Does Restrict Country Access have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Restrict Country Access compatible with WordPress 6.1.10?

According to WordPress.org data, Restrict Country Access 1.1.0 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

Is Restrict Country Access compatible with PHP 5.6+?

Restrict Country Access requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Restrict Country Access updated?

Restrict Country Access was last updated on Jan 10, 2023. Frequent updates are generally a positive security signal.

What is Restrict Country Access's security score?

Restrict Country Access has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Restrict Country Access Security & Risk Analysis

wordpress.org/plugins/restrict-country-access

Sometimes we need to block access of WordPress site in some Country.

40 active installs v1.1.0 PHP 5.6+ WP 4.0+ Updated Jan 10, 2023

bilipluginsblock-countryblockcountry

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Restrict Country Access Safe to Use in 2026?

Generally Safe

Score 85/100

Restrict Country Access has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The "restrict-country-access" plugin version 1.1.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and achieving a high percentage of properly escaped output. It also correctly utilizes nonce checks in two instances, which is a positive sign for input validation. However, a significant concern arises from the presence of one unprotected AJAX handler, representing a direct entry point for potential attacks that bypass authentication. While there are no recorded vulnerabilities or critical taint flows, the unprotected AJAX handler presents a clear and immediate risk. The plugin's history of zero known CVEs is encouraging, suggesting a generally stable codebase, but this should not overshadow the identified unprotected entry point. Overall, the plugin has strengths in its data handling but requires immediate attention to secure its AJAX endpoint.

Key Concerns

Unprotected AJAX handler

Vulnerabilities

None known

Restrict Country Access Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Restrict Country Access Release Timeline

v1.1.0Current

v1.0.1

v1.0.0

Code Analysis

Analyzed Apr 16, 2026

Restrict Country Access Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

27 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

Output Escaping

87% escaped31 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

rca_block_country (includes/block-country.php:18)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Restrict Country Access Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_rca_get_postsincludes/custom-settings.php:306

WordPress Hooks 7

actiontemplate_redirectincludes/block-country.php:114

actionadmin_menuincludes/custom-settings.php:31

actionadmin_noticesincludes/custom-settings.php:62

actionadmin_initincludes/custom-settings.php:66

actionadmin_enqueue_scriptsincludes/custom-settings.php:112

actionadd_meta_boxesincludes/custom-settings.php:205

actionsave_postincludes/custom-settings.php:269

Maintenance & Trust

Restrict Country Access Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedJan 10, 2023

PHP min version5.6

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs40

Alternatives

Restrict Country Access Alternatives

IP2Location Country Blocker

ip2location-country-blocker

Blocks unwanted visitors from accessing your frontend (blog pages) or backend (admin area) by countries or proxy servers.

30K 9 CVEs

Login IP & Country Restriction

100

Tighten your website security and fight against dictionary bot attacks originating from other countries, by denying access.

7K No CVEs

Country Access Blocker

country-access-blocker

100

Block or allow website visitors from specific countries based on IP geolocation.

600 No CVEs

Block Country

block-country

Set country and IP to block your website. You can also set IP address to unblock for any special IP Address.

70 1 unpatched

CountryLock

countrylock

100

Block/allow countries with one toggle. Lightweight, no upsells. Includes admin bypass, IP allowlist, and block stats.

30 No CVEs

Developer Profile

Restrict Country Access Developer Profile

Bili Plugins

4 plugins · 50 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Restrict Country Access

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/restrict-country-access/build/restrict-country.css/wp-content/plugins/restrict-country-access/build/restrict-country.js

Script Paths

/wp-content/plugins/restrict-country-access/build/restrict-country.js

Version Parameters

restrict-country-access/build/restrict-country.css?ver=restrict-country-access/build/restrict-country.js?ver=

HTML / DOM Fingerprints

CSS Classes

rca-restrict-countryrca_country

HTML Comments

+1 more

Data Attributes

rca_countryrca_page_idrca_noncerca_nonce_actionrca_selected_countryrca_post_setting_nonce

JS Globals

rca_countries_dropdownrca_block_country_success_notice

FAQ