[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fNrK1wEVzlsZTlPzk9IWJdHQXVC9DSUVsovPGaiOaFMA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":35,"analysis":127,"fingerprints":290},"workflowdone-geo-blocker","WorkflowDone Geo Blocker","1.0.4","workflowdone","https:\u002F\u002Fprofiles.wordpress.org\u002Fworkflowdone\u002F","\u003Cp>\u003Cstrong>WorkflowDone Geo Blocker\u003C\u002Fstrong> is a simple yet powerful WordPress plugin that allows you to block access to your website based on visitors’ geographical locations. Perfect for compliance, content licensing, or security purposes.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Country Blocking\u003C\u002Fstrong> – Block visitors from specific countries\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Whitelisting\u003C\u002Fstrong> – Allow specific IP addresses regardless of country\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO-Friendly\u003C\u002Fstrong> – Automatically allows major search engine crawlers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Block Page\u003C\u002Fstrong> – Customize the message shown to blocked visitors\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Caching\u003C\u002Fstrong> – Efficient caching to minimize geo-lookup requests\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Setup\u003C\u002Fstrong> – Simple configuration with no technical knowledge required\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Select which countries you want to block\u003C\u002Fli>\n\u003Cli>Optionally add IP addresses that should always be allowed\u003C\u002Fli>\n\u003Cli>Enable geo-blocking\u003C\u002Fli>\n\u003Cli>Visitors from blocked countries see a friendly block page\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Become a Supporter\u003C\u002Fh4>\n\u003Cp>Love this plugin? Become a supporter and unlock all features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Whitelist Mode\u003C\u002Fstrong> – Allow only specific countries instead of blocking\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Bypass\u003C\u002Fstrong> – Skip geo-blocking for logged-in administrators\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Access Logging\u003C\u002Fstrong> – Log blocked access attempts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Ranges (CIDR)\u003C\u002Fstrong> – Whitelist entire IP ranges\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Block Pages\u003C\u002Fstrong> – Create custom HTML pages or redirects\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Support Email\u003C\u002Fstrong> – Display contact email on block page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>URL Exclusions\u003C\u002Fstrong> – Skip blocking for specific URLs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Crawler Rules\u003C\u002Fstrong> – Add your own crawler patterns\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority Support\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>One-time payment of $10, lifetime access!\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fworkflowdone.com\u002Fproduct\u002Fadvanced-geo-blocker-pro\u002F\" rel=\"nofollow ugc\">Become a Supporter\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>This plugin uses third-party geo-location services to determine visitor countries:\u003Cbr \u002F>\n* ip-api.com – \u003Ca href=\"https:\u002F\u002Fip-api.com\u002Fdocs\u002Flegal\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003Cbr \u002F>\n* ipinfo.io – \u003Ca href=\"https:\u002F\u002Fipinfo.io\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Only IP addresses are sent to these services to determine the country. No other personal data is transmitted.\u003C\u002Fp>\n\u003Cp>The plugin caches geo-location results locally to minimize external requests.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, please contact: support@workflowdone.com\u003C\u002Fp>\n\u003Cp>Website: \u003Ca href=\"https:\u002F\u002Fworkflowdone.com\" rel=\"nofollow ugc\">workflowdone.com\u003C\u002Fa>\u003C\u002Fp>\n","Block website access based on visitor's geographical location. Simple and effective geo-blocking for WordPress.",40,641,100,3,"2026-02-12T17:52:00.000Z","6.9.4","5.0","7.2",[20,21,22,23,24],"country-blocking","geo-restriction","geoblocking","ip-blocking","security","https:\u002F\u002Fworkflowdone.com\u002Fgeo-blocker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fworkflowdone-geo-blocker.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":13,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},30,94,"2026-04-04T14:00:20.510Z",[36,57,76,97,113],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":13,"num_ratings":46,"last_updated":47,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":48,"homepage":52,"download_link":53,"security_score":54,"vuln_count":55,"unpatched_count":27,"last_vuln_date":56,"fetched_at":29},"advanced-country-blocker","Advanced Country Blocker","2.3.2","brstefanovic","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrstefanovic\u002F","\u003Cp>\u003Cstrong>Advanced Country Blocker\u003C\u002Fstrong> helps you secure your WordPress site by restricting access based on the visitor’s geolocation (country) or IP address. Upon activation, the plugin detects the activating admin’s country and automatically sets that as the only allowed country. All other visitors from different countries are blocked, unless they use a secret key parameter to temporarily whitelist their IP. Country detection uses the privacy-friendly ip-api.com service by default but can be switched to a fully offline MaxMind GeoLite2 (or compatible) database file once you configure a local copy.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automatically allows the admin’s country\u003C\u002Fstrong> on plugin activation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible IP-to-country lookups\u003C\u002Fstrong> – start with the built-in ip-api.com integration and optionally switch to an offline MaxMind GeoLite2 Country (or compatible) \u003Ccode>.mmdb\u003C\u002Fcode> database file.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Allowlist or blacklist mode\u003C\u002Fstrong> – choose whether the country list acts as an allowlist or blocklist without re-entering countries.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Temporary access\u003C\u002Fstrong> via a customizable secret URL parameter (e.g., \u003Ccode>?MySecretKey=1\u003C\u002Fcode>).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CAPTCHA Challenge\u003C\u002Fstrong> – allow blocked visitors to solve a CAPTCHA to gain temporary access (supports Google reCAPTCHA v2\u002Fv3, hCaptcha, Cloudflare Turnstile).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time Activity Monitor\u003C\u002Fstrong> – live dashboard showing active visitors, recent blocks, and traffic statistics.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics Dashboard\u003C\u002Fstrong> – comprehensive charts and statistics about blocked attempts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Manual blacklisting and safelisting of IPs\u003C\u002Fstrong> for added security and to accommodate uptime monitors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optional email alerts\u003C\u002Fstrong> when new visitors are blocked.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin bypass\u003C\u002Fstrong> so logged-in admins can always access the site (toggleable in the code).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed logging\u003C\u002Fstrong> of blocked attempts in a custom database table, displayed in the WP admin.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom response controls\u003C\u002Fstrong> – personalise the block page title\u002Fmessage, choose the HTTP status (403, 410, 451) or redirect to any URL.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic log cleanup\u003C\u002Fstrong> with configurable retention plus a one-click “Clear Logs” button.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Use the plugin settings page (\u003Cstrong>Country Blocker\u003C\u002Fstrong> menu in WP admin) to configure the list of allowed countries, blacklisted countries, blacklisted IPs, and whether email alerts are enabled.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is open-sourced software licensed under the \u003Ca href=\"https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-3.0.html\" rel=\"nofollow ugc\">GPLv3 or later\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>By default this plugin contacts the ip-api.com geolocation service to detect visitor countries. You can disable all external lookups by switching the IP lookup method to the local MaxMind database in the settings.\u003C\u002Fp>\n","An advanced security plugin that blocks website visitors by country, with additional features like blacklisting, logging blocked attempts, admin bypas &hellip;",2000,11570,6,"2026-02-06T09:04:00.000Z",[49,50,51,23,24],"blocking","country","geolocation","https:\u002F\u002Fsparkcan.com\u002Facb.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-country-blocker.2.3.2.zip",99,1,"2026-02-06 20:24:09",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":13,"num_ratings":55,"last_updated":67,"tested_up_to":68,"requires_at_least":17,"requires_php":69,"tags":70,"homepage":74,"download_link":75,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"anti-browser-ddos-protection","Anti Browser DDoS Protection","2.26","sourcecode347","https:\u002F\u002Fprofiles.wordpress.org\u002Fsourcecode347\u002F","\u003Cp>The \u003Cstrong>Anti Browser DDoS Protection\u003C\u002Fstrong> plugin provides robust protection against denial-of-service (DoS) attacks on your WordPress site. It implements IP-based rate limiting, with configurable settings for subscribers, non-logged-in users, and verified bots, while excluding administrators and other non-subscriber roles. It features advanced bot detection to identify and limit suspicious bots, immediate blocking of malicious bots by User Agent, and supports Cloudflare for accurate client IP detection. Static assets (e.g., CSS, JS, images) are excluded to maintain site performance. An intuitive admin panel allows you to configure rate limits, bot exclusions, trusted bot IP ranges (with automatic duplicate removal), blocked bots by User Agent, log expiration settings, and view logs for blocked IPs, banned IPs, and high traffic bots with auto-refresh every 30 seconds, all with User Agent details and timestamps. You can export \u003Cstrong>Excluded Bots\u003C\u002Fstrong>, \u003Cstrong>Bot IP Ranges\u003C\u002Fstrong>, and \u003Cstrong>Blocked Bots\u003C\u002Fstrong> lists to .txt files and import new entries to append to existing lists without duplicates. Daily bar charts for Blocked IPs, Banned IPs, and High Traffic Bots are displayed above the logs for quick visual insights.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Rate limiting based on IP for subscribers and non-logged-in users, with configurable maximum requests and time window.\u003C\u002Fli>\n\u003Cli>Excludes non-subscriber logged-in users (e.g., administrators, editors) from rate limiting.\u003C\u002Fli>\n\u003Cli>Advanced bot detection to identify suspicious bots (bots using trusted User Agents but from unverified IPs).\u003C\u002Fli>\n\u003Cli>Suspicious bots are subject to the same rate limiting as regular users and logged with User Agent in the Blocked IPs Log.\u003C\u002Fli>\n\u003Cli>Immediate blocking of malicious bots by User Agent (e.g., MJ12bot, SemrushBot, DotBot by default) with customizable settings and logging.\u003C\u002Fli>\n\u003Cli>Configurable rate limiting for verified excluded bots (default: 100 requests per minute), with logging for bots exceeding this limit.\u003C\u002Fli>\n\u003Cli>High Traffic Excluded Bots Log to track verified bots with excessive requests, including IP, User Agent, and timestamp.\u003C\u002Fli>\n\u003Cli>Admin panel to configure maximum requests, time window, excluded bots, trusted bot IP ranges, blocked bots (User Agents), blocks before ban, ban duration, high traffic bot limits, and log expiration (days).\u003C\u002Fli>\n\u003Cli>Export \u003Cstrong>Excluded Bots\u003C\u002Fstrong>, \u003Cstrong>Bot IP Ranges\u003C\u002Fstrong>, and \u003Cstrong>Blocked Bots\u003C\u002Fstrong> lists to .txt files for backup or transfer.\u003C\u002Fli>\n\u003Cli>Import .txt files for \u003Cstrong>Excluded Bots\u003C\u002Fstrong>, \u003Cstrong>Bot IP Ranges\u003C\u002Fstrong>, and \u003Cstrong>Blocked Bots\u003C\u002Fstrong> to append new entries to existing lists, with automatic duplicate removal.\u003C\u002Fli>\n\u003Cli>Automatic removal of duplicate IP ranges in the \u003Cstrong>Bot IP Ranges\u003C\u002Fstrong> field on save, keeping the first occurrence.\u003C\u002Fli>\n\u003Cli>Support for Cloudflare real IP detection using \u003Ccode>CF-Connecting-IP\u003C\u002Fcode> and \u003Ccode>X-Forwarded-For\u003C\u002Fcode> headers.\u003C\u002Fli>\n\u003Cli>Excludes static assets (CSS, JS, images, fonts, etc.) from rate limiting to optimize performance.\u003C\u002Fli>\n\u003Cli>Logs blocked IPs, banned IPs, and high traffic bots with IP, User Agent, and timestamps using the WordPress timezone, viewable in the admin panel with options to clear logs and auto-refresh every 30 seconds.\u003C\u002Fli>\n\u003Cli>Daily bar charts for Blocked IPs, Banned IPs, and High Traffic Bots displayed above the logs in the admin panel for visual statistics.\u003C\u002Fli>\n\u003Cli>Automatic log expiration (Blocked IPs, Banned IPs, High Traffic Bots) after a configurable number of days (default: 5 days), with hourly cleanup via WordPress Scheduler.\u003C\u002Fli>\n\u003Cli>All error messages and logs prefixed with “Anti Browser DDoS Protection: ” for clarity.\u003C\u002Fli>\n\u003Cli>Donate link in the admin panel to support the project.\u003C\u002Fli>\n\u003Cli>Automatic cleanup of transients, blocked IPs, banned IPs, high traffic bots, blocked bots, bot IP ranges, and log expiration settings on plugin deactivation to prevent database bloat.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Ideal for WordPress sites seeking enhanced security against automated attacks, with seamless integration for Cloudflare users, advanced bot management, efficient log management, visual charts for statistics, and easy export\u002Fimport for bot lists.\u003C\u002Fp>\n\u003Ch3>Plugin Assets img\u002F\u003C\u002Fh3>\n\u003Ch3>Icon Image\u003C\u002Fh3>\n\u003Cp>Normal: icon-128×128.png\u003Cbr \u002F>\nHigh-DPI (Retina): icon-256×256.png\u003C\u002Fp>\n\u003Ch3>Bugs\u003C\u002Fh3>\n\u003Cp>Caching plugins such as WP Super Cache, W3 Total Cache, and others may bypass the DDoS protection provided by Anti Browser DDoS Protection, serving cached pages without triggering the plugin’s checks for blocked bots, rate limiting, or banned IPs.\u003Cbr \u002F>\n– \u003Cstrong>Solution\u003C\u002Fstrong>: Disable all WordPress caching plugins to ensure full DDoS protection. Instead, enable Browser Caching using a service like Cloudflare to improve performance without compromising security.\u003Cbr \u002F>\n   Enable standard type Caching and Configure Cloudflare Browser Cache TTL (e.g., 8 days) via \u003Cstrong>Caching > Configuration\u003C\u002Fstrong> in the Cloudflare dashboard.- \u003Cstrong>Cloudflare Compatibility\u003C\u002Fstrong>: Ensure Cloudflare is configured to pass \u003Ccode>CF-Connecting-IP\u003C\u002Fcode> headers for accurate IP detection. Check your Cloudflare dashboard if logged IPs are incorrect.\u003Cbr \u002F>\n– \u003Cstrong>Bot IP Ranges\u003C\u002Fstrong>: Update the \u003Cstrong>Bot IP Ranges\u003C\u002Fstrong> field every 6 months (next update: March 2026) using official sources (e.g., Google, Bing, Yandex documentation). Duplicate ranges are automatically removed on save. Export to .txt for backup or import from .txt to append new ranges.\u003Cbr \u002F>\n– \u003Cstrong>Blocked Bots\u003C\u002Fstrong>: Add malicious bots to the \u003Cstrong>Blocked Bots (User Agents)\u003C\u002Fstrong> field (e.g., MJ12bot, SemrushBot, DotBot) to block them immediately. Blocked bots are logged with their IP and User Agent. Export to .txt for backup or import from .txt to append new entries.\u003Cbr \u002F>\n– \u003Cstrong>Excluded Bots\u003C\u002Fstrong>: Add trusted bots (e.g., Googlebot, Bingbot) to the \u003Cstrong>Excluded Bots\u003C\u002Fstrong> field to exempt them from regular rate limiting (if from verified IPs). Export to .txt for backup or import from .txt to append new entries.\u003Cbr \u002F>\n– \u003Cstrong>High Traffic Bots\u003C\u002Fstrong>: Verified bots exceeding the configured limit (default: 100 requests per minute) are logged for monitoring but not blocked. Check the High Traffic Excluded Bots Log regularly.\u003Cbr \u002F>\n– \u003Cstrong>Log Expiration\u003C\u002Fstrong>: Set the \u003Cstrong>Log Expires (Days)\u003C\u002Fstrong> setting to control how long logs are retained (default: 5 days). Cleanup runs hourly via WordPress Scheduler. Logs older than the specified days are automatically deleted.\u003Cbr \u002F>\n– \u003Cstrong>Timezone\u003C\u002Fstrong>: Set the WordPress timezone correctly (e.g., \u003Ccode>Europe\u002FAthens\u003C\u002Fcode> for Greece) in Settings > General > Timezone to ensure accurate timestamp display in logs and charts.\u003Cbr \u002F>\n– \u003Cstrong>Performance\u003C\u002Fstrong>: For high-traffic sites, clear the Blocked IPs Log, Banned IPs Log, and High Traffic Excluded Bots Log regularly, or set a lower \u003Cstrong>Log Expires (Days)\u003C\u002Fstrong> value to prevent database growth.\u003Cbr \u002F>\n– \u003Cstrong>Customization\u003C\u002Fstrong>: Contact the author for additional features like custom error pages, email notifications for high traffic bots, or advanced logging.\u003Cbr \u002F>\n– \u003Cstrong>Support the Project\u003C\u002Fstrong>: If you find this plugin useful, consider supporting its development via the \u003Ca href=\"https:\u002F\u002Fbuy.stripe.com\u002FbIY5o70SSfam8Qo7ss\" rel=\"nofollow ugc\">donation link\u003C\u002Fa> in the admin panel or plugin page.\u003C\u002Fp>\n","Protects WordPress from DDoS with rate limiting, bot detection, blocking, Cloudflare support, logs, charts, and bot list export\u002Fimport.",60,422,"2025-09-19T04:53:00.000Z","6.8.5","8.3",[71,72,23,73,24],"bot-blocking","ddos-protection","rate-limiting","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fanti-browser-ddos-protection.2.26.zip",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":27,"num_ratings":27,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":94,"download_link":95,"security_score":96,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"nohackme-defender","NoHackMe Defender","1.1.0","Roman","https:\u002F\u002Fprofiles.wordpress.org\u002Fneedtome\u002F","\u003Cp>The NoHackMe Defender plugin ensures the security of your WordPress site by blocking IP addresses when receiving suspicious requests, or when too many requests are received from a single IP over a certain period. The plugin offers comprehensive protection mechanisms including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Hacking protection: Blocks IP addresses that send suspicious data.\u003C\u002Fli>\n\u003Cli>Parsing protection: Prevents malicious parsing attempts on your website.\u003C\u002Fli>\n\u003Cli>DoS protection: Stops denial-of-service attacks by limiting excessive requests.\u003C\u002Fli>\n\u003Cli>Password brute force protection: Prevents repeated login attempts to guess passwords.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Explore our instructional videos to see the NoHackMe Defender plugin in action and learn how to configure settings and manage blocked IP addresses efficiently:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyoutu.be\u002Fl6LFvNn7RE8\" rel=\"nofollow ugc\">Protect Your WordPress Site for Free – Installing and Configuring NoHackMe Defender Plugin\u003C\u002Fa>: A thorough guide on activating and configuring the NoHackMe Defender plugin, including its free version features.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FDqTvUfLmmGQ\" rel=\"nofollow ugc\">How to Protect Your Site from Hackers, Parsing, and DoS – Testing WordPress Plugin NoHackMe Defender\u003C\u002Fa>: Demonstrates the plugin’s effectiveness in blocking suspicious requests and securing your site.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyoutu.be\u002F35G8wi02-70\" rel=\"nofollow ugc\">Premium Protection for WordPress Sites – A Breakdown of the Paid Features of NoHackMe Defender Plugin\u003C\u002Fa>: Explores the advanced features available in the premium version of the plugin.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>For more information and a live demonstration, visit our \u003Ca href=\"https:\u002F\u002Fneedtome.com\u002Fnohackme\u002F\" rel=\"nofollow ugc\">Plugin Demo Page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Special thanks to our sponsors for supporting the development of this plugin:\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fmalinovsky.io\" rel=\"nofollow ugc\">malinovsky.io\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fgloap.net\" rel=\"nofollow ugc\">gloap.net\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fgloapm.com\" rel=\"nofollow ugc\">gloapm.com\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fimgai.art\" rel=\"nofollow ugc\">imgai.art\u003C\u002Fa>\u003C\u002Fp>\n","Enhance your WordPress security by blocking IPs that send too many or suspicious requests.",20,1028,"2024-06-26T04:39:00.000Z","6.5.8","6.0","7.4",[91,92,23,93,24],"anti-hack","firewall","protection","https:\u002F\u002Fneedtome.com\u002Fnohackme\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnohackme-defender.1.1.0.zip",92,{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":13,"num_ratings":107,"last_updated":108,"tested_up_to":68,"requires_at_least":17,"requires_php":74,"tags":109,"homepage":74,"download_link":112,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"guardify","Guardify Firewall","1.1.2","BitCleric","https:\u002F\u002Fprofiles.wordpress.org\u002Fsoamuller23\u002F","\u003Cp>\u003Cstrong>Guardify\u003C\u002Fstrong> is a powerful WordPress firewall plugin designed to protect your website from a wide range of threats, including brute force attacks, SQL injections, malicious bots, and unauthorized access attempts. With an intuitive dashboard, detailed statistics, and advanced settings, Guardify empowers you to secure your site effortlessly.\u003C\u002Fp>\n\u003Ch3>🔐 Key Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Advanced Web Application Firewall (WAF)\u003C\u002Fstrong>\u003Cbr \u002F>\nIntercepts and filters all incoming traffic before it reaches WordPress. Blocks SQL injection, XSS, RFI, LFI, and other attack vectors.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Brute Force Attack Protection\u003C\u002Fstrong>\u003Cbr \u002F>\nBlocks repeated login attempts by limiting login frequency and analyzing IP reputation.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>2-Factor Authentication (2FA)\u003C\u002Fstrong>\u003Cbr \u002F>\nAdds an extra layer of login security for admin users, using time-based one-time passwords (TOTP).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Real-Time Activity Logs\u003C\u002Fstrong>\u003Cbr \u002F>\nTrack login attempts, blocked IPs, suspicious requests, and system actions with detailed logs. View statistics by day, week, or month.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Custom IP Whitelisting & Blacklisting\u003C\u002Fstrong>\u003Cbr \u002F>\nControl access to your site by adding IPs or IP ranges to allow or deny lists. Includes temporary blocking for failed login attempts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>GeoIP Blocking\u003C\u002Fstrong>\u003Cbr \u002F>\nBlock or allow access from specific countries using the MaxMind GeoIP2 database integration.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Bot Access Control\u003C\u002Fstrong>\u003Cbr \u002F>\nDetect and manage access from known bots, scrapers, and fake crawlers. Option to block non-human traffic.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Anti-PHP Injection & File Access Blocking\u003C\u002Fstrong>\u003Cbr \u002F>\nPrevents direct access to PHP files in sensitive directories such as \u003Ccode>\u002Fwp-includes\u002F\u003C\u002Fcode> and \u003Ccode>\u002Fwp-content\u002Fuploads\u002F\u003C\u002Fcode>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Block Plugin and Theme Installation\u003C\u002Fstrong>\u003Cbr \u002F>\nRestrict installation of new plugins and themes via the WordPress dashboard — even by administrators. This helps prevent unauthorized or accidental installation of insecure components. Manual installation via FTP remains possible.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Block Theme Editor\u003C\u002Fstrong>\u003Cbr \u002F>\nDisable access to the Theme Editor (\u003Ccode>\u002Fwp-admin\u002Ftheme-editor.php\u003C\u002Fcode>) to prevent direct file editing. This minimizes the risk of malicious code injection or unintentional file corruption.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Forbidden Comment Words Filter\u003C\u002Fstrong>\u003Cbr \u002F>\nAutomatically mark comments as spam if they contain forbidden words or patterns (e.g., \u003Ccode>http\u003C\u002Fcode>, \u003Ccode>viagra\u003C\u002Fcode>, \u003Ccode>casino\u003C\u002Fcode>, \u003Ccode>porn\u003C\u002Fcode>). Helps drastically reduce comment spam by detecting common keywords and links.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Auto Block IPs in .htaccess\u003C\u002Fstrong>\u003Cbr \u002F>\nWhen enabled, IPs that exceed the rate limit are automatically added to the \u003Ccode>.htaccess\u003C\u002Fcode> file for permanent blocking. This server-level block prevents any further requests. Use with care, as shared or corporate IPs may be affected.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Email Notifications\u003C\u002Fstrong>\u003Cbr \u002F>\nStay informed with email alerts about critical security events, such as admin login attempts or IP bans.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Customizable Firewall Rules\u003C\u002Fstrong>\u003Cbr \u002F>\nAdvanced users can fine-tune rules with regex filters, HTTP method checks, user-agent filters, and more.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>User-Friendly Admin Interface\u003C\u002Fstrong>\u003Cbr \u002F>\nGuardify features a modern and intuitive UI built using native WordPress design language.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Clean Uninstall\u003C\u002Fstrong>\u003Cbr \u002F>\nAutomatically cleans up all data, logs, and settings when uninstalled—leaving your database clean.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Guardify is a powerful WordPress firewall plugin designed to protect your website from a wide range of threats, including brute force attacks, SQL inj &hellip;",10,480,2,"2025-06-04T19:22:00.000Z",[110,92,23,24,111],"brute-force-protection","wordpress-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fguardify.1.1.2.zip",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":27,"downloaded":121,"rating":27,"num_ratings":27,"last_updated":122,"tested_up_to":123,"requires_at_least":17,"requires_php":74,"tags":124,"homepage":125,"download_link":126,"security_score":96,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"your-web-shield","Your Web Shield","1.3.1","peterswe","https:\u002F\u002Fprofiles.wordpress.org\u002Fpeterswe\u002F","\u003Cp>Your Web Shield blocks high-risk IPs and limits request rates, providing enhanced security for your site.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin relies on the external service “Your Web Shield API” to check IP addresses for risk scoring.\u003Cbr \u002F>\nAPI Documentation: https:\u002F\u002Fwww.postman.com\u002Fywspeter\u002Fyour-web-shield\u002Frequest\u002Fuvtu6ua\u002Fip-details\u003Cbr \u002F>\nTerms of Service: https:\u002F\u002Fwww.yourwebshield.co.uk\u002Fterms\u003Cbr \u002F>\nPrivacy Policy: https:\u002F\u002Fwww.yourwebshield.co.uk\u002Fprivacy\u003C\u002Fp>\n","Your Web Shield blocks high-risk IPs and limits request rates, providing enhanced security for your site.",1137,"2024-12-30T17:37:00.000Z","6.7.5",[23,73,24],"https:\u002F\u002Fyourwebshield.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyour-web-shield.1.3.1.zip",{"attackSurface":128,"codeSignals":173,"taintFlows":185,"riskAssessment":282,"analyzedAt":289},{"hooks":129,"ajaxHandlers":159,"restRoutes":170,"shortcodes":171,"cronEvents":172,"entryPointCount":107,"unprotectedCount":27},[130,136,140,144,147,152,156],{"type":131,"name":132,"callback":133,"file":134,"line":135},"action","admin_menu","add_menu","includes\\admin\\class-admin.php",14,{"type":131,"name":137,"callback":138,"file":134,"line":139},"admin_enqueue_scripts","enqueue_scripts",15,{"type":131,"name":141,"callback":142,"file":134,"line":143},"admin_init","register_settings",16,{"type":131,"name":141,"callback":145,"file":134,"line":146},"handle_actions",17,{"type":131,"name":148,"callback":149,"file":150,"line":151},"plugins_loaded","load_textdomain","workflowdone-geo-blocker.php",114,{"type":131,"name":153,"callback":154,"priority":55,"file":150,"line":155},"init","check_access",115,{"type":131,"name":148,"callback":157,"file":150,"line":158},"get_instance",560,[160,166],{"action":161,"nopriv":162,"callback":163,"hasNonce":164,"hasCapCheck":164,"file":150,"line":165},"wfgb_test_ip",false,"ajax_test_ip",true,124,{"action":167,"nopriv":162,"callback":168,"hasNonce":164,"hasCapCheck":164,"file":150,"line":169},"wfgb_export_settings","ajax_export_settings",125,[],[],[],{"dangerousFunctions":174,"sqlUsage":175,"outputEscaping":178,"fileOperations":55,"externalRequests":107,"nonceChecks":14,"capabilityChecks":14,"bundledLibraries":184},[],{"prepared":176,"raw":27,"locations":177},8,[],{"escaped":179,"rawEcho":55,"locations":180},48,[181],{"file":150,"line":182,"context":183},410,"raw output",[],[186,246,266],{"entryPoint":187,"graph":188,"unsanitizedCount":14,"severity":245},"\u003Cworkflowdone-geo-blocker> (workflowdone-geo-blocker.php:0)",{"nodes":189,"edges":236},[190,195,201,204,208,212,216,218,221,224,227,230,233],{"id":191,"type":192,"label":193,"file":150,"line":194},"n0","source","$_SERVER (x2)",208,{"id":196,"type":197,"label":198,"file":150,"line":199,"wp_function":200},"n1","sink","wp_remote_get() [SSRF]",292,"wp_remote_get",{"id":202,"type":192,"label":203,"file":150,"line":194},"n2","$_SERVER (x3)",{"id":205,"type":197,"label":206,"file":150,"line":182,"wp_function":207},"n3","echo() [XSS]","echo",{"id":209,"type":192,"label":210,"file":150,"line":211},"n4","$_SERVER",268,{"id":213,"type":214,"label":215,"file":150,"line":211},"n5","transform","→ lookup_ip_api()",{"id":217,"type":197,"label":198,"file":150,"line":199,"wp_function":200},"n6",{"id":219,"type":192,"label":210,"file":150,"line":220},"n7",276,{"id":222,"type":214,"label":223,"file":150,"line":220},"n8","→ lookup_ipinfo()",{"id":225,"type":197,"label":198,"file":150,"line":226,"wp_function":200},"n9",319,{"id":228,"type":192,"label":210,"file":150,"line":229},"n10",407,{"id":231,"type":214,"label":232,"file":150,"line":229},"n11","→ get_block_page()",{"id":234,"type":197,"label":206,"file":150,"line":235,"wp_function":207},"n12",503,[237,238,239,240,241,242,243,244],{"from":191,"to":196,"sanitized":164},{"from":202,"to":205,"sanitized":164},{"from":209,"to":213,"sanitized":162},{"from":213,"to":217,"sanitized":162},{"from":219,"to":222,"sanitized":162},{"from":222,"to":225,"sanitized":162},{"from":228,"to":231,"sanitized":162},{"from":231,"to":234,"sanitized":162},"medium",{"entryPoint":247,"graph":248,"unsanitizedCount":27,"severity":265},"handle_actions (includes\\admin\\class-admin.php:126)",{"nodes":249,"edges":262},[250,253,257,258],{"id":191,"type":192,"label":251,"file":134,"line":252},"$_FILES",142,{"id":196,"type":197,"label":254,"file":134,"line":255,"wp_function":256},"file_get_contents() [SSRF\u002FLFI]",146,"file_get_contents",{"id":202,"type":192,"label":251,"file":134,"line":252},{"id":205,"type":197,"label":259,"file":134,"line":260,"wp_function":261},"update_option() [Settings Manipulation]",150,"update_option",[263,264],{"from":191,"to":196,"sanitized":164},{"from":202,"to":205,"sanitized":164},"low",{"entryPoint":267,"graph":268,"unsanitizedCount":27,"severity":265},"\u003Cclass-admin> (includes\\admin\\class-admin.php:0)",{"nodes":269,"edges":278},[270,271,272,273,274,276],{"id":191,"type":192,"label":251,"file":134,"line":252},{"id":196,"type":197,"label":254,"file":134,"line":255,"wp_function":256},{"id":202,"type":192,"label":251,"file":134,"line":252},{"id":205,"type":197,"label":259,"file":134,"line":260,"wp_function":261},{"id":209,"type":192,"label":275,"file":134,"line":252},"$_FILES (x5)",{"id":213,"type":197,"label":206,"file":134,"line":277,"wp_function":207},207,[279,280,281],{"from":191,"to":196,"sanitized":164},{"from":202,"to":205,"sanitized":164},{"from":209,"to":213,"sanitized":164},{"summary":283,"deductions":284},"The \"workflowdone-geo-blocker\" plugin v1.0.3 exhibits a strong security posture based on the provided static analysis. The plugin demonstrates good security practices by consistently utilizing prepared statements for all SQL queries, ensuring protection against SQL injection. Furthermore, a high percentage of output is properly escaped, significantly mitigating cross-site scripting (XSS) risks. The presence of nonce and capability checks on its entry points, including the two AJAX handlers, further reinforces its defense against unauthorized actions. The absence of known vulnerabilities and a clean vulnerability history suggests a commitment to security by the developers.\n\nWhile the overall security is commendable, there is one notable area for attention: the presence of one unsanitized path in the taint analysis. Although no critical or high-severity taint flows were identified, this indicates a potential avenue for unintended behavior or information disclosure if an attacker can control or manipulate input leading to this path. The single file operation also warrants careful review to ensure it does not introduce any insecure practices. Despite these minor points, the plugin's adherence to prepared statements, output escaping, and authorization checks places it in a relatively secure state.",[285,287],{"reason":286,"points":176},"Unsanitized path in taint analysis",{"reason":288,"points":14},"One file operation detected","2026-03-16T22:12:50.707Z",{"wat":291,"direct":300},{"assetPaths":292,"generatorPatterns":295,"scriptPaths":296,"versionParams":297},[293,294],"\u002Fwp-content\u002Fplugins\u002Fworkflowdone-geo-blocker\u002Fassets\u002Fcss\u002Fwfgb-admin.css","\u002Fwp-content\u002Fplugins\u002Fworkflowdone-geo-blocker\u002Fassets\u002Fjs\u002Fwfgb-admin.js",[],[],[298,299],"workflowdone-geo-blocker\u002Fassets\u002Fcss\u002Fwfgb-admin.css?ver=","workflowdone-geo-blocker\u002Fassets\u002Fjs\u002Fwfgb-admin.js?ver=",{"cssClasses":301,"htmlComments":302,"htmlAttributes":303,"restEndpoints":304,"jsGlobals":305,"shortcodeOutput":306},[],[],[],[],[],[]]