[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJUUh13cw66dhcfqy-HhpSm659eBSFpjaG7P_MlT3GPA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":14,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":137,"fingerprints":258},"tor-blocker-by-inazo","Tor Blocker by Inazo","1.1","inazo","https:\u002F\u002Fprofiles.wordpress.org\u002Finazo\u002F","\u003Cp>[EN]Tor Blocker\u003C\u002Fp>\n\u003Cp>As soon as you enable it it will block any connection to your site for Tor network users.\u003C\u002Fp>\n\u003Cp>Please use this plugin only on commercial sites that have no reason to know traffic from Tor. Thank you for not blocking tutorial sites, courses, computer security etc. Which could be used by people in non-free Internet areas.\u003C\u002Fp>\n\u003Cp>Tor users will be blocked in front and back office. To unblock access you just need to disable it.\u003C\u002Fp>\n\u003Cp>The blocking takes place at the earliest in the execution of the code of your site to limit the consume in resources of this kind of visitor.\u003C\u002Fp>\n\u003Cp>For works the plugin send DNS request to *ip-port.exitlist.torproject.org, the request ask to torproject if the user’s IP address is an exit nodes or not.\u003C\u002Fp>\n\u003Cp>Term of use of Tor Network : https:\u002F\u002Fwww.torproject.org\u002Fdocs\u002Ftrademark-faq.html.en\u003C\u002Fp>\n\u003Cp>[FR]Tor Blocker\u003C\u002Fp>\n\u003Cp>Dès que vous l’activez il va bloquer toute connexion à votre site pour les utilisateurs du réseau Tor.\u003C\u002Fp>\n\u003Cp>Merci d’utiliser ce plugin uniquement sur des sites commerciaux qui n’ont aucune raison de connaître du traffic provenant de Tor. Merci de ne pas bloquer les sites de tutos, cours, sécurité informatique etc. qui pourraient être utilisé par des personnes dans des zones d’Internet non libre.\u003C\u002Fp>\n\u003Cp>Les utilisateurs de Tor seront bloqués en front et en back office. Pour en débloquer l’accès il vous suffit de le désactiver.\u003C\u002Fp>\n\u003Cp>Le blocage à lieu au plus tôt dans l’éxécution du code de votre site pour limiter la consomation en ressources de ce genre de visiteur.\u003C\u002Fp>\n\u003Cp>Pour fonctionner le plugin envoi une requête DNS à *ip-port.exitlist.torproject.org. La requête va demander à torproject.org si l’adresse IP de l’utilisateur est un noued de sortie du réseau TOR.\u003C\u002Fp>\n\u003Cp>CGU : https:\u002F\u002Fwww.torproject.org\u002Fdocs\u002Ftrademark-faq.html.en\u003C\u002Fp>\n\u003Cp>Copyright icon onion : http:\u002F\u002Ffr.freepik.com\u002Fvecteurs-libre\u002Fcollection-d-39-icones-de-legumes_948406.htm\u003C\u002Fp>\n","This plugin blocks Tor users by preventing them from viewing your website.",20,5536,0,"","4.9.29","4.5.1",[18,19,20,21,22],"ip-block","ip-blocker","security","tor","tor-blocker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftor-blocker-by-inazo.1.1.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},3,4030,92,2695,73,"2026-04-04T05:39:29.895Z",[36,58,77,98,117],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":24,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":14,"download_link":56,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":57},"ip-blocker-lite","IP & Country Blocker Lite","3.0.0","Nurul Islam","https:\u002F\u002Fprofiles.wordpress.org\u002Ffaqnurul\u002F","\u003Cp>IP & Country Blocker Lite is a comprehensive WordPress security plugin that provides multiple layers of protection for your website. Block unwanted visitors based on IP addresses or countries, and add an extra layer of security with two-factor authentication (2FA).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>IP Address Blocking\u003C\u002Fstrong>: Block or allow specific IP addresses, IP ranges, or subnets\u003Cbr \u002F>\n* \u003Cstrong>Country-Based Blocking\u003C\u002Fstrong>: Restrict access based on visitors’ countries\u003Cbr \u002F>\n* \u003Cstrong>Two-Factor Authentication\u003C\u002Fstrong>: Secure admin logins with email-based 2FA or authenticator apps\u003Cbr \u002F>\n* \u003Cstrong>Recovery Codes\u003C\u002Fstrong>: Backup access codes for account recovery\u003Cbr \u002F>\n* \u003Cstrong>Emergency Recovery\u003C\u002Fstrong>: Generate secure recovery URLs to disable the plugin if locked out\u003Cbr \u002F>\n* \u003Cstrong>Advanced Security Dashboard\u003C\u002Fstrong>: Monitor blocked attempts and security events\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Benefits:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Protect against spam, bots, and malicious traffic\u003Cbr \u002F>\n* Prevent brute force attacks on admin login\u003Cbr \u002F>\n* Block entire countries or regions\u003Cbr \u002F>\n* Easy-to-use admin interface with real-time monitoring\u003Cbr \u002F>\n* Lightweight and fast performance\u003Cbr \u002F>\n* No external dependencies for core functionality\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Easy Management:\u003C\u002Fstrong>\u003Cbr \u002F>\n* One-click blocking\u002Funblocking\u003Cbr \u002F>\n* Intuitive admin panel with tabbed interface\u003Cbr \u002F>\n* Real-time activity logs\u003Cbr \u002F>\n* Bulk operations support\u003Cbr \u002F>\n* Custom blocked page templates\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Monitoring & Analytics:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Track blocked IP attempts\u003Cbr \u002F>\n* View country-wise access statistics\u003Cbr \u002F>\n* Monitor security events\u003Cbr \u002F>\n* Export blocking rules\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy & Compliance:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Uses free IP-API.com service for geolocation\u003Cbr \u002F>\n* No personal data storage\u003Cbr \u002F>\n* GDPR compliant\u003Cbr \u002F>\n* Respects user privacy\u003C\u002Fp>\n\u003Ch3>Data Collection & Privacy\u003C\u002Fh3>\n\u003Cp>For transparency, here’s what data the plugin collects and why:\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Essential Data Collection (Always Required for Functionality):\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>IP Addresses\u003C\u002Fstrong>: Collected for security blocking and geolocation features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Enable IP\u002Fcountry blocking, security monitoring, and access control\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Storage\u003C\u002Fstrong>: Temporary (not stored in database, only processed in memory)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Third Parties\u003C\u002Fstrong>: Sent to IP-API.com for country lookup (free service)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Country Information\u003C\u002Fstrong>: Derived from IP addresses via geolocation\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Enable country-based blocking and access statistics\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Storage\u003C\u002Fstrong>: Not stored permanently (only used for blocking decisions)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Third Parties\u003C\u002Fstrong>: Retrieved from IP-API.com (free geolocation service)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Optional Data Collection (Only with User Consent):\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Plugin Usage Statistics\u003C\u002Fstrong>: Anonymous plugin performance data\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Improve plugin quality and fix bugs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Collected\u003C\u002Fstrong>: Plugin version, WordPress version, PHP version, activation date\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Storage\u003C\u002Fstrong>: Remote server (only if user consents)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy\u003C\u002Fstrong>: Completely anonymous, no personal identifiers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>User Feedback\u003C\u002Fstrong>: Plugin reviews and feedback submissions\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Understand user needs and improve features\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Collected\u003C\u002Fstrong>: Feedback text, rating, plugin version, PHP version\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Storage\u003C\u002Fstrong>: Remote server (only if user consents)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy\u003C\u002Fstrong>: Anonymous feedback, no personal data required\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Policy\u003C\u002Fstrong>: http:\u002F\u002Fcodecanvasbd\u002Fprivacy-policy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Data Collection Controls:\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Consent Required\u003C\u002Fstrong>: Optional data collection requires explicit user consent\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Opt-out\u003C\u002Fstrong>: Users can decline consent at any time\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Automatic Collection\u003C\u002Fstrong>: No data sent without user permission\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Transparent Process\u003C\u002Fstrong>: Clear consent modal explains what data is collected\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Third-Party Services:\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>IP-API.com\u003C\u002Fstrong>: Free geolocation service for country detection\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Data sent: Visitor IP addresses\u003C\u002Fli>\n\u003Cli>Purpose: Determine visitor country for blocking features\u003C\u002Fli>\n\u003Cli>Privacy: IP-API.com privacy policy applies\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Remote Analytics Server\u003C\u002Fstrong> (optional, consent required):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Data sent: Anonymous usage statistics\u003C\u002Fli>\n\u003Cli>Purpose: Plugin improvement and support\u003C\u002Fli>\n\u003Cli>Privacy: No personal data, fully anonymous\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>GDPR Compliance:\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>✅ No personal data storage without consent\u003C\u002Fli>\n\u003Cli>✅ Clear consent mechanisms\u003C\u002Fli>\n\u003Cli>✅ Easy opt-out options\u003C\u002Fli>\n\u003Cli>✅ Transparent data practices\u003C\u002Fli>\n\u003Cli>✅ Data minimization principles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Main Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>IP & Country Blocking:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Block specific IP addresses or ranges (CIDR notation supported)\u003Cbr \u002F>\n* Block entire countries or allow only specific countries\u003Cbr \u002F>\n* Whitelist important IPs for access\u003Cbr \u002F>\n* Real-time blocking with immediate effect\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two-Factor Authentication (2FA):\u003C\u002Fstrong>\u003Cbr \u002F>\n* Email-based 2FA for easy setup\u003Cbr \u002F>\n* Authenticator app support (Google Authenticator, Authy, etc.)\u003Cbr \u002F>\n* Recovery codes for account access\u003Cbr \u002F>\n* Secure code generation and validation\u003Cbr \u002F>\n* Admin email verification\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Emergency Recovery System:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Generate secure recovery URLs to disable plugin if locked out\u003Cbr \u002F>\n* Time-limited recovery hashes (24 hours expiration)\u003Cbr \u002F>\n* One-click plugin deactivation via recovery URL\u003Cbr \u002F>\n* Secure hash verification to prevent unauthorized access\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Admin Interface:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Modern, responsive dashboard\u003Cbr \u002F>\n* Tabbed navigation for easy access\u003Cbr \u002F>\n* Real-time statistics and charts\u003Cbr \u002F>\n* Activity logs with filtering\u003Cbr \u002F>\n* Bulk operations for efficiency\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Monitoring:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Track blocked access attempts\u003Cbr \u002F>\n* Country-wise visitor statistics\u003Cbr \u002F>\n* Failed login monitoring\u003Cbr \u002F>\n* Security event logging\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Performance Optimized:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Lightweight codebase\u003Cbr \u002F>\n* Minimal database queries\u003Cbr \u002F>\n* Fast IP lookups\u003Cbr \u002F>\n* Caching support\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin uses the IP-API.com service to detect the user’s location based on their IP address.\u003Cbr \u002F>\n– \u003Cstrong>Service\u003C\u002Fstrong>: IP-API.com (http:\u002F\u002Fip-api.com)\u003Cbr \u002F>\n– \u003Cstrong>Purpose\u003C\u002Fstrong>: IP geolocation for country-based blocking\u003Cbr \u002F>\n– \u003Cstrong>Data Sent\u003C\u002Fstrong>: User’s IP address only\u003Cbr \u002F>\n– \u003Cstrong>Privacy Policy\u003C\u002Fstrong>: http:\u002F\u002Fip-api.com\u002Fdocs\u002Flegal\u003Cbr \u002F>\n– \u003Cstrong>Data Storage\u003C\u002Fstrong>: No personal data is stored by this plugin\u003C\u002Fp>\n\u003Cp>The plugin works without this service but country blocking features will be limited.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, bug reports, or feature requests:\u003Cbr \u002F>\n– \u003Cstrong>WordPress.org Support Forum\u003C\u002Fstrong>: https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fip-blocker-lite\u002F\u003Cbr \u002F>\n– \u003Cstrong>GitHub Issues\u003C\u002Fstrong>: Report bugs and request features\u003Cbr \u002F>\n– \u003Cstrong>Email\u003C\u002Fstrong>: Contact through WordPress.org profile\u003C\u002Fp>\n\u003Ch3>Contributing\u003C\u002Fh3>\n\u003Cp>Contributions are welcome! Please feel free to submit pull requests or open issues on GitHub.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Developer\u003C\u002Fstrong>: Nurul Islam (faqnurul)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Icons\u003C\u002Fstrong>: Dashicons (WordPress)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Geolocation\u003C\u002Fstrong>: IP-API.com (free tier)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Charts\u003C\u002Fstrong>: Chart.js library\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003Cbr \u002F>\nLicense URI: http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fp>\n\u003Cp>Take control of your website’s security and protect it from unwanted visitors with IP & Country Blocker Lite!\u003C\u002Fp>\n","Advanced WordPress security plugin with IP\u002Fcountry blocking and two-factor authentication for comprehensive website protection.",300,1883,1,"2026-01-05T16:17:00.000Z","6.9.4","4.0","7.0",[52,19,53,54,55],"country-blocker","login-security","two-factor-authentication","website-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fip-blocker-lite.zip","2026-03-15T15:16:48.613Z",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":24,"num_ratings":68,"last_updated":69,"tested_up_to":48,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":75,"download_link":76,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":57},"crowdsec","CrowdSec","2.13.1","CrowdSec - lightweight and collaborative security engine","https:\u002F\u002Fprofiles.wordpress.org\u002Fcrowdsec\u002F","\u003Cp>The CrowdSec plugin proactively blocks requests coming from known attackers.\u003Cbr \u002F>\nIt does so by either directly using CrowdSec Blocklists Integration or by connecting to your CrowdSec Security Engine.\u003C\u002Fp>\n\u003Ch4>Key Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Instant CrowdSec Blocklist\u003C\u002Fstrong>: Quickly block known WordPress attackers in a few clicks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detect and block\u003C\u002Fstrong> admin bruteforce attempts and scans of your WordPress Site.\u003C\u002Fli>\n\u003Cli>Remediation metrics: Enabling you to see the efficiency of the protection.\u003C\u002Fli>\n\u003Cli>(Console Users) Plug any of your existing Blocklist Integrations.\u003C\u002Fli>\n\u003Cli>(CrowdSec Security Engine Users) Apply decisions and subscribed blocklist of your security engine within WordPress.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Block aggressive IPs\u003C\u002Fli>\n\u003Cli>Display a captcha for less aggressive IPs\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin blocks detected attackers or displays them a captcha to check they are not bots.",2000,58196,5,"2026-01-09T01:11:00.000Z","4.9","7.2",[73,59,74,19,20],"captcha","hacker-protection","https:\u002F\u002Fgithub.com\u002Fcrowdsecurity\u002Fcs-wordpress-bouncer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcrowdsec.2.13.1.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":87,"num_ratings":88,"last_updated":89,"tested_up_to":48,"requires_at_least":90,"requires_php":91,"tags":92,"homepage":96,"download_link":97,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":57},"advanced-ip-blocker","Advanced IP Blocker","8.9.2","IniLerm","https:\u002F\u002Fprofiles.wordpress.org\u002Finilerm\u002F","\u003Cp>\u003Cstrong>Advanced IP Blocker\u003C\u002Fstrong> is your all-in-one security solution to safeguard your WordPress website from a wide range of threats. This plugin provides a comprehensive suite of tools to automatically detect and block malicious activity, including brute-force attacks, vulnerability scanning, and spam bots. With its intuitive interface, you can easily manage whitelists, blocklists, and view detailed security logs to understand exactly how your site is being protected.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Important Note on PHP Version:\u003C\u002Fstrong>\u003Cbr \u002F>\n  To ensure maximum security and access to all features, we strongly recommend using \u003Cstrong>PHP 8.1 or higher\u003C\u002Fstrong>. Some advanced features (like the local MaxMind database or full 2FA management via WP-CLI) require PHP 8.1.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n*   \u003Cstrong>(NEW) Country Selector Copy\u002FPaste:\u003C\u002Fstrong> Say goodbye to manually selecting 50+ countries. You can now instantly copy and paste a raw list of 2-letter country codes directly into Geoblocking, Geo-Challenge, and Whitelist Login fields.\u003Cbr \u002F>\n*   \u003Cstrong>(NEW) AIB Cloud Network V3:\u003C\u002Fstrong> Upgrade to the next-generation distributed threat intelligence network. The new API V3 provides secure, individual API Keys per site, drastically improving synchronization reliability, threat telemetry, and global network stability.\u003Cbr \u002F>\n*   \u003Cstrong>(NEW) Whitelist Login Countries:\u003C\u002Fstrong> Take absolute control over administrative access. Easily restrict your WordPress login page and XML-RPC to only allow connections from specific, whitelisted countries, instantly blocking unauthorized foreign login attempts.\u003Cbr \u002F>\n*   \u003Cstrong>(IMPROVED) Bulk Import\u002FExport for Blocked IPs & Whitelist:\u003C\u002Fstrong> Seamlessly import massive lists of IPs via CSV or manual entry. The system now features a bulletproof “Bulk Import” type, strict duration inheritance, and intelligent conflict resolution.\u003Cbr \u002F>\n*   \u003Cstrong>(NEW) Internal Security & Forensics:\u003C\u002Fstrong> A complete audit suite solely for WordPress. Track every sensitive event (plugin installs, settings changes, user logins) and monitor your critical files for unauthorized modifications with the integrated File Integrity Monitor.\u003Cbr \u002F>\n*   \u003Cstrong>(NEW) Activity Audit Log:\u003C\u002Fstrong> Gain complete visibility into what’s happening on your site. Who deactivated a plugin? Who changed a setting? The Audit Log answers these questions with timestamped, immutable records.\u003Cbr \u002F>\n*   \u003Cstrong>(NEW) Deep Scan Email Reports:\u003C\u002Fstrong> Get a weekly security summary delivered to your inbox, detailing pending updates, vulnerability status, and recent attack trends.\u003Cbr \u002F>\n*   \u003Cstrong>Username Blocking & Rules:\u003C\u002Fstrong> Gain granular control over login security. Creating Advanced Rules to block, challenge, or score specific usernames (e.g., “admin”, “test”).\u003Cbr \u002F>\n*   \u003Cstrong>Enhanced Lockdown Notifications:\u003C\u002Fstrong> Distributed Lockdowns (404\u002F403) now fully support Email and Push notifications, ensuring you never miss a critical security event.\u003Cbr \u002F>\n*   \u003Cstrong>Improved Logging:\u003C\u002Fstrong> New “Endpoint Challenge” event type provides deeper visibility into challenges served during automated lockdowns.\u003Cbr \u002F>\n*   \u003Cstrong>Server IP Reputation Check. Instantly audit your web server’s IP address against major blacklists (Spamhaus, AbuseIPDB) to diagnose SEO and email delivery issues.\u003Cbr \u002F>\n*   **HTTP Security Headers.\u003C\u002Fstrong> Easily configure essential security headers like HSTS, X-Frame-Options, and Permissions-Policy to harden your site against clickjacking, sniffing, and other browser-based attacks. Includes a “Report-Only” mode for CSP.\u003Cbr \u002F>\n*   \u003Cstrong>Site Health & Vulnerability Scanner. Audit your WordPress environment instantly. Detects outdated plugins, insecure PHP versions, and checks your installed plugins against a database of 30,000+ known vulnerabilities.\u003Cbr \u002F>\n*   **PERFORMANCE BOOST: High-Speed Community Database. Migrated the “Community Defense Network” blocklist to a dedicated, indexed database table. This allows checking thousands of malicious IPs in microseconds with zero impact on site memory usage.\u003Cbr \u002F>\n*   **WordPress 6.9 Ready. Fully tested and compatible with the latest WordPress core update.\u003Cbr \u002F>\n*   **Community Defense Network. Join forces with other WordPress admins. The plugin now shares anonymous attack data to build a global, real-time blocklist of verified threats. Protect your site with community-powered intelligence.\u003Cbr \u002F>\n*   **Auto-Cleaning Logic. Smart expiration handling ensures your blocklists stay fresh and performant, automatically removing stale IPs from both the database and external firewalls (Cloudflare\u002F.htaccess).\u003Cbr \u002F>\n*   **Cloud Edge Defense (Cloudflare). Connect your site directly to Cloudflare’s global network. Automatically sync your blocklists to the cloud to stop attackers before they reach your server. Zero server load protection.\u003Cbr \u002F>\n*   **Server-Level Firewall (.htaccess). Extreme performance upgrade. Write blocking rules and file hardening protections directly to your .htaccess file. Blocks threats instantly without loading PHP or WordPress.\u003Cbr \u002F>\n*   **IMPROVED: Smart Bot Verification. Enhanced logic to correctly identify legitimate traffic from iOS devices (iCloud Private Relay) and social media previews, eliminating false positives while keeping impostors out.\u003Cbr \u002F>\n*   **File Hardening.\u003C\u002Fstrong> Protect your most sensitive files (\u003Ccode>wp-config.php\u003C\u002Fcode>, \u003Ccode>readme.html\u003C\u002Fcode>, \u003Ccode>.git\u003C\u002Fcode>) at the server level with a single click.\u003Cbr \u002F>\n*   \u003Cstrong>AbuseIPDB Integration.\u003C\u002Fstrong> Proactively block attackers before they strike. The plugin can now check visitor IPs against AbuseIPDB’s real-time, crowdsourced database of malicious IPs and block those with a high abuse score on their very first request.\u003Cbr \u002F>\n*   \u003Cstrong>Edge Firewall Mode!\u003C\u002Fstrong> Protect any PHP file or standalone application within your WordPress directory (even if it’s not part of WordPress). Ideal for securing custom scripts, legacy applications, or folders like \u003Ccode>\u002Fscan\u002F\u003C\u002Fcode>. (Requires manual configuration).\u003Cbr \u002F>\n*   \u003Cstrong>Advanced Rules Engine!\u003C\u002Fstrong> Create powerful, custom security rules with multiple conditions (IP, Country, ASN, URI, User-Agent) and actions (Block, Challenge, or add Threat Score).\u003Cbr \u002F>\n*   \u003Cstrong>Known Bot Verification.\u003C\u002Fstrong> A powerful new security layer that uses reverse DNS lookups to verify legitimate crawlers like Googlebot and Bingbot. This completely neutralizes attackers who try to bypass security rules by faking their User-Agent, assigning high threat scores to impostors.\u003Cbr \u002F>\n*   \u003Cstrong>Onboarding Setup Wizard.\u003C\u002Fstrong> A brand new step-by-step wizard that guides new users through the essential security configurations (IP whitelisting, WAF, and bot traps) in under a minute, ensuring a strong security posture from day one.\u003Cbr \u002F>\n*   \u003Cstrong>Major Refactor: Codebase Modernization.\u003C\u002Fstrong> The entire plugin architecture has been refactored into a modern, modular structure. Logic for admin pages, AJAX, actions, and settings is now handled by dedicated classes, making the plugin more stable, performant, and easier to maintain and extend in the future.\u003Cbr \u002F>\n*   \u003Cstrong>Advanced IP Spoofing Protection.\u003C\u002Fstrong> A zero-trust “Trusted Proxies” system ensures the plugin always identifies the true visitor IP, even behind complex setups like Cloudflare or a custom reverse proxy. It neutralizes attacks that attempt to fake their IP, preventing block evasion and the framing of innocent users.\u003Cbr \u002F>\n*   \u003Cstrong>Geo-Challenge.\u003C\u002Fstrong> A smarter way to handle traffic from high-risk countries. Instead of a hard block, it presents a quick, invisible JavaScript challenge that stops bots but is seamless for human visitors. This reduces unwanted traffic without affecting potential legitimate users.\u003Cbr \u002F>\n*   \u003Cstrong>ENHANCEMENT: Full Bulk-Action Support.\u003C\u002Fstrong> IP management is now faster than ever. Both the Whitelist and the Blocked IPs list now support full bulk actions, allowing you to select and remove multiple entries at once, or unblock all IPs with a single click.\u003Cbr \u002F>\n*   \u003Cstrong>Endpoint Lockdown Mode:\u003C\u002Fstrong> Automatically shields \u003Ccode>wp-login.php\u003C\u002Fcode> and \u003Ccode>xmlrpc.php\u003C\u002Fcode> with a JavaScript challenge during sustained distributed attacks, preventing server overload.\u003Cbr \u002F>\n*   \u003Cstrong>Two-Factor Authentication (2FA):\u003C\u002Fstrong> Secure user accounts with industry-standard TOTP authentication, backup codes, role enforcement, and a central admin management dashboard.\u003Cbr \u002F>\n*   \u003Cstrong>IP Trust & Threat Scoring System:\u003C\u002Fstrong> An intelligent defense that assigns “threat points” to IPs for malicious actions, blocking them only when they reach a configurable score. More accurate and context-aware than simple rules.\u003Cbr \u002F>\n*   \u003Cstrong>Attack Signature Engine (Beta):\u003C\u002Fstrong> Proactively stops distributed botnet attacks by identifying and blocking the attacker’s “fingerprint” (signature) instead of just individual IPs.\u003Cbr \u002F>\n*   \u003Cstrong>Web Application Firewall (WAF):\u003C\u002Fstrong> Block malicious requests (SQLi, XSS, etc.) with a customizable ruleset.\u003Cbr \u002F>\n*   \u003Cstrong>And much more:\u003C\u002Fstrong> Rate Limiting, Country & ASN Blocking (with Spamhaus support), ASN Whitelisting, Push Notifications, Google reCAPTCHA, Honeypots, Active User Session Management, and Full WP-CLI Support.\u003C\u002Fp>\n","A complete WordPress security firewall: blocks IPs, bots & countries. Includes an intelligent WAF, Threat Scoring, Geo-Challenge, 2FA, and Anti-Sp &hellip;",1000,20374,94,15,"2026-03-15T09:30:00.000Z","6.7","8.1",[93,94,19,20,95],"country-block","firewall","waf","https:\u002F\u002Fadvaipbl.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-ip-blocker.8.9.2.zip",{"slug":99,"name":100,"version":101,"author":100,"author_profile":102,"description":103,"short_description":104,"active_installs":85,"downloaded":105,"rating":106,"num_ratings":107,"last_updated":108,"tested_up_to":48,"requires_at_least":70,"requires_php":71,"tags":109,"homepage":113,"download_link":114,"security_score":115,"vuln_count":46,"unpatched_count":13,"last_vuln_date":116,"fetched_at":57},"proxy-vpn-blocker","Proxy & VPN Blocker","3.5.8","https:\u002F\u002Fprofiles.wordpress.org\u002Frickstermuk\u002F","\u003Ch4>Block VPNs, Proxies, Tor & Spam – Strengthen Your WordPress Security\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Proxy & VPN Blocker\u003C\u002Fstrong> is a complete \u003Cstrong>WordPress security plugin\u003C\u002Fstrong> designed to protect your site from anonymous and abusive traffic.\u003Cbr \u002F>\nIt functions as a powerful \u003Cstrong>VPN blocker\u003C\u002Fstrong>, \u003Cstrong>proxy blocker\u003C\u002Fstrong>, and \u003Cstrong>Tor blocker\u003C\u002Fstrong>, preventing unwanted visitors, spam bots, and fake users from accessing your site.\u003C\u002Fp>\n\u003Cp>Using the trusted \u003Ca href=\"https:\u002F\u002Fproxycheck.io\" rel=\"nofollow ugc\">proxycheck.io\u003C\u002Fa> API, it detects connections from VPNs, open proxies, Tor nodes, and compromised servers — giving you real-time protection without slowing down your site.\u003C\u002Fp>\n\u003Cp>Perfect for login, registration, comments, or any page you want to secure, Proxy & VPN Blocker also includes smart \u003Cstrong>spam protection\u003C\u002Fstrong>, geoblocking, and IP logging to help you stay in control of who can access your WordPress site.\u003C\u002Fp>\n\u003Cp>Whether you’re running a blog, store, or membership site, this plugin helps keep out fake users, block risky regions, and stop automated spam attempts before they start.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Powerful WordPress security plugin – blocks VPNs, proxies, Tor, Mysterium nodes, and compromised servers in real time  \u003C\u002Fli>\n\u003Cli>Country blocking & geoblocking – allow or deny traffic by country or region with flexible IP-based controls  \u003C\u002Fli>\n\u003Cli>Supports IP ranges, CIDRs, specific IPs, and ASNs for precise network-level blocking  \u003C\u002Fli>\n\u003Cli>Optionally use proxycheck.io’s Risk Score for smarter VPN and proxy detection decisions  \u003C\u002Fli>\n\u003Cli>Built-in API Key Statistics with live usage graphs and daily query totals  \u003C\u002Fli>\n\u003Cli>Visitor Action Log – view blocked IPs, detection reason, and plugin response directly in your dashboard  \u003C\u002Fli>\n\u003Cli>Caches known good IPs to reduce API usage and improve performance  \u003C\u002Fli>\n\u003Cli>Works seamlessly with both IPv4 and IPv6 addresses  \u003C\u002Fli>\n\u003Cli>Compatible with Cloudflare and other CDN headers for accurate IP detection  \u003C\u002Fli>\n\u003Cli>Block access to Login, Registration, Admin, Comments, or any page\u002Fpost easily  \u003C\u002Fli>\n\u003Cli>Customize the “Access Denied” message or redirect visitors to a specific page  \u003C\u002Fli>\n\u003Cli>Log registration and recent login IPs in the Users list and profile – linked to proxycheck.io’s Threats page  \u003C\u002Fli>\n\u003Cli>Manage proxycheck.io Whitelist and Blacklist directly from WordPress  \u003C\u002Fli>\n\u003Cli>Simple integration via WordPress Editor and Toolbar for page-level protection  \u003C\u002Fli>\n\u003Cli>Lightweight, fast, and built to complement other security plugins  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And much more available in \u003Ca href=\"https:\u002F\u002Fproxyvpnblocker.com\u002Fpremium\" rel=\"nofollow ugc\">Proxy & VPN Blocker Premium\u003C\u002Fa>!\u003C\u002Fp>\n\u003Ch4>The proxycheck.io API\u003C\u002Fh4>\n\u003Cp>This Plugin can be used without a proxycheck.io API key, but it will be limited to 100 daily queries to the API. To enhance the capabilities, you can obtain a free API key from proxycheck.io, which allows for 1,000 free daily queries, making it suitable for small WordPress sites.\u003C\u002Fp>\n\u003Cp>Here’s an overview of the free and paid API options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Without an API key (100 queries\u002Fday)\u003C\u002Fli>\n\u003Cli>With a free API key (1,000 queries\u002Fday – ideal for small sites)\u003C\u002Fli>\n\u003Cli>With a paid API key (10,000 to over 10 million queries\u002Fday)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Your API key can be used across all of your sites and apps, you only need a proxycheck.io plan that fits your overall needs.\u003C\u002Fp>\n\u003Ch4>User IP Logging Feature\u003C\u002Fh4>\n\u003Cp>Proxy & VPN Blocker allows for local logging of user registration IP addresses. The IP addresses are displayed next to each user in the Users list and on their profile pages, visible to administrators. The Plugin also logs the most recent login IP address for each user, which is also displayed in the User’s list and profile page, with the IP address linked to the proxycheck.io Threats page.\u003C\u002Fp>\n\u003Ch4>Caching Plugin Notice\u003C\u002Fh4>\n\u003Cp>If you’re using caching plugins (like WP Rocket or WP Super Cache), IP-based page blocking might not function correctly due to static caching. A DONOTCACHEPAGE option is available to help mitigate this issue.\u003C\u002Fp>\n\u003Ch4>Privacy & GDPR Compliance\u003C\u002Fh4>\n\u003Cp>To check IP addresses, the plugin sends them to the proxycheck.io API. No personally identifiable information (PII) beyond the IP is transmitted. For details, refer to proxycheck.io’s \u003Ca href=\"https:\u002F\u002Fproxycheck.io\u002Fprivacy\" rel=\"nofollow ugc\">privacy notice\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fproxycheck.io\u002Fgdpr\" rel=\"nofollow ugc\">GDPR Compliance\u003C\u002Fa> for further information.\u003C\u002Fp>\n\u003Ch4>Disclaimer\u003C\u002Fh4>\n\u003Cp>This Plugin is \u003Cem>not developed by proxycheck.io\u003C\u002Fem> despite being recommended by them.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>For plugin-related support, please use the WordPress.org support forum.\u003C\u002Fli>\n\u003Cli>For API or account questions, contact proxycheck.io directly.\u003C\u002Fli>\n\u003Cli>The proxycheck.io logo is used with express permission.\u003C\u002Fli>\n\u003C\u002Ful>\n","Block VPNs, proxies, Tor, and spam on WordPress. Strengthen security and stop fake users with smart IP blocking via proxycheck.io.",127298,74,32,"2026-03-05T20:02:00.000Z",[110,20,111,22,112],"proxy-blocker","spam-protection","vpn-blocker","https:\u002F\u002Fproxyvpnblocker.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fproxy-vpn-blocker.3.5.8.zip",99,"2026-01-09 00:00:00",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":127,"num_ratings":128,"last_updated":129,"tested_up_to":48,"requires_at_least":130,"requires_php":71,"tags":131,"homepage":135,"download_link":136,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":57},"anti-fake-orders-ip-blocker","Anti Fake Orders & IP Blocker","1.0.1","Shohanur Rahman Shohan","https:\u002F\u002Fprofiles.wordpress.org\u002Fshohanur007\u002F","\u003Cp>Anti Fake Orders & IP Blocker helps WooCommerce store owners prevent fraudulent orders by monitoring checkout behaviour patterns and automatically blocking suspicious activities.\u003C\u002Fp>\n\u003Cp>Fake orders can waste your time, increase processing costs, and damage your business reputation. This plugin provides powerful tools to identify and block these threats before they impact your business.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fproshohan.com\u002Fanti-fake-orders-ip-blocker\u002F\" rel=\"nofollow ugc\">Live Demo\u003C\u002Fa> \u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fproshohan.com\u002F\" rel=\"nofollow ugc\">Need Help?\u003C\u002Fa>        \u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdevelopershohan\" rel=\"nofollow ugc\">About Author\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Smart IP Blocking System\u003C\u002Fstrong>: Block specific IP addresses manually or let the system automatically detect and block suspicious ones based on behaviour patterns\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Domain Filtering\u003C\u002Fstrong>: Block orders from disposable email services and known suspicious domains\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Account Security\u003C\u002Fstrong>: Block problematic users who repeatedly place fake orders\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bot Detection Technology\u003C\u002Fstrong>: Identify automated checkout attempts using timing analysis to detect inhuman checkout speeds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Intelligent Auto-Blocking\u003C\u002Fstrong>: Configure rules to automatically block IPs after multiple suspicious attempts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comprehensive Logging System\u003C\u002Fstrong>: Track all blocked attempts with detailed information for security analysis\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible Blocking Duration\u003C\u002Fstrong>: Set temporary blocks that automatically expire after your specified timeframe\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Real-World Applications\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Prevent Card Testing Fraud\u003C\u002Fstrong>: Stop criminals from testing stolen credit cards on your store\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reduce Chargeback Rates\u003C\u002Fstrong>: Block known fraudulent behaviour patterns before orders are placed\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Save Processing Time\u003C\u002Fstrong>: Eliminate hours wasted verifying and processing fake orders\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protect Inventory Management\u003C\u002Fstrong>: Prevent inventory allocation to orders that will never complete\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Checkout Process\u003C\u002Fstrong>: Maintain a smooth checkout for legitimate customers while blocking suspicious ones\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Technical Implementation\u003C\u002Fh3>\n\u003Cp>The plugin works behind the scenes during the WooCommerce checkout process:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>behaviour Analysis\u003C\u002Fstrong>: Monitors user interaction patterns during checkout\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Time-Based Detection\u003C\u002Fstrong>: Measures checkout completion time to identify automated bots\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database Verification\u003C\u002Fstrong>: Checks IPs and emails against your custom blocklists and known suspicious patterns\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Actions\u003C\u002Fstrong>: Choose between blocking, flagging for review, or logging suspicious activity\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Developer-Friendly\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Clean, well-documented code\u003C\u002Fli>\n\u003Cli>Hooks and filters for customization\u003C\u002Fli>\n\u003Cli>Performance-optimized with minimal impact on checkout speed\u003C\u002Fli>\n\u003Cli>Compatible with major WooCommerce extensions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage Instructions\u003C\u002Fh3>\n\u003Ch3>Basic Configuration\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>Set Detection Sensitivity\u003C\u002Fstrong>: Adjust the “Minimum Checkout Time” setting to determine how quickly a checkout can be completed before being flagged as suspicious.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Configure Blocking Rules\u003C\u002Fstrong>: Define how many suspicious attempts should trigger an automatic block.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Customize Block Message\u003C\u002Fstrong>: Set a custom message to display when a checkout is blocked.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Advanced Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>IP Whitelist\u003C\u002Fstrong>: Add trusted IP addresses that should never be blocked, useful for testing or for known legitimate customers who might trigger false positives.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Email Domain Filtering\u003C\u002Fstrong>: Block entire email domains known for fraudulent activity.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Temporary Blocking\u003C\u002Fstrong>: Set block durations to automatically expire after a set number of hours.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manual Review System\u003C\u002Fstrong>: Flag suspicious orders for review instead of blocking them outright.\u003C\u002Fp>\n\u003Ch3>Integration with Other Security Measures\u003C\u002Fh3>\n\u003Cp>This plugin works well alongside other security plugins like Wordfence or Sucuri to provide comprehensive store protection.\u003C\u002Fp>\n","Protect your WooCommerce store from fake orders by blocking suspicious IPs, emails, and detecting bot checkout activity.",400,1265,60,2,"2026-02-11T20:07:00.000Z","5.0",[132,133,19,20,134],"fake-order","fraud-prevention","woocommerce","https:\u002F\u002Fproshohan.com\u002Fanti-fake-orders-ip-blocker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fanti-fake-orders-ip-blocker.1.0.1.zip",{"attackSurface":138,"codeSignals":156,"taintFlows":190,"riskAssessment":243,"analyzedAt":257},{"hooks":139,"ajaxHandlers":150,"restRoutes":151,"shortcodes":152,"cronEvents":153,"entryPointCount":13,"unprotectedCount":13},[140,146],{"type":141,"name":142,"callback":143,"file":144,"line":145},"action","setup_theme","checkIsTorConnexion","inazo.real.tor.blocker.php",222,{"type":141,"name":147,"callback":148,"file":144,"line":149},"inazo_tor_clean_logs","inazo_tor_clean_logs_task",224,[],[],[],[154],{"hook":147,"callback":147,"file":144,"line":155},38,{"dangerousFunctions":157,"sqlUsage":174,"outputEscaping":187,"fileOperations":88,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":189},[158,163,165,168,170],{"fn":159,"file":160,"line":161,"context":162},"unserialize","netdns2-master\\Net\\DNS2\\Cache\\File.php",117,"$decoded = unserialize($data);",{"fn":159,"file":160,"line":164,"context":162},195,{"fn":159,"file":166,"line":167,"context":162},"netdns2-master\\Net\\DNS2\\Cache\\Shm.php",153,{"fn":159,"file":166,"line":169,"context":162},246,{"fn":159,"file":171,"line":172,"context":173},"netdns2-master\\Net\\DNS2\\Cache.php",119,"return unserialize($this->cache_data[$key]['object']);",{"prepared":175,"raw":175,"locations":176},4,[177,180,181,184],{"file":144,"line":178,"context":179},55,"$wpdb->get_var() with variable interpolation",{"file":144,"line":106,"context":179},{"file":144,"line":182,"context":183},230,"$wpdb->query() with variable interpolation",{"file":185,"line":186,"context":183},"uninstall.php",14,{"escaped":128,"rawEcho":13,"locations":188},[],[],[191,228],{"entryPoint":192,"graph":193,"unsanitizedCount":46,"severity":227},"checkIsTorConnexion (inazo.real.tor.blocker.php:160)",{"nodes":194,"edges":220},[195,200,204,210,212,215],{"id":196,"type":197,"label":198,"file":144,"line":199},"n0","source","$_SERVER",180,{"id":201,"type":202,"label":203,"file":144,"line":199},"n1","transform","→ isInLog()",{"id":205,"type":206,"label":207,"file":144,"line":208,"wp_function":209},"n2","sink","get_results() [SQLi]",155,"get_results",{"id":211,"type":197,"label":198,"file":144,"line":164},"n3",{"id":213,"type":202,"label":214,"file":144,"line":164},"n4","→ torel_check()",{"id":216,"type":206,"label":217,"file":144,"line":218,"wp_function":219},"n5","query() [SQLi]",118,"query",[221,223,225,226],{"from":196,"to":201,"sanitized":222},false,{"from":201,"to":205,"sanitized":224},true,{"from":211,"to":213,"sanitized":222},{"from":213,"to":216,"sanitized":222},"high",{"entryPoint":229,"graph":230,"unsanitizedCount":46,"severity":227},"\u003Cinazo.real.tor.blocker> (inazo.real.tor.blocker.php:0)",{"nodes":231,"edges":238},[232,233,234,235,236,237],{"id":196,"type":197,"label":198,"file":144,"line":199},{"id":201,"type":202,"label":203,"file":144,"line":199},{"id":205,"type":206,"label":207,"file":144,"line":208,"wp_function":209},{"id":211,"type":197,"label":198,"file":144,"line":164},{"id":213,"type":202,"label":214,"file":144,"line":164},{"id":216,"type":206,"label":217,"file":144,"line":218,"wp_function":219},[239,240,241,242],{"from":196,"to":201,"sanitized":222},{"from":201,"to":205,"sanitized":224},{"from":211,"to":213,"sanitized":222},{"from":213,"to":216,"sanitized":222},{"summary":244,"deductions":245},"The \"tor-blocker-by-inazo\" v1.1 plugin exhibits a mixed security posture. On the positive side, there are no identified CVEs in its history, suggesting a generally stable security record. All identified output operations are properly escaped, and there are no external HTTP requests, reducing the risk of certain injection or data leakage vulnerabilities. However, significant concerns arise from the static analysis.\n\nThe plugin's code signals reveal a lack of proper security checks, most notably the complete absence of nonce checks and capability checks. This is compounded by the presence of dangerous functions like 'unserialize', which, when used without proper validation of serialized data, can lead to Remote Code Execution (RCE) vulnerabilities. The taint analysis confirms two high-severity flows with unsanitized paths, indicating potential vulnerabilities where user-controlled data could be processed in a dangerous manner.\n\nDespite the clean vulnerability history, the static analysis flags are critical and cannot be overlooked. The lack of nonces and capability checks on entry points, coupled with the use of 'unserialize' and unsanitized taint flows, presents a substantial risk. While no past vulnerabilities have been publicly disclosed, the current code structure is concerning and could be exploited. Therefore, while the plugin has a good track record, its current codebase requires urgent attention to address the identified security weaknesses.",[246,248,250,253,255],{"reason":247,"points":88},"Dangerous function unserialize used",{"reason":249,"points":88},"High severity unsanitized taint flows found",{"reason":251,"points":252},"No nonce checks found",10,{"reason":254,"points":252},"No capability checks found",{"reason":256,"points":68},"SQL queries not fully using prepared statements","2026-03-16T22:43:16.966Z",{"wat":259,"direct":264},{"assetPaths":260,"generatorPatterns":261,"scriptPaths":262,"versionParams":263},[],[],[],[],{"cssClasses":265,"htmlComments":266,"htmlAttributes":267,"restEndpoints":268,"jsGlobals":269,"shortcodeOutput":270},[],[],[],[],[],[271],"\u003Cstrong>Connections from the Tor network are not allowed on this website.\u003C\u002Fstrong>"]