WP-Safety

WP fail2ban Blocklist Security & Risk Analysis

wordpress.org/plugins/wpf2b-addon-blocklist

WP fail2ban Blocklist is a collaborative preemptive blocklist for WordPress.

4K active installs v2.2.2 PHP 7.4+ WP 4.9+ Updated May 1, 2025
blocklistfail2bansecurity
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP fail2ban Blocklist Safe to Use in 2026?

Generally Safe

Score 100/100

WP fail2ban Blocklist has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago
Risk Assessment

The "wpf2b-addon-blocklist" plugin v2.2.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL query sanitization (93% prepared statements) and output escaping (89% properly escaped). The absence of known CVEs and a history of zero vulnerabilities suggests a generally stable codebase. However, there are significant concerns. The plugin exposes one unprotected REST API route, which is a direct entry point for potential attacks. Furthermore, the complete lack of nonce checks on any of its entry points is a critical oversight, especially concerning if any of the AJAX handlers or REST API endpoints perform sensitive actions.

While taint analysis shows no immediate critical or high-severity flaws, the presence of a dangerous `assert` function and a file operation without further context warrants caution. The attack surface, though small, includes an unprotected REST API endpoint. The lack of capability checks on all entry points, particularly the unprotected REST API route, significantly increases the risk. The bundled Freemius library could also be a vector if it contains known vulnerabilities or is not kept up-to-date. The overall security is weakened by the unprotected REST API and the absence of nonce checks, which are fundamental security measures in WordPress development.

Key Concerns

  • Unprotected REST API route
  • No nonce checks on entry points
  • Use of dangerous function 'assert'
  • File operation without context
  • Bundled library (Freemius)
Vulnerabilities
None known

WP fail2ban Blocklist Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WP fail2ban Blocklist Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
13 prepared
Unescaped Output
2
16 escaped
Nonce Checks
0
Capability Checks
3
File Operations
1
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

assertassert( $true );freemius.php:141

Bundled Libraries

Freemius

SQL Query Safety

93% prepared14 total queries

Output Escaping

89% escaped18 total outputs
Attack Surface
1 unprotected

WP fail2ban Blocklist Attack Surface

Entry Points2
Unprotected1

REST API Routes 2

GET/wp-json/wp-fail2ban/v1/blocklistclasses\RestRoute.php:34
GET/wp-json/wp-fail2ban/v1/blocklistclasses\RestRoute.php:50
WordPress Hooks 22
filterplugin_iconadmin\admin.php:148
filterconnect_messageadmin\admin.php:151
actionadmin_menuadmin\admin.php:178
actionnetwork_admin_menuadmin\admin.php:179
filterwp_fail2ban_init_tabsadmin\config.php:38
filterheartbeat_receivedadmin\widgets.php:181
actionwp_dashboard_setupadmin\widgets.php:206
actionwp_network_dashboard_setupadmin\widgets.php:207
filterpermission_listfreemius.php:116
filterdefault_currencyfreemius.php:131
filterplugin_iconfreemius.php:135
filtershow_delegation_optionfreemius.php:138
filterenable_per_site_activationfreemius.php:139
filterredirect_on_activationfreemius.php:140
filtersite_status_testsfreemius.php:154
actionrest_api_initfreemius.php:157
actionplugins_loadedfreemius.php:159
actioninitfreemius.php:160
actionwf_fs_loadedfreemius.php:176
actionplugins_loadedinit.php:28
actionrest_api_initinit.php:91
actionwp_fail2ban_registerinit.php:92
Maintenance & Trust

WP fail2ban Blocklist Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMay 1, 2025
PHP min version7.4
Downloads27K

Community Trust

Rating100/100
Number of ratings2
Active installs4K
Alternatives

WP fail2ban Blocklist Alternatives

WP fail2ban – Advanced Security

WP fail2ban – Advanced Security

wp-fail2ban

A
99

WP fail2ban uses fail2ban to protect your WordPress site.

70K 1 CVE
Stop User Enumeration

Stop User Enumeration

stop-user-enumeration

A
91

Helps secure your site against hacking attacks through detecting User Enumeration

50K 6 CVEs
WP Fail2Ban Redux

WP Fail2Ban Redux

wp-fail2ban-redux

A
100

Records various WordPress events to your server's system log for integration with Fail2Ban.

8K No CVEs
WP fail2ban Add-on for Contact Form 7

WP fail2ban Add-on for Contact Form 7

wp-fail2ban-addon-contact-form-7

A
92

WP fail2ban Integration with Contact Form 7 to log spam form submissions.

800 No CVEs
WP fail2ban Add-on for Gravity Forms

WP fail2ban Add-on for Gravity Forms

wp-fail2ban-addon-gravity-forms

A
92

WP fail2ban integration with Gravity Forms to log spam form submissions.

700 No CVEs
Developer Profile

WP fail2ban Blocklist Developer Profile

invisnet

6 plugins · 76K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
1793 days
View full developer profile
Detection Fingerprints

How We Detect WP fail2ban Blocklist

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpf2b-addon-blocklist/admin/css/admin.css
Version Parameters
wpf2b-addon-blocklist/admin/css/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
dashicons-external
Data Attributes
data-freemius-plugin-id="2423"
FAQ

Frequently Asked Questions about WP fail2ban Blocklist