[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fVsBtNISmfW3E_XIEjswWMFc173r3U_m5TUiYIVujK6w":3},{"slug":4,"display_name":5,"profile_url":6,"plugin_count":7,"total_installs":8,"avg_security_score":9,"avg_patch_time_days":10,"trust_score":11,"computed_at":12,"plugins":13},"ayeshrajans","Ayesh Karunaratne","https:\u002F\u002Fprofiles.wordpress.org\u002Fayeshrajans\u002F",7,7550,88,30,86,"2026-04-04T15:22:29.450Z",[14,38,60,79,95,109,123],{"slug":15,"name":16,"version":17,"author":5,"author_profile":6,"description":18,"short_description":19,"active_installs":20,"downloaded":21,"rating":22,"num_ratings":7,"last_updated":23,"tested_up_to":24,"requires_at_least":25,"requires_php":26,"tags":27,"homepage":32,"download_link":33,"security_score":34,"vuln_count":35,"unpatched_count":35,"last_vuln_date":36,"fetched_at":37},"oembed-plus","oEmbed Plus","1.6","\u003Cp>Adds support for embedding Facebook and Instagram posts in Block Editor (Gutenberg) and Classic Editor. This feature was removed in WordPress core due to deprecation of legacy APIs WordPress core used.\u003C\u002Fp>\n\u003Cp>Prior to WordPress 5.5.1, WordPress had support to embed Instagram and Facebook photos, videos, notes, quizes, etc in posts created with Block Editor and Classic Editor. However, Facebook removed this legacy API in October 2020, and this plugin implements the new APIs to bring back support for Facebook and Instagram content embedding.\u003C\u002Fp>\n\u003Cp>Note that you will need to register a Facebook developer account and create an app to get API credentials that this plugin uses. There is no coding necessary, but an API key needs to be created and set for the plugin.\u003C\u002Fp>\n\u003Cp>Detailed setup instructions are available in \u003Ca href=\"https:\u002F\u002Fphp.watch\u002Farticles\u002Fwordpress-facebook-instagram-oembed\" rel=\"nofollow ugc\">oEmbed Plus guide at PHP.Watch\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This project is not owned, endorsed, or otherwise affiliated with Facebook Inc. or Instagram LLC.\u003C\u002Fp>\n","Adds support for embedding Facebook and Instagram posts in Block Editor (Gutenberg) and Classic Editor.",4000,108320,100,"2021-07-15T10:24:00.000Z","5.6.17","4.9","7.1",[28,29,30,31],"embed","facebook","instagram","oembed","https:\u002F\u002Fphp.watch\u002Farticles\u002Fwordpress-facebook-instagram-oembed","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Foembed-plus.1.6.zip",85,0,null,"2026-03-15T15:16:48.613Z",{"slug":39,"name":40,"version":41,"author":5,"author_profile":6,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":22,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":57,"download_link":58,"security_score":59,"vuln_count":35,"unpatched_count":35,"last_vuln_date":36,"fetched_at":37},"password-hash","PHP Native Password Hash","3.0","\u003Cp>This plugin swaps out WordPress core’s password hashing mechanism with PHP 5.5’s \u003Ccode>password_hash()\u003C\u002Fcode> and its accompanying functions. By default, PHP uses bcrypt to hash the passwords. If available, this plugin will use modern Argon2 algorithm. The transition will be transparent.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>A password salt will be generated using a Cryptographically Secure Pseudo-Random Number Generator (\u003Ccode>CSPRNG\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>Password hashes are safe from dictionary attacks with rainbow tables or any other precomputed hash lists, because a secure salt is generated for each password.\u003C\u002Fli>\n\u003Cli>The password hashing is iterated multiple times to provide a good resistance against brute-force attacks.\u003C\u002Fli>\n\u003Cli>Password checks are made in a way that it mitigates time-attacks.\u003C\u002Fli>\n\u003Cli>You do not have to reset passwords of all users. Passwords already hashed in the database will be rehashed automatically and transparently the next time the user logs in.\u003C\u002Fli>\n\u003Cli>PHP might come up with newer password hashing algorithms, and they will be automatically supported without having to reset all the passwords.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin was made initially because one of our applications used WordPress for authentication, but we needed to use an external system\u003Cbr \u002F>\nto verify the passwords directly from the database too. Since WordPress has its own password hashing algorithm, we decided to make this plugin to address that problem.\u003Cbr \u002F>\nWith this plugin, passwords generated by both WordPress and other custom applications now use the PHP’s default \u003Ccode>password_hash()\u003C\u002Fcode> functions without compromising any of the applications’ security.\u003C\u002Fp>\n\u003Cp>This plugin is designed to be as minimal and fast as possible, and can be considered a must-use for EVERY WordPress application given the minimal footprint of this plugin, and considering the importance of using a secure hashing algorithm for passwords.\u003C\u002Fp>\n","Makes WordPress use PHP's native password_hash() functions for portable, stronger, and time-attack safe bcrypt and Argon2 hashes.",2000,23029,6,"2024-06-10T16:52:00.000Z","6.5.8","5.2","7.0",[52,53,54,55,56],"argon2","bcrypt","password","password-hashing","password_hash","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpassword-hash.3.0.zip",92,{"slug":61,"name":62,"version":63,"author":5,"author_profile":6,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":50,"tags":73,"homepage":77,"download_link":78,"security_score":34,"vuln_count":35,"unpatched_count":35,"last_vuln_date":36,"fetched_at":37},"samesite","SameSite Cookies","2.1","\u003Cp>This plugin adds the “SameSite” cookie flag to WordPress’s authentication cookies. On supported browsers (all current IE, Edge, Chrome, and Firefox), this can effectively prevent all Cross-Site Request Forgery attacks throughout your WordPress site.\u003C\u002Fp>\n\u003Cp>SameSite cookie flag support was added to PHP on version 7.3, but this plugin ships with a workaround to \u003Cstrong>support all PHP versions\u003C\u002Fstrong> WordPress supports.\u003C\u002Fp>\n\u003Cp>There is no administrative UI provided: Activate this plugin, and you are all set!\u003C\u002Fp>\n\u003Cp>You can configure the SameSite flag value from your WordPress configuration file. You cna pick a value from \u003Ccode>Lax\u003C\u002Fcode> (default), \u003Ccode>Strict\u003C\u002Fcode>, or \u003Ccode>None\u003C\u002Fcode>. You can read about \u003Ca href=\"https:\u002F\u002Fphp.watch\u002Farticles\u002FPHP-Samesite-cookies\" rel=\"nofollow ugc\">SameSite cookies here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>To configure the \u003Ccode>SameSite\u003C\u002Fcode> flag value, edit your WordPress configuration file (\u003Ccode>wp-config.php\u003C\u002Fcode>), and add the following lines right above \u003Ccode>\u002F** Sets up WordPress vars and included files. *\u002F\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'WP_SAMESITE_COOKIE', 'Lax' ); \u002F\u002F Pick from 'Lax', 'Strict', or 'None'.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Note that \u003Cstrong>only the authentication cookies are affected\u003C\u002Fstrong>. Regular cookies that your installed plugins set will \u003Cstrong>not\u003C\u002Fstrong> be affected, nor provide any meaningful value with \u003Ccode>SameSite\u003C\u002Fcode> flags.\u003C\u002Fp>\n","CSRF-protection for authentication cookies. When enabled, this plugin makes sure the \"SameSite\" flag is set in authentication cookies.",900,23180,50,11,"2023-07-23T12:18:00.000Z","6.3.8","6.2",[74,75,61,76],"cookies","csrf","security","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsamesite","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsamesite.2.1.zip",{"slug":80,"name":81,"version":82,"author":5,"author_profile":6,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":22,"num_ratings":87,"last_updated":88,"tested_up_to":71,"requires_at_least":89,"requires_php":26,"tags":90,"homepage":93,"download_link":94,"security_score":34,"vuln_count":35,"unpatched_count":35,"last_vuln_date":36,"fetched_at":37},"comment-form-csrf-protection","Comment Form CSRF Protection","1.4","\u003Cp>WordPress has a 12-year-old unfixed security vulnerability that it does not properly validate incoming comments.\u003C\u002Fp>\n\u003Cp>An attacker can trick both anonymous and logged-in users to post comments on a victim site without them realizing, while using their own credentials.\u003C\u002Fp>\n\u003Cp>See this issue for more information: https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F10931\u003C\u002Fp>\n\u003Cp>This is a tiny (fewer than 40 effect lines of code) module that adds a secure token to the comment form and validate it before accepting any comment, thus making your comment forms secure as they should\\’ve been for all these years!\u003C\u002Fp>\n\u003Cp>It provides no UI – just install it, and you are all set!\u003C\u002Fp>\n\u003Col>\n\u003Cli>This plugin adds a secret cryptographically-secure token to the comment form. This is a unique value and is computationally impractical to guess it.\u003C\u002Fli>\n\u003Cli>Upon comment submission, the comment is rejected if the secret tokens are not present or computationally invalid.\u003C\u002Fli>\n\u003C\u002Fol>\n","Prevent Cross-Site Request Forgery attacks on your comments form.",500,15435,2,"2023-07-23T12:59:00.000Z","4.2",[91,75,76,92],"comments","spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcomment-form-csrf-protection","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-form-csrf-protection.1.4.zip",{"slug":96,"name":97,"version":82,"author":5,"author_profile":6,"description":98,"short_description":99,"active_installs":100,"downloaded":101,"rating":35,"num_ratings":35,"last_updated":102,"tested_up_to":71,"requires_at_least":103,"requires_php":26,"tags":104,"homepage":107,"download_link":108,"security_score":34,"vuln_count":35,"unpatched_count":35,"last_vuln_date":36,"fetched_at":37},"clear-logout","Clear Logout","\u003Cp>This plugin ensures that when users of your website (including site administrators), the browsers are instructed to clear all residue such as cookies and caches to enhance the security.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdeveloper.mozilla.org\u002Fen-US\u002Fdocs\u002FWeb\u002FHTTP\u002FHeaders\u002FClear-Site-Data\" rel=\"nofollow ugc\">\u003Ccode>Clear-Site-Data\u003C\u002Fcode> HTTP header\u003C\u002Fa> is sent when a user logs out, which supported browsers will react by removing all existing cookies, cache, and other storage. It will \u003Cstrong>not\u003C\u002Fstrong> remove saved passwords, permissions, adblocker rules, and other data that are supposed to be permanent.\u003C\u002Fp>\n\u003Cp>This plugin prevents possible security vulnerabilities such as clicking the “Back” button in the browser after logging out revealing the pages that should not have been accessible after logging out. Furthermore, this cleans the browser cache, which prevents accessing authenticated media assets (such as purchased images) from the browser cache of a victim.\u003C\u002Fp>\n","A tiny WordPress plugin to clear all browser data related to the site upon logout (With Clear-Site-Data header).",90,3501,"2023-07-23T12:29:00.000Z","5.1",[105,106,54,76],"authentication","logout","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fclear-logout\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclear-logout.1.4.zip",{"slug":110,"name":111,"version":112,"author":5,"author_profile":6,"description":113,"short_description":114,"active_installs":68,"downloaded":115,"rating":35,"num_ratings":35,"last_updated":116,"tested_up_to":71,"requires_at_least":117,"requires_php":26,"tags":118,"homepage":57,"download_link":122,"security_score":34,"vuln_count":35,"unpatched_count":35,"last_vuln_date":36,"fetched_at":37},"fast404","Fast 404","1.2","\u003Cp>Fast 404 is a low foot-print plugin that quickly inspects an incoming HTTP request, and terminates the request as soon as possible if the request is for a non-existing resource. If the browser is expecting an HTML page (indicated by the \u003Ccode>Accept\u003C\u002Fcode> HTTP header), this plugin will not intercept it. For all other requests, this plugin will terminate it immediately, saving server resources and bandwidth.\u003C\u002Fp>\n\u003Cp>When a user browser requests a resource (such as a \u003Ccode>jpg\u003C\u002Fcode> image, or a \u003Ccode>.woff2\u003C\u002Fcode> font file), the web server sends this resource if it is available in the requested location. If the file does not exist, the request is forwarded to WordPress to handle. Unless you are using a plugin that dynamically generates these files, these file-not-found requests trigger a full WordPress Page-Not-Found error page. This plugin inspects such incoming requests, and if the browser indicates that it is looking for a resource other than an HTML page, this plugin terminates the request as soon as possible to prevent WordPress from serving this request which would be a waste of resources and bandwidth. This plugin carefully makes sure that the short-circuited 404 pages (which just shows “Not Found” on a blank page) is only returned to browser asset requests, and not for end users who expect an HTML page.\u003C\u002Fp>\n\u003Cp>By default, all HTTP requests to \u003Ccode>js|css|jpg|jpeg|gif|png|webp|ico|exe|bin|dmg|woff|woff2\u003C\u002Fcode> extensions will be fast 404’d. You can configure the extensions and even configure an exclusion pattern to prevent this plugin from intercepting certain requests.\u003C\u002Fp>\n\u003Cp>This plugin is the WordPress port of \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FPHPWatch\u002FFast404\" rel=\"nofollow ugc\">PHPWatch\u002FFast404\u003C\u002Fa> package.\u003C\u002Fp>\n","Prevents WordPress from delivering full Page-Not-Found errors when the browser is not expecting a full HTML page. Saves bandwidth and improves perform …",6808,"2023-07-23T12:41:00.000Z","3.9.2",[119,120,121],"404","page-not-found","performance","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffast404.1.2.zip",{"slug":124,"name":125,"version":126,"author":5,"author_profile":6,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":22,"num_ratings":131,"last_updated":57,"tested_up_to":132,"requires_at_least":25,"requires_php":26,"tags":133,"homepage":139,"download_link":140,"security_score":22,"vuln_count":35,"unpatched_count":35,"last_vuln_date":36,"fetched_at":141},"woo-hnb","Hatton National Bank Payment Gateway for WooCommerce","1.1.1","\u003Cp>Hatton National Bank Payment Gateway for WooCommerce plugin is a free and open source plugin to integrate Hatton National Bank Internet Payment Gateway with your WooCommerce store.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Totally free! No need to buy a license.\u003C\u002Fli>\n\u003Cli>Lightweight yet fully functional integration.\u003C\u002Fli>\n\u003Cli>Written with modern PHP code, making the code light weight and easy to read.\u003C\u002Fli>\n\u003Cli>Thoroughly and securely validates the payments upon receipt.\u003C\u002Fli>\n\u003Cli>Security measures to prevent sensitive data exposure.\u003C\u002Fli>\n\u003Cli>Translated to Sinhalese (සිංහල) and Tamil (தமிழ்)  by native speakers.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Prerequisites\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>PHP 7.1 or later\u003C\u002Fli>\n\u003Cli>\u003Ccode>Acquire ID\u003C\u002Fcode>, \u003Ccode>Merchant ID\u003C\u002Fcode>, and \u003Ccode>Password\u003C\u002Fcode> obtained from HNB.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Note that PHP 5.6 and older versions no longer receive official security updates. PHP 7.1 only receives security fixes, it is highly recommended that you use the latest PHP version. This plugin is tested with PHP versions upto \u003Ca href=\"https:\u002F\u002Fphp.watch\u002Fversions\u002F8.0\" rel=\"nofollow ugc\">PHP 8.0\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Cp>Once enabled, you will see a \u003Cem>Settings\u003C\u002Fem> link under the \u003Cem>HNB Gateway for WooCommerce\u003C\u002Fem> plugin name. This button, or \u003Cem>WooCommerce Settings -> Payments -> HNB Online Payment\u003C\u002Fem> will take you to the plugin configuration page.\u003C\u002Fp>\n\u003Cp>In this page, enter the Acquirer ID, Merchant ID, and Password exactly as provided by HNB.\u003C\u002Fp>\n\u003Ch3>Functionality\u003C\u002Fh3>\n\u003Cp>When the customers are about pay for the order, they will see the option to pay by credit\u002Fdebit cards via HNB payment gateway. User will be sent to HNB payment gateway to complete the payment.\u003C\u002Fp>\n\u003Cp>Upon completion, user is sent back to your store, and depending on the transaction status, user will either see the order-complete page, or sent back to the checkout page with a message saying the payment failed.\u003C\u002Fp>\n\u003Cp>If a transaction fails (card declined, configuration error, etc.), this plugin logs an admin-note to the order. This note tries to put as much as possible information for administrators to help resolve any problems. The error codes are available to refer in the PDF file sent by HNB.\u003C\u002Fp>\n","Hatton National Bank Payment Gateway for WooCommerce plugin is a free and open source plugin to integrate Hatton National Bank Internet Payment Gatewa …",10,3142,1,"6.8.5",[134,135,136,137,138],"payment","payment-gateway","sri-lanka","woo-commerce","woocommerce","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoo-hnb","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoo-hnb.1.1.1.zip","2026-03-15T10:48:56.248Z"]