Find Blocks, Patterns & Shortcodes

Find Blocks, Patterns & Shortcodes locates content containing specific Gutenberg blocks (including options to search by CSS class and HTML anchor attributes), patterns, and shortcodes, with a CSV export feature perfect for audits & analysis.

Core Features

• Progressive search with batch processing for large sites
• Post type filtering – search across posts, pages, or custom post types to find blocks, patterns, and shortcodes
• CSV export – export results for reporting, auditing, and analysis
• Block dropdown – select from all registered blocks
• Attribute search – find blocks by CSS class and HTML anchor attributes
• Synced pattern search – find usage of reusable blocks/patterns
• Sortable results tables for easy analysis
• WP-CLI support for automation

Performance Optimized

• Smart caching with 5-minute TTL
• Batch processing (100 posts per batch)
• Query optimization (IDs only fetch)
• Progress indicators for long operations
• Cancellable searches
• Hard limit protection (500-1000 posts)

Security

• Enhanced input validation with blacklisting
• Dual-layer rate limiting (user + IP)
• Timeout protection (25-second safeguard)
• Information disclosure prevention
• XSS and injection prevention
• Nonce auto-refresh for long sessions

Accessibility

• Screen reader compatible with ARIA live regions
• Full keyboard navigation support
• Visible focus indicators
• Form labels for all inputs
• Results count announcements
• Responsive design with 200% zoom support

WP-CLI Commands

Search for blocks:
wp block-usage search core/paragraph –post-type=post,page –format=table

Clear cache:
wp block-usage clear-cache

View security logs:
wp block-usage logs –limit=100 –format=csv

Filters and Hooks

Filters

• fbps_query_limit – Adjust search limit (default: 500, max: 1000)
• fbps_enable_security_logging – Toggle security logging (default: true)
• fbps_allow_editor_access – Allow Editor role access (default: false)

Actions

• fbps_security_event – Hook into security event logging

Privacy

This plugin:
* Does not collect any user data
* Does not make external API calls
* Stores security logs locally (last 1000 events)
* Logs include: timestamp, user ID, IP address, event type
* Security logs can be disabled via filter

Support

For support, feature requests, or bug reports, please use the WordPress.org support forums.

Credits

Developed by Matthew Cowan