WP-Safety

Trace My IP – Visitor IP Tracker, Stats Analytics & Page Views Counter with Email Alerts Security & Risk Analysis

wordpress.org/plugins/tracemyip-visitor-analytics-ip-tracking-control

Comprehensive visitor IP tracking and website analytics solution with real-time statistics, page view counting, and customizable email alerts.

1K active installs v2.72 PHP 7.2+ WP 2.0.4+ Updated Jan 22, 2026
ip-trackerstatisticsvisitor-statsvisitor-trackingwebsite-analytics
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Trace My IP – Visitor IP Tracker, Stats Analytics & Page Views Counter with Email Alerts Safe to Use in 2026?

Generally Safe

Score 100/100

Trace My IP – Visitor IP Tracker, Stats Analytics & Page Views Counter with Email Alerts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "tracemyip-visitor-analytics-ip-tracking-control" v2.72 plugin exhibits a mixed security posture. While it demonstrates good practices such as a high percentage of prepared SQL statements and a significant number of nonce and capability checks, there are notable areas of concern. The presence of 9 AJAX handlers, with 2 lacking authentication checks, represents a direct attack surface that could be exploited if these handlers are vulnerable to unauthorized execution.

Taint analysis reveals a significant number of flows with unsanitized paths, specifically 6 out of 9 analyzed flows. Five of these are classified as high severity. This indicates a strong possibility that user-supplied input is not being properly validated or sanitized before being used in sensitive operations, potentially leading to injection attacks or other vulnerabilities. The absence of known CVEs is a positive indicator, suggesting a history of relative security, but it doesn't negate the risks identified in the current static analysis.

Overall, the plugin has strengths in its SQL query handling and the use of WordPress security features like nonces and capabilities. However, the identified unsanitized taint flows and unprotected AJAX endpoints are critical weaknesses that significantly elevate the risk profile. A thorough review and remediation of these identified taint flows and the unprotected AJAX handlers are strongly recommended to improve the plugin's security.

Key Concerns

  • AJAX handlers without authentication checks
  • High severity unsanitized taint flows
  • Unescaped output detected
Vulnerabilities
None known

Trace My IP – Visitor IP Tracker, Stats Analytics & Page Views Counter with Email Alerts Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Trace My IP – Visitor IP Tracker, Stats Analytics & Page Views Counter with Email Alerts Release Timeline

v2.72Current
v2.71
v2.70
v2.69
v2.68
v2.67
v2.66
v2.65
v2.64
v2.63
v2.62
v2.61
v2.60
v2.59
v2.58
v2.57
v2.56
v2.55
v2.54
v2.53
Code Analysis
Analyzed Mar 16, 2026

Trace My IP – Visitor IP Tracker, Stats Analytics & Page Views Counter with Email Alerts Code Analysis

Dangerous Functions
0
Raw SQL Queries
16
61 prepared
Unescaped Output
72
201 escaped
Nonce Checks
8
Capability Checks
5
File Operations
3
External Requests
0
Bundled Libraries
0

SQL Query Safety

79% prepared77 total queries

Output Escaping

74% escaped273 total outputs
Data Flows · Security
6 unsanitized

Data Flow Analysis

9 flows6 with unsanitized paths
tmip_get_url_vars (includes\functions.php:156)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Trace My IP – Visitor IP Tracker, Stats Analytics & Page Views Counter with Email Alerts Attack Surface

Entry Points9
Unprotected2

AJAX Handlers 9

authwp_ajax_tmip_dismiss_noticeincludes\classes\class-tmip-system-notices.php:54
authwp_ajax_tmip_get_daily_statsincludes\local_stats\admin\ls-dashboard-widget.php:20
authwp_ajax_tmip_get_paginated_contentincludes\local_stats\admin\ls-dashboard-widget.php:21
authwp_ajax_tmip_get_current_ipincludes\local_stats\admin\ls-settings.php:25
noprivwp_ajax_tmip_get_current_ipincludes\local_stats\admin\ls-settings.php:26
authwp_ajax_tmip_record_viewincludes\local_stats\ajax\ls-tracking.php:22
noprivwp_ajax_tmip_record_viewincludes\local_stats\ajax\ls-tracking.php:23
authwp_ajax_tmip_record_viewTraceMyIP-Wordpress-Plugin.php:110
noprivwp_ajax_tmip_record_viewTraceMyIP-Wordpress-Plugin.php:111
WordPress Hooks 36
actionadmin_initincludes\classes\class-tmip-system-notices.php:53
actionadmin_noticesincludes\classes\class-tmip-system-notices.php:95
actionload-$hookincludes\functions.php:690
actionadmin_headincludes\functions.php:720
actionadmin_noticesincludes\functions.php:1743
actionwp_dashboard_setupincludes\local_stats\admin\ls-dashboard-widget.php:18
actionadmin_enqueue_scriptsincludes\local_stats\admin\ls-dashboard-widget.php:19
actionadmin_initincludes\local_stats\admin\ls-dashboard-widget.php:25
actionregistered_post_typeincludes\local_stats\admin\ls-posts-columns.php:37
actionpre_get_postsincludes\local_stats\admin\ls-posts-columns.php:40
filterposts_joinincludes\local_stats\admin\ls-posts-columns.php:171
filterposts_orderbyincludes\local_stats\admin\ls-posts-columns.php:180
actionadmin_menuincludes\local_stats\admin\ls-settings.php:17
actionadmin_initincludes\local_stats\admin\ls-settings.php:18
actionadmin_noticesincludes\local_stats\admin\ls-settings.php:19
actionadmin_post_handle_maintenance_actionincludes\local_stats\admin\ls-settings.php:22
actioninitincludes\local_stats\ajax\ls-tracking.php:21
actiontmip_lc_daily_cleanupincludes\local_stats\cron\ls-cleanup.php:20
actiontmip_lc_hourly_aggregateincludes\local_stats\cron\ls-cleanup.php:21
actionadmin_initincludes\local_stats\ls-class.php:68
actionadmin_noticesincludes\local_stats\ls-class.php:292
actionwp_enqueue_scriptsincludes\local_stats\ls-class.php:298
actionadmin_menuincludes\local_stats\ls-class.php:304
actionadmin_initincludes\local_stats\ls-class.php:305
actionadmin_enqueue_scriptsincludes\local_stats\ls-class.php:306
actionadmin_initincludes\local_stats\ls-class.php:307
actionadmin_enqueue_scriptsincludes\local_stats\ls-class.php:489
actionwp_enqueue_scriptsincludes\local_stats\ls-class.php:490
filterwpfc_exclude_urlsincludes\local_stats\ls-class.php:787
filterplugin_row_metaTraceMyIP-Wordpress-Plugin.php:50
actionadmin_menuTraceMyIP-Wordpress-Plugin.php:73
actionadmin_menuTraceMyIP-Wordpress-Plugin.php:74
actionadmin_menuTraceMyIP-Wordpress-Plugin.php:75
actionwp_headTraceMyIP-Wordpress-Plugin.php:76
actioninitTraceMyIP-Wordpress-Plugin.php:107
actionwp_headTraceMyIP-Wordpress-Plugin.php:121

Scheduled Events 3

tmip_lc_daily_cleanup
tmip_lc_hourly_aggregate
tmip_lc_daily_cleanup
Maintenance & Trust

Trace My IP – Visitor IP Tracker, Stats Analytics & Page Views Counter with Email Alerts Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 22, 2026
PHP min version7.2
Downloads131K

Community Trust

Rating90/100
Number of ratings20
Active installs1K
Alternatives

Trace My IP – Visitor IP Tracker, Stats Analytics & Page Views Counter with Email Alerts Alternatives

TWIPLA (Visitor Analytics IO) – Privacy-First Website Stats, Session Recordings, Heatmaps, Polls and Surveys

TWIPLA (Visitor Analytics IO) – Privacy-First Website Stats, Session Recordings, Heatmaps, Polls and Surveys

visitor-analytics-io

A
92

2.5M+ installs — #1 Web Analytics Tool on WIX, now on WordPress! 📈 Traffic Stats, Session Replays, Heatmaps.🔓 GDPR & CCPA Ready. 💵 Free Forever Plan.

1K 1 CVE
Analyzati

Analyzati

analyzati-website-visitor-tracking

A
85

Website analytics, privacy friendly, no cookies, no IP tracking, no fingerprints. The best alternative to track your website visitors and metrics.

10 No CVEs
Live Traffic Analytics

Live Traffic Analytics

live-traffic-analytics

A
100

Track live visitors, user journeys, top pages, bot activity, and realtime traffic trends with a lightweight WordPress analytics dashboard.

0 No CVEs
Website Analytics by YEB

Website Analytics by YEB

website-analytics-by-yeb

A
100

WordPress analytics: pageviews & sessions with interactions, verified bots, GeoIP, CSV export. Privacy-first.

0 No CVEs
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

google-analytics-for-wordpress

A
87

The best free Google Analytics plugin for WordPress. See how visitors find and use your website so you can grow your business with powerful analytics.

2.0M 11 CVEs
Developer Profile

Trace My IP – Visitor IP Tracker, Stats Analytics & Page Views Counter with Email Alerts Developer Profile

TraceMyIP

1 plugin · 1K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Trace My IP – Visitor IP Tracker, Stats Analytics & Page Views Counter with Email Alerts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/tracemyip-visitor-analytics-ip-tracking-control/tracemyip-visitor-analytics-ip-tracking-control.php/wp-content/plugins/tracemyip-visitor-analytics-ip-tracking-control/tracemyip-visitor-analytics-ip-tracking-control.js/wp-content/plugins/tracemyip-visitor-analytics-ip-tracking-control/tracemyip-visitor-analytics-ip-tracking-control.css
Script Paths
/wp-content/plugins/tracemyip-visitor-analytics-ip-tracking-control/tracemyip-visitor-analytics-ip-tracking-control.js
Version Parameters
/wp-content/plugins/tracemyip-visitor-analytics-ip-tracking-control/tracemyip-visitor-analytics-ip-tracking-control.css?ver=/wp-content/plugins/tracemyip-visitor-analytics-ip-tracking-control/tracemyip-visitor-analytics-ip-tracking-control.js?ver=

HTML / DOM Fingerprints

CSS Classes
tmip_multicolor_text
FAQ

Frequently Asked Questions about Trace My IP – Visitor IP Tracker, Stats Analytics & Page Views Counter with Email Alerts