fstrong>: Anonymous plugin performance data\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Improve plugin quality and fix bugs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Collected\u003C\u002Fstrong>: Plugin version, WordPress version, PHP version, activation date\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Storage\u003C\u002Fstrong>: Remote server (only if user consents)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy\u003C\u002Fstrong>: Completely anonymous, no personal identifiers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>User Feedback\u003C\u002Fstrong>: Plugin reviews and feedback submissions\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Understand user needs and improve features\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Collected\u003C\u002Fstrong>: Feedback text, rating, plugin version, PHP version\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Storage\u003C\u002Fstrong>: Remote server (only if user consents)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy\u003C\u002Fstrong>: Anonymous feedback, no personal data required\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Policy\u003C\u002Fstrong>: http:\u002F\u002Fcodecanvasbd\u002Fprivacy-policy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Data Collection Controls:\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Consent Required\u003C\u002Fstrong>: Optional data collection requires explicit user consent\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Opt-out\u003C\u002Fstrong>: Users can decline consent at any time\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Automatic Collection\u003C\u002Fstrong>: No data sent without user permission\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Transparent Process\u003C\u002Fstrong>: Clear consent modal explains what data is collected\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Third-Party Services:\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>IP-API.com\u003C\u002Fstrong>: Free geolocation service for country detection\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Data sent: Visitor IP addresses\u003C\u002Fli>\n\u003Cli>Purpose: Determine visitor country for blocking features\u003C\u002Fli>\n\u003Cli>Privacy: IP-API.com privacy policy applies\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Remote Analytics Server\u003C\u002Fstrong> (optional, consent required):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Data sent: Anonymous usage statistics\u003C\u002Fli>\n\u003Cli>Purpose: Plugin improvement and support\u003C\u002Fli>\n\u003Cli>Privacy: No personal data, fully anonymous\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>GDPR Compliance:\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>✅ No personal data storage without consent\u003C\u002Fli>\n\u003Cli>✅ Clear consent mechanisms\u003C\u002Fli>\n\u003Cli>✅ Easy opt-out options\u003C\u002Fli>\n\u003Cli>✅ Transparent data practices\u003C\u002Fli>\n\u003Cli>✅ Data minimization principles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Main Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>IP & Country Blocking:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Block specific IP addresses or ranges (CIDR notation supported)\u003Cbr \u002F>\n* Block entire countries or allow only specific countries\u003Cbr \u002F>\n* Whitelist important IPs for access\u003Cbr \u002F>\n* Real-time blocking with immediate effect\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two-Factor Authentication (2FA):\u003C\u002Fstrong>\u003Cbr \u002F>\n* Email-based 2FA for easy setup\u003Cbr \u002F>\n* Authenticator app support (Google Authenticator, Authy, etc.)\u003Cbr \u002F>\n* Recovery codes for account access\u003Cbr \u002F>\n* Secure code generation and validation\u003Cbr \u002F>\n* Admin email verification\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Emergency Recovery System:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Generate secure recovery URLs to disable plugin if locked out\u003Cbr \u002F>\n* Time-limited recovery hashes (24 hours expiration)\u003Cbr \u002F>\n* One-click plugin deactivation via recovery URL\u003Cbr \u002F>\n* Secure hash verification to prevent unauthorized access\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Admin Interface:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Modern, responsive dashboard\u003Cbr \u002F>\n* Tabbed navigation for easy access\u003Cbr \u002F>\n* Real-time statistics and charts\u003Cbr \u002F>\n* Activity logs with filtering\u003Cbr \u002F>\n* Bulk operations for efficiency\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Monitoring:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Track blocked access attempts\u003Cbr \u002F>\n* Country-wise visitor statistics\u003Cbr \u002F>\n* Failed login monitoring\u003Cbr \u002F>\n* Security event logging\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Performance Optimized:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Lightweight codebase\u003Cbr \u002F>\n* Minimal database queries\u003Cbr \u002F>\n* Fast IP lookups\u003Cbr \u002F>\n* Caching support\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin uses the IP-API.com service to detect the user’s location based on their IP address.\u003Cbr \u002F>\n– \u003Cstrong>Service\u003C\u002Fstrong>: IP-API.com (http:\u002F\u002Fip-api.com)\u003Cbr \u002F>\n– \u003Cstrong>Purpose\u003C\u002Fstrong>: IP geolocation for country-based blocking\u003Cbr \u002F>\n– \u003Cstrong>Data Sent\u003C\u002Fstrong>: User’s IP address only\u003Cbr \u002F>\n– \u003Cstrong>Privacy Policy\u003C\u002Fstrong>: http:\u002F\u002Fip-api.com\u002Fdocs\u002Flegal\u003Cbr \u002F>\n– \u003Cstrong>Data Storage\u003C\u002Fstrong>: No personal data is stored by this plugin\u003C\u002Fp>\n\u003Cp>The plugin works without this service but country blocking features will be limited.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, bug reports, or feature requests:\u003Cbr \u002F>\n– \u003Cstrong>WordPress.org Support Forum\u003C\u002Fstrong>: https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fip-blocker-lite\u002F\u003Cbr \u002F>\n– \u003Cstrong>GitHub Issues\u003C\u002Fstrong>: Report bugs and request features\u003Cbr \u002F>\n– \u003Cstrong>Email\u003C\u002Fstrong>: Contact through WordPress.org profile\u003C\u002Fp>\n\u003Ch3>Contributing\u003C\u002Fh3>\n\u003Cp>Contributions are welcome! Please feel free to submit pull requests or open issues on GitHub.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Developer\u003C\u002Fstrong>: Nurul Islam (faqnurul)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Icons\u003C\u002Fstrong>: Dashicons (WordPress)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Geolocation\u003C\u002Fstrong>: IP-API.com (free tier)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Charts\u003C\u002Fstrong>: Chart.js library\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003Cbr \u002F>\nLicense URI: http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fp>\n\u003Cp>Take control of your website’s security and protect it from unwanted visitors with IP & Country Blocker Lite!\u003C\u002Fp>\n","Advanced WordPress security plugin with IP\u002Fcountry blocking and two-factor authentication for comprehensive website protection.",400,2077,"2026-01-05T16:17:00.000Z","6.9.4","4.0","7.0",[53,21,54,55,22],"country-blocker","login-security","two-factor-authentication","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fip-blocker-lite.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":49,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":77,"download_link":78,"security_score":79,"vuln_count":80,"unpatched_count":26,"last_vuln_date":81,"fetched_at":28},"iq-block-country","iQ Block Country","1.2.26","Pascal","https:\u002F\u002Fprofiles.wordpress.org\u002Fiqpascal\u002F","\u003Cp>iQ Block Country is a plugin that allows you to limit access to your website content. You can either allow or disallow visitors from defined countries to (parts of) your content.\u003C\u002Fp>\n\u003Cp>For instance if you have content that should be restricted to a limited set of countries you can do so.\u003Cbr \u002F>\nIf you want to block rogue countries that cause issues like for instance hack attempts, spamming of your comments etc you can block them as well.\u003C\u002Fp>\n\u003Cp>Do you want secure your WordPress Admin backend site to only your country? Entirely possible! You can even block all countries and only allow your ip address.\u003C\u002Fp>\n\u003Cp>And even if you block a country you can still allow certain visitors by putting their ip address on the allow list just like you can allow a country but put ip addresses on the block list from that country.\u003C\u002Fp>\n\u003Cp>You can show blocked visitors a message which you can style by using CSS or you can redirect them to a page within your WordPress site. Or you can redirect the visitors to an external website.\u003C\u002Fp>\n\u003Cp>You can (dis)allow visitors to blog articles, blog categories or pages or all content.\u003C\u002Fp>\n\u003Cp>Stop visitors from doing harmful things on your WordPress site or limit the countries that can access your blog. Add an additional layer of security to your WordPress site.\u003C\u002Fp>\n\u003Cp>This plugin uses the GeoLite database from Maxmind. It has a 99.5% accuracy so that is pretty good for a free database. If you need higher accuracy you can buy a license from MaxMind directly.\u003Cbr \u002F>\nIf you cannot or do not want to download the GeoIP database from Maxmind you can use the GeoIP API website available on https:\u002F\u002Fwebence.net\u002F\u003Cbr \u002F>\nIf you want to use the GeoLite database from Maxmind you will have to download the GeoIP database from MaxMind directly and upload it to your site.\u003Cbr \u002F>\nThe WordPress license does not allow this plugin to download the MaxMind Geo database for you.\u003C\u002Fp>\n\u003Cp>Please be aware that although this plugin can help you greatly with reducing the number of ‘bad’ visitors on your website it is not fool proof and those who really want to visit your site may find a away.\u003Cbr \u002F>\nThis is not a security issue but a simple fact of today. Nobody can guarantee you 100% security as it is a constant battle between the good guys and the bad guys.\u003C\u002Fp>\n\u003Cp>If you are sure your webhosting or yourself does not use any form of caching or proxying we recommend setting the “Override IP information” on the Home tab to REMOTE_ADDR\u003C\u002Fp>\n\u003Cp>Do you need help with this plugin? Please email support@webence.net.\u003C\u002Fp>\n\u003Ch4>GDPR Information\u003C\u002Fh4>\n\u003Cp>This plugin stores data about your visitors in your local WordPress database. The number of days this data is stores can be configured on the settings page. You can also disable logging any data.\u003C\u002Fp>\n\u003Cp>Data which is stored of blocked visitors:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>IP Address\u003C\u002Fli>\n\u003Cli>Date and time of the visit\u003C\u002Fli>\n\u003Cli>URL that was requested\u003C\u002Fli>\n\u003Cli>Country of the IP address\u003C\u002Fli>\n\u003Cli>If the block happened on your backend or your frontend\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Data which is stored on non blocked visitors:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Nothing\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you allow tracking (yeah if you do!) you share some information with us. This is only the IP address of a blocked request on your backend. No other information is send and only the IP address is logged on our systems to gather how many times that IP address have attempted to login to a backend. We do not log which site was visited or which URL just only the IP address So we cannot lead an ip address back to a specific website or user. If an IP address is not blocked again within a month we will remove the IP address from the list.\u003C\u002Fp>\n\u003Cp>If you use the GeoIP API service you send the IP address of your visitor to one of our servers. This IP Address is however in no way stored at our servers and only used to convert it to a country id.\u003C\u002Fp>\n\u003Ch4>Using this plugin with a caching plugin\u003C\u002Fh4>\n\u003Cp>Please note that many of the caching plugins are not compatible with this plugin. The nature of caching is that a dynamically build web page is cached into a static page.\u003Cbr \u002F>\n If a visitor is blocked this plugin sends header data where it supplies info that the page should not be cached. Many plugins however disregard this info and cache the page or the redirect. Resulting in valid visitors receiving a message that they are blocked. This is not a malfunction of this plugin.\u003C\u002Fp>\n\u003Cp>Disclaimer: No guarantees are made but after some light testing the following caching plugins seem to work: Comet Cache, WP Super Cache\u003Cbr \u002F>\nPlugins that do NOT work: W3 Total Cache, Hyper cache, WPRocket\u003C\u002Fp>\n\u003Cp>Warning: Caching & Geo Blocking do not work well together.\u003C\u002Fp>\n\u003Cp>In the best case scenario countries or IP’s you want to block get served a page from cache and when visiting non cached pages they get blocked. This is due to the fact when pages are served from cache the iQ Block Country plugin does not get started and can’t do it’s job.\u003C\u002Fp>\n\u003Cp>If the caching plugin however ignores the caching headers you risk the chance that the block message gets cached and everyone gets to see they are blocked even the countries that you did not block.\u003C\u002Fp>\n\u003Cp>If you’re fine with blocked countries getting served the page from cache then you’re fine using the iQ Block Country plugin.\u003C\u002Fp>\n\u003Cp>If you’re not you should disable either the cache or the Geo Blocking. Or search for another solution outside WordPress (for instance by using the Varnish software) where you can GeoBlock at a caching level.\u003C\u002Fp>\n\u003Ch3>GeoIP API\u003C\u002Fh3>\n\u003Cp>For your convenience we offer a GeoIP API service. This API is not mandatory to use as you can always use the free MaxMind GeoIP Database.\u003C\u002Fp>\n\u003Cp>If you do not want or can’t go through the hassle of updating your MaxMind GeoIP database we provide an API service to convert the IP address of your visitors to a country.\u003C\u002Fp>\n\u003Cp>If you decide to purchase an GeoIP API Key via https:\u002F\u002Fwebence.net you’ll get an eMail with your API Key (License Key).\u003Cbr \u002F>\nOnce you enter this key in your iQ Block Country settings your license key will be validated at our API service and a the nearest API server to you will be chosen. To do this your website will contact all API servers once to request\u003Cbr \u002F>\nan empty file.\u003C\u002Fp>\n\u003Cp>Once you use the API service the IP address of your visitors and your API key are send to one of the API servers and converted to a country. The plugin checks if the visitor should be blocked based on that country or not.\u003C\u002Fp>\n\u003Cp>What is logged on our end?\u003Cbr \u002F>\n* Upon validation of your license key your request will be logged in our webserver logs. (This will be the IP address of your webserver).\u003Cbr \u002F>\n* Upon checking an IP address of your visitor this IP address is only used to convert it to the country it belongs to and is not logged. We have no way to link a visitors IP address to your website.\u003Cbr \u002F>\n  What is logged is your API Key and the Website URL making the request.\u003C\u002Fp>\n\u003Cp>If you decide to purchase the GeoIP API key your chosen payment account will be charged by on a time basis. This subscription will not renew itself unless you subscribed to our service prior to September 2024.\u003C\u002Fp>\n\u003Cp>Privacy policy regarding this service specific can be found here: https:\u002F\u002Fwebence.nl\u002Fwp-content\u002Fuploads\u002F2022\u002F06\u002FPrivacy-Policy-Webence-API.pdf\u003C\u002Fp>\n\u003Ch3>MaxMind Database Usage\u003C\u002Fh3>\n\u003Cp>This plugin uses the Free version of the MaxMind GeoIP2 Country Database. You can also use the paid version but will have to make sure it is uploaded to the same location with the filename of Free database.\u003C\u002Fp>\n\u003Cp>MaxMind Terms of Use: https:\u002F\u002Fwww.maxmind.com\u002Fen\u002Fterms-of-use\u003Cbr \u002F>\nMaxMind Privacy Policy: https:\u002F\u002Fwww.maxmind.com\u002Fen\u002Fprivacy-policy\u003C\u002Fp>\n","Allow or disallow visitors from certain countries accessing (parts of) your website",20000,1197407,78,163,"2026-03-13T14:42:00.000Z","3.5.2","7.4",[73,74,20,75,76],"ban-countries","block","block-spam","geoblocking","https:\u002F\u002Fwebence.net\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fiq-block-country.1.2.26.zip",99,5,"2022-09-26 00:00:00",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":67,"num_ratings":92,"last_updated":93,"tested_up_to":94,"requires_at_least":95,"requires_php":18,"tags":96,"homepage":101,"download_link":102,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"lockdown-wp-admin","Lockdown WP Admin","2.3.2","Sean Fisher","https:\u002F\u002Fprofiles.wordpress.org\u002Fsean212\u002F","\u003Cp>This plugin will hide WordPress Admin (\u002Fwp-admin\u002F) when a user isn’t logged in. If a user isn’t logged in and they attempt to access WP Admin directly, they will be unable to and it will return a 404. It can also rename the login URL.\u003C\u002Fp>\n\u003Cp>Also, you can add HTTP authentication directly from WP Admin and add custom username\u002Fpassword combinations for the HTTP auth or use the WordPress credentials.\u003C\u002Fp>\n\u003Cp>This doesn’t touch any .htaccess files or change the WordPress core files. All the CSS\u002FImages under \u002Fwp-admin\u002F are still accessible, just not the .php ones.\u003C\u002Fp>\n\u003Cp>If you enable HTTP authentication, it will add HTTP authentication to the PHP files in \u002Fwp-admin\u002F.\u003C\u002Fp>\n\u003Cp>To contribute to the development, check out \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsrtfisher\u002FLockdown-WPAdmin\" rel=\"nofollow ugc\">the GitHub Repository\u003C\u002Fa>.\u003C\u002Fp>\n","Lockdown WP Admin conceals the administration and login screen from intruders. It can hide WordPress Admin (\u002Fwp-admin\u002F) and and login (\u002Fwp-login.",10000,340612,54,"2017-11-28T06:00:00.000Z","4.3.34","3.6",[97,98,99,100,22],"lockdown","secure","security","vulnerability","http:\u002F\u002Fseanfisher.co\u002Flockdown-wp-admin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flockdown-wp-admin.2.3.2.zip",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":13,"num_ratings":80,"last_updated":113,"tested_up_to":49,"requires_at_least":114,"requires_php":115,"tags":116,"homepage":119,"download_link":120,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"crowdsec","CrowdSec","2.13.1","CrowdSec - lightweight and collaborative security engine","https:\u002F\u002Fprofiles.wordpress.org\u002Fcrowdsec\u002F","\u003Cp>The CrowdSec plugin proactively blocks requests coming from known attackers.\u003Cbr \u002F>\nIt does so by either directly using CrowdSec Blocklists Integration or by connecting to your CrowdSec Security Engine.\u003C\u002Fp>\n\u003Ch4>Key Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Instant CrowdSec Blocklist\u003C\u002Fstrong>: Quickly block known WordPress attackers in a few clicks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detect and block\u003C\u002Fstrong> admin bruteforce attempts and scans of your WordPress Site.\u003C\u002Fli>\n\u003Cli>Remediation metrics: Enabling you to see the efficiency of the protection.\u003C\u002Fli>\n\u003Cli>(Console Users) Plug any of your existing Blocklist Integrations.\u003C\u002Fli>\n\u003Cli>(CrowdSec Security Engine Users) Apply decisions and subscribed blocklist of your security engine within WordPress.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Block aggressive IPs\u003C\u002Fli>\n\u003Cli>Display a captcha for less aggressive IPs\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin blocks detected attackers or displays them a captcha to check they are not bots.",2000,58779,"2026-01-09T01:11:00.000Z","4.9","7.2",[117,104,118,21,99],"captcha","hacker-protection","https:\u002F\u002Fgithub.com\u002Fcrowdsecurity\u002Fcs-wordpress-bouncer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcrowdsec.2.13.1.zip",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":131,"num_ratings":132,"last_updated":133,"tested_up_to":49,"requires_at_least":134,"requires_php":135,"tags":136,"homepage":140,"download_link":141,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"advanced-ip-blocker","Advanced IP Blocker","8.9.12","IniLerm","https:\u002F\u002Fprofiles.wordpress.org\u002Finilerm\u002F","\u003Cp>\u003Cstrong>Advanced IP Blocker\u003C\u002Fstrong> is your all-in-one security solution to safeguard your WordPress website from a wide range of threats. This plugin provides a comprehensive suite of tools to automatically detect and block malicious activity, including brute-force attacks, vulnerability scanning, and spam bots. With its intuitive interface, you can easily manage whitelists, blocklists, and view detailed security logs to understand exactly how your site is being protected.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Important Note on PHP Version:\u003C\u002Fstrong>\u003Cbr \u002F>\n  To ensure maximum security and access to all features, we strongly recommend using \u003Cstrong>PHP 8.1 or higher\u003C\u002Fstrong>. Some advanced features (like the local MaxMind database or full 2FA management via WP-CLI) require PHP 8.1.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n*   \u003Cstrong>(NEW) Granular JS Challenge Modes:\u003C\u002Fstrong> You can now choose exactly how the security challenge behaves. Select “Managed” for ultimate security requiring human interaction (a checkbox), or “Automatic” for an invisible, transparent Proof-of-Work execution that stops bots silently. Apply different modes per module!\u003Cbr \u002F>\n*   \u003Cstrong>(NEW) Country Selector Copy\u002FPaste:\u003C\u002Fstrong> Say goodbye to manually selecting 50+ countries. You can now instantly copy and paste a raw list of 2-letter country codes directly into Geoblocking, Geo-Challenge, and Whitelist Login fields.\u003Cbr \u002F>\n*   \u003Cstrong>(NEW) AIB Cloud Network V3:\u003C\u002Fstrong> Upgrade to the next-generation distributed threat intelligence network. The new API V3 provides secure, individual API Keys per site, drastically improving synchronization reliability, threat telemetry, and global network stability.\u003Cbr \u002F>\n*   \u003Cstrong>(NEW) Whitelist Login Countries:\u003C\u002Fstrong> Take absolute control over administrative access. Easily restrict your WordPress login page and XML-RPC to only allow connections from specific, whitelisted countries, instantly blocking unauthorized foreign login attempts.\u003Cbr \u002F>\n*   \u003Cstrong>(IMPROVED) Bulk Import\u002FExport for Blocked IPs & Whitelist:\u003C\u002Fstrong> Seamlessly import massive lists of IPs via CSV or manual entry. The system now features a bulletproof “Bulk Import” type, strict duration inheritance, and intelligent conflict resolution.\u003Cbr \u002F>\n*   \u003Cstrong>(NEW) Internal Security & Forensics:\u003C\u002Fstrong> A complete audit suite solely for WordPress. Track every sensitive event (plugin installs, settings changes, user logins) and monitor your critical files for unauthorized modifications with the integrated File Integrity Monitor.\u003Cbr \u002F>\n*   \u003Cstrong>(NEW) Activity Audit Log:\u003C\u002Fstrong> Gain complete visibility into what’s happening on your site. Who deactivated a plugin? Who changed a setting? The Audit Log answers these questions with timestamped, immutable records.\u003Cbr \u002F>\n*   \u003Cstrong>(NEW) Deep Scan Email Reports:\u003C\u002Fstrong> Get a weekly security summary delivered to your inbox, detailing pending updates, vulnerability status, and recent attack trends.\u003Cbr \u002F>\n*   \u003Cstrong>Username Blocking & Rules:\u003C\u002Fstrong> Gain granular control over login security. Creating Advanced Rules to block, challenge, or score specific usernames (e.g., “admin”, “test”).\u003Cbr \u002F>\n*   \u003Cstrong>Enhanced Lockdown Notifications:\u003C\u002Fstrong> Distributed Lockdowns (404\u002F403) now fully support Email and Push notifications, ensuring you never miss a critical security event.\u003Cbr \u002F>\n*   \u003Cstrong>Improved Logging:\u003C\u002Fstrong> New “Endpoint Challenge” event type provides deeper visibility into challenges served during automated lockdowns.\u003Cbr \u002F>\n*   \u003Cstrong>Server IP Reputation Check. Instantly audit your web server’s IP address against major blacklists (Spamhaus, AbuseIPDB) to diagnose SEO and email delivery issues.\u003Cbr \u002F>\n*   **HTTP Security Headers.\u003C\u002Fstrong> Easily configure essential security headers like HSTS, X-Frame-Options, and Permissions-Policy to harden your site against clickjacking, sniffing, and other browser-based attacks. Includes a “Report-Only” mode for CSP.\u003Cbr \u002F>\n*   \u003Cstrong>Site Health & Vulnerability Scanner. Audit your WordPress environment instantly. Detects outdated plugins, insecure PHP versions, and checks your installed plugins against a database of 30,000+ known vulnerabilities.\u003Cbr \u002F>\n*   **PERFORMANCE BOOST: High-Speed Community Database. Migrated the “Community Defense Network” blocklist to a dedicated, indexed database table. This allows checking thousands of malicious IPs in microseconds with zero impact on site memory usage.\u003Cbr \u002F>\n*   **WordPress 6.9 Ready. Fully tested and compatible with the latest WordPress core update.\u003Cbr \u002F>\n*   **Community Defense Network. Join forces with other WordPress admins. The plugin now shares anonymous attack data to build a global, real-time blocklist of verified threats. Protect your site with community-powered intelligence.\u003Cbr \u002F>\n*   **Auto-Cleaning Logic. Smart expiration handling ensures your blocklists stay fresh and performant, automatically removing stale IPs from both the database and external firewalls (Cloudflare\u002F.htaccess).\u003Cbr \u002F>\n*   **Cloud Edge Defense (Cloudflare). Connect your site directly to Cloudflare’s global network. Automatically sync your blocklists to the cloud to stop attackers before they reach your server. Zero server load protection.\u003Cbr \u002F>\n*   **Server-Level Firewall (.htaccess). Extreme performance upgrade. Write blocking rules and file hardening protections directly to your .htaccess file. Blocks threats instantly without loading PHP or WordPress.\u003Cbr \u002F>\n*   **IMPROVED: Smart Bot Verification. Enhanced logic to correctly identify legitimate traffic from iOS devices (iCloud Private Relay) and social media previews, eliminating false positives while keeping impostors out.\u003Cbr \u002F>\n*   **File Hardening.\u003C\u002Fstrong> Protect your most sensitive files (\u003Ccode>wp-config.php\u003C\u002Fcode>, \u003Ccode>readme.html\u003C\u002Fcode>, \u003Ccode>.git\u003C\u002Fcode>) at the server level with a single click.\u003Cbr \u002F>\n*   \u003Cstrong>AbuseIPDB Integration.\u003C\u002Fstrong> Proactively block attackers before they strike. The plugin can now check visitor IPs against AbuseIPDB’s real-time, crowdsourced database of malicious IPs and block those with a high abuse score on their very first request.\u003Cbr \u002F>\n*   \u003Cstrong>Edge Firewall Mode!\u003C\u002Fstrong> Protect any PHP file or standalone application within your WordPress directory (even if it’s not part of WordPress). Ideal for securing custom scripts, legacy applications, or folders like \u003Ccode>\u002Fscan\u002F\u003C\u002Fcode>. (Requires manual configuration).\u003Cbr \u002F>\n*   \u003Cstrong>Advanced Rules Engine!\u003C\u002Fstrong> Create powerful, custom security rules with multiple conditions (IP, Country, ASN, URI, User-Agent) and actions (Block, Challenge, or add Threat Score).\u003Cbr \u002F>\n*   \u003Cstrong>Known Bot Verification.\u003C\u002Fstrong> A powerful new security layer that uses reverse DNS lookups to verify legitimate crawlers like Googlebot and Bingbot. This completely neutralizes attackers who try to bypass security rules by faking their User-Agent, assigning high threat scores to impostors.\u003Cbr \u002F>\n*   \u003Cstrong>Onboarding Setup Wizard.\u003C\u002Fstrong> A brand new step-by-step wizard that guides new users through the essential security configurations (IP whitelisting, WAF, and bot traps) in under a minute, ensuring a strong security posture from day one.\u003Cbr \u002F>\n*   \u003Cstrong>Major Refactor: Codebase Modernization.\u003C\u002Fstrong> The entire plugin architecture has been refactored into a modern, modular structure. Logic for admin pages, AJAX, actions, and settings is now handled by dedicated classes, making the plugin more stable, performant, and easier to maintain and extend in the future.\u003Cbr \u002F>\n*   \u003Cstrong>Advanced IP Spoofing Protection.\u003C\u002Fstrong> A zero-trust “Trusted Proxies” system ensures the plugin always identifies the true visitor IP, even behind complex setups like Cloudflare or a custom reverse proxy. It neutralizes attacks that attempt to fake their IP, preventing block evasion and the framing of innocent users.\u003Cbr \u002F>\n*   \u003Cstrong>Geo-Challenge.\u003C\u002Fstrong> A smarter way to handle traffic from high-risk countries. Instead of a hard block, it presents a quick, invisible JavaScript challenge that stops bots but is seamless for human visitors. This reduces unwanted traffic without affecting potential legitimate users.\u003Cbr \u002F>\n*   \u003Cstrong>ENHANCEMENT: Full Bulk-Action Support.\u003C\u002Fstrong> IP management is now faster than ever. Both the Whitelist and the Blocked IPs list now support full bulk actions, allowing you to select and remove multiple entries at once, or unblock all IPs with a single click.\u003Cbr \u002F>\n*   \u003Cstrong>Endpoint Lockdown Mode:\u003C\u002Fstrong> Automatically shields \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>xmlrpc.php\u003C\u002Fcode> with a JavaScript challenge during sustained distributed attacks, preventing server overload.\u003Cbr \u002F>\n*   \u003Cstrong>Two-Factor Authentication (2FA):\u003C\u002Fstrong> Secure user accounts with industry-standard TOTP authentication, backup codes, role enforcement, and a central admin management dashboard.\u003Cbr \u002F>\n*   \u003Cstrong>IP Trust & Threat Scoring System:\u003C\u002Fstrong> An intelligent defense that assigns “threat points” to IPs for malicious actions, blocking them only when they reach a configurable score. More accurate and context-aware than simple rules.\u003Cbr \u002F>\n*   \u003Cstrong>Attack Signature Engine (Beta):\u003C\u002Fstrong> Proactively stops distributed botnet attacks by identifying and blocking the attacker’s “fingerprint” (signature) instead of just individual IPs.\u003Cbr \u002F>\n*   \u003Cstrong>Web Application Firewall (WAF):\u003C\u002Fstrong> Block malicious requests (SQLi, XSS, etc.) with a customizable ruleset.\u003Cbr \u002F>\n*   \u003Cstrong>And much more:\u003C\u002Fstrong> Rate Limiting, Country & ASN Blocking (with Spamhaus support), ASN Whitelisting, Push Notifications, Google reCAPTCHA, Honeypots, Active User Session Management, and Full WP-CLI Support.\u003C\u002Fp>\n","A complete WordPress security firewall: blocks IPs, bots & countries. Includes an intelligent WAF, Threat Scoring, Geo-Challenge, and 2FA.",1000,30253,94,15,"2026-04-15T11:05:00.000Z","6.7","8.1",[137,138,21,99,139],"2fa","firewall","waf","https:\u002F\u002Fadvaipbl.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-ip-blocker.8.9.12.zip",{"attackSurface":143,"codeSignals":159,"taintFlows":175,"riskAssessment":225,"analyzedAt":234},{"hooks":144,"ajaxHandlers":155,"restRoutes":156,"shortcodes":157,"cronEvents":158,"entryPointCount":26,"unprotectedCount":26},[145,151],{"type":146,"name":147,"callback":148,"file":149,"line":150},"action","admin_menu","mbp_main_page","Mr_Blocker.php",31,{"type":146,"name":152,"callback":153,"file":149,"line":154},"admin_print_styles","mbp_stylesheet",146,[],[],[],[],{"dangerousFunctions":160,"sqlUsage":161,"outputEscaping":163,"fileOperations":80,"externalRequests":33,"nonceChecks":33,"capabilityChecks":164,"bundledLibraries":174},[],{"prepared":26,"raw":26,"locations":162},[],{"escaped":164,"rawEcho":14,"locations":165},2,[166,169,172],{"file":149,"line":167,"context":168},49,"raw output",{"file":170,"line":171,"context":168},"detect_countries_form.php",39,{"file":170,"line":173,"context":168},52,[],[176,204],{"entryPoint":177,"graph":178,"unsanitizedCount":26,"severity":203},"mbp_Content (Mr_Blocker.php:33)",{"nodes":179,"edges":199},[180,185,191,195],{"id":181,"type":182,"label":183,"file":149,"line":184},"n0","source","$_SERVER (x2)",59,{"id":186,"type":187,"label":188,"file":149,"line":189,"wp_function":190},"n1","sink","header() [Header Injection]",63,"header",{"id":192,"type":182,"label":193,"file":149,"line":194},"n2","$_POST",79,{"id":196,"type":187,"label":197,"file":149,"line":35,"wp_function":198},"n3","file_put_contents() [File Write]","file_put_contents",[200,202],{"from":181,"to":186,"sanitized":201},true,{"from":192,"to":196,"sanitized":201},"low",{"entryPoint":205,"graph":206,"unsanitizedCount":26,"severity":203},"\u003CMr_Blocker> (Mr_Blocker.php:0)",{"nodes":207,"edges":221},[208,209,210,211,212,216],{"id":181,"type":182,"label":183,"file":149,"line":184},{"id":186,"type":187,"label":188,"file":149,"line":189,"wp_function":190},{"id":192,"type":182,"label":193,"file":149,"line":194},{"id":196,"type":187,"label":197,"file":149,"line":35,"wp_function":198},{"id":213,"type":182,"label":214,"file":149,"line":215},"n4","$_SERVER",96,{"id":217,"type":187,"label":218,"file":149,"line":219,"wp_function":220},"n5","wp_remote_get() [SSRF]",118,"wp_remote_get",[222,223,224],{"from":181,"to":186,"sanitized":201},{"from":192,"to":196,"sanitized":201},{"from":213,"to":217,"sanitized":201},{"summary":226,"deductions":227},"The 'mr-blocker' plugin version 1.2 exhibits a strong security posture based on the provided static analysis.  The complete absence of exposed AJAX handlers, REST API routes, shortcodes, and cron events without authentication checks significantly reduces the plugin's attack surface.  Furthermore, the code signals indicate responsible development with 100% of SQL queries using prepared statements and the presence of nonce and capability checks.  The vulnerability history showing zero known CVEs further supports the perception of a secure plugin.",[228,230,232],{"reason":229,"points":80},"Inconsistent output escaping",{"reason":231,"points":14},"File operations present without clear context",{"reason":233,"points":14},"External HTTP requests present without clear context","2026-04-16T12:29:36.481Z",{"wat":236,"direct":242},{"assetPaths":237,"generatorPatterns":239,"scriptPaths":240,"versionParams":241},[238],"\u002Fwp-content\u002Fplugins\u002Fmr-blocker\u002Fstyle.css",[],[],[],{"cssClasses":243,"htmlComments":250,"htmlAttributes":251,"restEndpoints":252,"jsGlobals":253,"shortcodeOutput":254},[244,245,246,247,248,249],"detect_head","note_detect_head","detect_container","detect_head_message","detect_form","detect_submit",[],[],[],[],[],{"error":201,"url":256,"statusCode":257,"statusMessage":258,"message":258},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fmr-blocker\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":26,"versions":260},[]]