Does IP Ban have any unpatched vulnerabilities?

No. All known vulnerabilities in IP Ban have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is IP Ban compatible with WordPress 4.7.32?

According to WordPress.org data, IP Ban 1.3.0 has been tested up to WordPress 4.7.32. Check the plugin's changelog for the latest compatibility information.

How often is IP Ban updated?

IP Ban was last updated on Nov 28, 2017. Frequent updates are generally a positive security signal.

What is IP Ban's security score?

IP Ban has a WP-Safety security score of 84/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

IP Ban Security & Risk Analysis

wordpress.org/plugins/simple-ip-ban

Simple IP Ban is a lightweight ip / user agent ban plugin.

2K active installs v1.3.0 PHP + WP 3.1.0+ Updated Nov 28, 2017

anti-spamip-banprotectionuser-agent-ban

B · Generally Safe

CVEs total1

Unpatched0

Last CVEDec 12, 2014

Plugin page Download

Safety Verdict

Is IP Ban Safe to Use in 2026?

Mostly Safe

Score 84/100

IP Ban is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVELast CVE: Dec 12, 2014Updated 8yr ago

Risk Assessment

The "simple-ip-ban" v1.3.0 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals no identified dangerous functions, no raw SQL queries, and a single nonce check, indicating some attention to secure coding practices. The absence of file operations and external HTTP requests further reduces the potential attack surface. However, a significant concern is the lack of capability checks on any entry points, meaning privileged actions could potentially be performed by unauthenticated or low-privileged users if any entry points existed.

The vulnerability history is a notable concern, with one known high-severity CVE related to Cross-site Scripting (XSS) recorded in 2014. While this vulnerability is marked as patched, the existence of a high-severity XSS flaw in the past, even if addressed, warrants caution. The current static analysis does not reveal any direct evidence of XSS or other critical vulnerabilities in the analyzed code, but the historical pattern is a red flag for potential future issues or undiscovered vulnerabilities.

In conclusion, while the plugin demonstrates good practices in areas like SQL handling and nonce usage, the complete absence of capability checks on entry points is a significant weakness. The past high-severity XSS vulnerability, even if patched, suggests a history of less robust input sanitization. Users should be aware of these potential risks, especially if future updates introduce new functionalities or if the plugin is used in highly sensitive environments.

Key Concerns

Historical high severity CVE (XSS)
No capability checks on entry points
Output escaping not fully implemented (33% unescaped)

Vulnerabilities

IP Ban Security Vulnerabilities

CVEs by Year

1 CVE in 2014

2014

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2014-9413high · 8.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

IP Ban <= 1.2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Dec 12, 2014 Patched in 1.2.4 (3329d)

Code Analysis

Analyzed Mar 16, 2026

IP Ban Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

67% escaped9 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

simple_ip_ban_callback (ip-ban.php:31)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

IP Ban Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionplugins_loadedip-ban.php:12

actionadmin_initip-ban.php:14

actionadmin_menuip-ban.php:15

Maintenance & Trust

IP Ban Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32

Last updatedNov 28, 2017

PHP min version

Downloads49K

Community Trust

Rating80/100

Number of ratings9

Active installs2K

Alternatives

IP Ban Alternatives

Antispam Bee

antispam-bee

100

Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.

700K 1 CVE

CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7

contact-form-7-honeypot

100

Addons for Contact Form 7 — Honeypot, Database Entries, Redirection, Spam Protection, Webhooks, ACF integration for Contact Form 7, and more.

300K No CVEs

WP Armour – Honeypot Anti Spam

honeypot

Fastest growing Anti Spam plugin. No API calls, subscriptions, captcha or puzzle. Full GDPR complaint. For comments, contact form, login, registration

300K 2 CVEs

Stop Spammers Classic

stop-spammer-registrations-plugin

A simplified, restored, and preserved version of the original Stop Spammers plugin.

30K 8 CVEs

Spam Protect for Contact Form 7

wp-contact-form-7-spam-blocker

Spam Protect for Contact-Form7 protects from spam and bots. Customize defense strategies and monitor blocked attempts. Protect your time effectively!

10K 1 CVE

Developer Profile

IP Ban Developer Profile

Sandor Kovacs

5 plugins · 3K total installs

trust score

Avg Security Score

75/100

Avg Patch Time

3360 days

View full developer profile

Detection Fingerprints

How We Detect IP Ban

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-ip-ban/ip-ban.css

HTML / DOM Fingerprints

CSS Classes

simple-ip-list

Data Attributes

id='simple-ip-list'name='ip_list'id='ip-list'name='user_agent_list'id='user-agent-list'name='redirect_url'+4 more

FAQ