Find Blocks, Patterns & Shortcodes locates content containing specific Gutenberg blocks (including options to search by CSS class and HTML anchor attributes), patterns, and shortcodes, with a CSV export feature perfect for audits & analysis.
Core Features
- Progressive search with batch processing for large sites
- Post type filtering — search across posts, pages, or custom post types to find blocks, patterns, and shortcodes
- CSV export — export results for reporting, auditing, and analysis
- Block dropdown — select from all registered blocks
- Attribute search — find blocks by CSS class and HTML anchor attributes
- Synced pattern search — find usage of reusable blocks/patterns
- Sortable results tables for easy analysis
- WP-CLI support for automation
Performance Optimized
- Smart caching with 5-minute TTL
- Batch processing (100 posts per batch)
- Query optimization (IDs only fetch)
- Progress indicators for long operations
- Cancellable searches
- Hard limit protection (500-1000 posts)
Security
- Enhanced input validation with blacklisting
- Dual-layer rate limiting (user + IP)
- Timeout protection (25-second safeguard)
- Information disclosure prevention
- XSS and injection prevention
- Nonce auto-refresh for long sessions
Accessibility
- Screen reader compatible with ARIA live regions
- Full keyboard navigation support
- Visible focus indicators
- Form labels for all inputs
- Results count announcements
- Responsive design with 200% zoom support
WP-CLI Commands
Search for blocks: wp block-usage search core/paragraph —post-type=post,page —format=table
Clear cache: wp block-usage clear-cache
View security logs: wp block-usage logs —limit=100 —format=csv
Filters and Hooks
Filters
fbps_query_limit— Adjust search limit (default: 500, max: 1000)fbps_enable_security_logging— Toggle security logging (default: true)fbps_allow_editor_access— Allow Editor role access (default: false)
Actions
fbps_security_event— Hook into security event logging
Privacy
This plugin: * Does not collect any user data * Does not make external API calls * Stores security logs locally (last 1000 events) * Logs include: timestamp, user ID, IP address, event type * Security logs can be disabled via filter
Support
For support, feature requests, or bug reports, please use the WordPress.org support forums.
Credits
Developed by Matthew Cowan