[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$flebBzY-LRwjiv_cSUxVcPOQIx5YZAxkafJFIdza5jTw":3},{"slug":4,"display_name":5,"profile_url":6,"plugin_count":7,"total_installs":8,"avg_security_score":9,"avg_patch_time_days":10,"trust_score":11,"computed_at":12,"plugins":13},"blobfolio","Blobfolio","https:\u002F\u002Fprofiles.wordpress.org\u002Fblobfolio\u002F",4,1510,98,1122,78,"2026-04-04T05:24:10.697Z",[14,39,61,79],{"slug":15,"name":16,"version":17,"author":5,"author_profile":6,"description":18,"short_description":19,"active_installs":20,"downloaded":21,"rating":22,"num_ratings":23,"last_updated":24,"tested_up_to":25,"requires_at_least":26,"requires_php":27,"tags":28,"homepage":34,"download_link":35,"security_score":22,"vuln_count":36,"unpatched_count":36,"last_vuln_date":37,"fetched_at":38},"blob-mimes","Lord of the Files: Enhanced Upload Security","1.4.2","\u003Cp>WordPress relies mostly on name-based validation when deciding whether or not to allow a particular file, leaving the door open for various kinds of attacks.\u003C\u002Fp>\n\u003Cp>Lord of the Files adds to this content-based validation and sanitizing, making sure that files are what they say they are and safe for inclusion on your site.\u003C\u002Fp>\n\u003Cp>The main features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Robust \u003Cem>real\u003C\u002Fem> filetype detection;\u003C\u002Fli>\n\u003Cli>Full MIME alias mapping;\u003C\u002Fli>\n\u003Cli>SVG sanitization (if SVG uploads have been independently allowed);\u003C\u002Fli>\n\u003Cli>File upload validation debugger;\u003C\u002Fli>\n\u003Cli>Fixes issues related to \u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F40175\" rel=\"nofollow ugc\">#40175\u003C\u002Fa> that have been present since WordPress \u003Ccode>4.7.1\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>Fixes ambiguous media extensions \u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F40921\" rel=\"nofollow ugc\">#40921\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 5.2 or later.\u003C\u002Fli>\n\u003Cli>PHP 7.4 or later.\u003C\u002Fli>\n\u003Cli>\u003Ccode>dom\u003C\u002Fcode> PHP extension.\u003C\u002Fli>\n\u003Cli>\u003Ccode>fileinfo\u003C\u002Fcode> PHP extension.\u003C\u002Fli>\n\u003Cli>\u003Ccode>mbstring\u003C\u002Fcode> PHP extension.\u003C\u002Fli>\n\u003Cli>\u003Ccode>xml\u003C\u002Fcode> PHP extension.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please note: it is \u003Cstrong>not safe\u003C\u002Fstrong> to run WordPress atop a version of PHP that has reached its \u003Ca href=\"http:\u002F\u002Fphp.net\u002Fsupported-versions.php\" rel=\"nofollow ugc\">End of Life\u003C\u002Fa>. Future releases of this plugin might, out of necessity, drop support for old, unmaintained versions of PHP. To ensure you continue to receive plugin updates, bug fixes, and new features, just make sure PHP is kept up-to-date. 🙂\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>This plugin does not make use of or collect any “Personal Data”.\u003C\u002Fp>\n","This plugin expands file-related security and sanity around the upload process.",1000,95238,100,11,"2025-09-17T03:38:00.000Z","6.8.5","5.2","7.4",[29,30,31,32,33],"file-validation","mime","security-plugin","svg","upload-security","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblob-mimes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblob-mimes.1.4.2.zip",0,null,"2026-03-15T15:16:48.613Z",{"slug":40,"name":41,"version":42,"author":5,"author_profile":6,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":22,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":56,"download_link":57,"security_score":58,"vuln_count":59,"unpatched_count":36,"last_vuln_date":60,"fetched_at":38},"apocalypse-meow","Apocalypse Meow","23.0.0","\u003Cp>Apocalypse Meow’s main focus is addressing WordPress security issues related to user accounts and logins. This includes things like:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Brute-force login-in protection;\u003C\u002Fli>\n\u003Cli>Customizable password strength requirements;\u003C\u002Fli>\n\u003Cli>XML-RPC access controls;\u003C\u002Fli>\n\u003Cli>Account access alerts;\u003C\u002Fli>\n\u003Cli>Searchable access logs (including failed login attempts and temporary bans);\u003C\u002Fli>\n\u003Cli>User enumeration prevention;\u003C\u002Fli>\n\u003Cli>Registration SPAM protection;\u003C\u002Fli>\n\u003Cli>Miscellaneous Core and template options to make targeted hacks more difficult;\u003C\u002Fli>\n\u003Cli>Anonymize\u002Fscrub leaky remote request headers;\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Security is an admittedly technical subject, but Apocalypse Meow strives to help educate “normal” users about the nature of common web attacks, mitigation techniques, etc. Every option contains detailed explanations and links to external resources with additional information.\u003C\u002Fp>\n\u003Cp>Knowledge is power!\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cp>Due to the advanced nature of some of the plugin features, there are a few additional server requirements beyond what WordPress itself requires:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress 4.4+.\u003C\u002Fli>\n\u003Cli>PHP 7.3 or later.\u003C\u002Fli>\n\u003Cli>PHP extensions: (bcmath or gmp), date, filter, json, pcre.\u003C\u002Fli>\n\u003Cli>\u003Ccode>CREATE\u003C\u002Fcode> and \u003Ccode>DROP\u003C\u002Fcode> MySQL grants.\u003C\u002Fli>\n\u003Cli>Single-site Installs (i.e. Multi-Site is not supported).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please note: it is \u003Cstrong>not safe\u003C\u002Fstrong> to run WordPress atop a version of PHP that has reached its \u003Ca href=\"http:\u002F\u002Fphp.net\u002Fsupported-versions.php\" rel=\"nofollow ugc\">End of Life\u003C\u002Fa>. Future releases of this plugin might, out of necessity, drop support for old, unmaintained versions of PHP. To ensure you continue to receive plugin updates, bug fixes, and new features, just make sure PHP is kept up-to-date. 🙂\u003C\u002Fp>\n\u003Ch3>Log Monitoring\u003C\u002Fh3>\n\u003Cp>Some robots are so dumb they’ll continue trying to submit credentials even after the login form is replaced, wasting system resources and clogging up the log-in history table.  One way to mitigate this is to use a server-side log-monitoring program like \u003Ca href=\"http:\u002F\u002Fwww.fail2ban.org\u002F\" rel=\"nofollow ugc\">Fail2Ban\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fossec.github.io\u002F\" rel=\"nofollow ugc\">OSSEC\u003C\u002Fa> to ban users via the firewall.\u003C\u002Fp>\n\u003Cp>Apocalypse Meow produces a 403 error when a banned user requests the login form. Your log-monitoring rule should therefore look for repeated 403 responses to \u003Ccode>wp-login.php\u003C\u002Fcode>.  Additionally, some robots are unable to follow redirects; if your login form requires SSL, you should also ban repeated 301\u002F302 responses to catch those fools.\u003C\u002Fp>\n\u003Cp>If you have enabled user enumeration protection with the \u003Ccode>die()\u003C\u002Fcode> option, requests for \u003Ccode>?author=X\u003C\u002Fcode> will produce a 400 response code which can be similarly tracked.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>When active, this plugin retains security logs of every sign-in attempt made to the CMS backend. This information — including the end user’s public IP address, username, and the status of his or her attempt — is used to help prevent unauthorized system access and maintain Quality of Service for all site visitors.\u003C\u002Fp>\n\u003Cp>This information resides fully on the hosting web site and is not shared with any third parties.\u003C\u002Fp>\n\u003Cp>Data retention is entirely up to the site operator, but by default old records are automatically removed after 90 days.\u003C\u002Fp>\n\u003Cp>Please note: Apocalypse Meow \u003Cstrong>DOES NOT\u003C\u002Fstrong> integrate with any WordPress GDPR “Personal Data” features. (Selective erasure of audit logs would undermine the security mechanisms provided by this plugin. Haha.)\u003C\u002Fp>\n","A simple, light-weight collection of tools to harden WordPress security and help mitigate common types of attacks.",400,68506,23,"2026-01-28T19:00:00.000Z","6.9.4","4.4","7.3",[53,54,55],"brute-force","login","security","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fapocalypse-meow\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapocalypse-meow.23.0.0.zip",93,2,"2026-03-04 16:06:27",{"slug":62,"name":63,"version":64,"author":5,"author_profile":6,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":22,"num_ratings":59,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":51,"tags":72,"homepage":77,"download_link":78,"security_score":22,"vuln_count":36,"unpatched_count":36,"last_vuln_date":37,"fetched_at":38},"jeepers-peepers","Jeepers Peepers: WP Syslog","0.5.4","\u003Cp>Jeepers Peepers provides an extensible interface for recording WordPress events — user logins, file uploads, post deletions, etc. — to a standard system log.\u003C\u002Fp>\n\u003Cp>The resulting audit trail can then be incorporated into powerful log-monitoring tools like \u003Ca href=\"https:\u002F\u002Fossec.github.io\u002F\" rel=\"nofollow ugc\">OSSEC\u003C\u002Fa> for pre-emptive protection and, in the unfortunate event of a hack, used as a vital reference in the post-mortem investigation.\u003C\u002Fp>\n\u003Cp>The following events are automatically logged:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Content: \u003Ccode>wp_die()\u003C\u002Fcode> triggered;\u003C\u002Fli>\n\u003Cli>Content: attachment deleted;\u003C\u002Fli>\n\u003Cli>Content: attachment sideloaded;\u003C\u002Fli>\n\u003Cli>Content: attachment uploaded;\u003C\u002Fli>\n\u003Cli>Content: post deleted;\u003C\u002Fli>\n\u003Cli>Content: post published; \u003C\u002Fli>\n\u003Cli>Network: GET, HEAD, POST, etc., requests;\u003C\u002Fli>\n\u003Cli>Plugin: activated;\u003C\u002Fli>\n\u003Cli>Plugin: deactivated;\u003C\u002Fli>\n\u003Cli>Plugin: upgraded;\u003C\u002Fli>\n\u003Cli>User: deleted;\u003C\u002Fli>\n\u003Cli>User: login banned (via \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fapocalypse-meow\u002F\" rel=\"ugc\">Apocalypse Meow\u003C\u002Fa>);\u003C\u002Fli>\n\u003Cli>User: login failed;\u003C\u002Fli>\n\u003Cli>User: login succeeded;\u003C\u002Fli>\n\u003Cli>User: new user;\u003C\u002Fli>\n\u003Cli>User: password reset;\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Each log entry records:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>UTC timestamp;\u003C\u002Fli>\n\u003Cli>Severity level;\u003C\u002Fli>\n\u003Cli>User IP address (or \u003Ccode>127.0.0.1\u003C\u002Fcode> if automated);\u003C\u002Fli>\n\u003Cli>Logged in username (if applicable);\u003C\u002Fli>\n\u003Cli>Event message;\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It will look something like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>WordPressAudit 2017-05-24 16:35:45 [warning] yourdomain.com 68.256.55.123 \"tiffany\" \"Deactivated plugin: look-see-security-scanner\"\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 4.7 or later.\u003C\u002Fli>\n\u003Cli>PHP 7.3 or later.\u003C\u002Fli>\n\u003Cli>Linux host.\u003C\u002Fli>\n\u003Cli>Single-site instance.\u003C\u002Fli>\n\u003Cli>Log file must be writeable by WordPress.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please note: it is \u003Cstrong>not safe\u003C\u002Fstrong> to run WordPress atop a version of PHP that has reached its \u003Ca href=\"http:\u002F\u002Fphp.net\u002Fsupported-versions.php\" rel=\"nofollow ugc\">End of Life\u003C\u002Fa>. Future releases of this plugin might, out of necessity, drop support for old, unmaintained versions of PHP. To ensure you continue to receive plugin updates, bug fixes, and new features, just make sure PHP is kept up-to-date. 🙂\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Jeepers Peepers records CMS events such as post and plugin changes to a standard system log for security and audit purposes. Where possible, these entries include the public IP address and\u002For WordPress username of the individual responsible.\u003C\u002Fp>\n\u003Cp>This plugin does not send any of this information to remote locations or third parties.\u003C\u002Fp>\n\u003Cp>Please note: Jeepers Peepers \u003Cem>DOES NOT\u003C\u002Fem> integrate with any WordPress GDPR “Personal Data” features. (Selective erasure of audit logs would undermine the very purpose of this plugin! Haha.)\u003C\u002Fp>\n","An extensible tool for recording WordPress events to a system log.",60,13147,"2025-04-15T17:45:00.000Z","6.6.5","4.7",[73,74,55,75,76],"audit-trail","event-log","syslog","system-log","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjeepers-peepers\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjeepers-peepers.0.5.4.zip",{"slug":80,"name":81,"version":82,"author":5,"author_profile":6,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":22,"num_ratings":87,"last_updated":88,"tested_up_to":25,"requires_at_least":71,"requires_php":51,"tags":89,"homepage":95,"download_link":96,"security_score":22,"vuln_count":36,"unpatched_count":36,"last_vuln_date":37,"fetched_at":38},"well-handled","Well-Handled Email Templates","2.4.5","\u003Cp>Well-Handled lets developers build, manage, preview, send, and track complex transactional email templates with WordPress, freeing them from the time and expense of using a third-party service like Mandrill.  It comes with a ton of template processing options, easy drop-in functions for generating and sending transactional emails, and hookable filters for developers with additional needs.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Manage and preview email templates through WP-Admin;\u003C\u002Fli>\n\u003Cli>Color-coded editor with dozens of themes;\u003C\u002Fli>\n\u003Cli>Support for Handlebar\u002FMustache markup;\u003C\u002Fli>\n\u003Cli>Preview templates in WP-Admin or send as an email;\u003C\u002Fli>\n\u003Cli>Numerous post-processing options such as CSS inlining, comment removal, whitespace compression, etc., let you keep your working code readable and the rendered product optimal;\u003C\u002Fli>\n\u003Cli>Shortcode and fragment support (like reusable headers, etc.);\u003C\u002Fli>\n\u003Cli>Send emails via SMTP, Amazon SES, or Mandrill;\u003C\u002Fli>\n\u003Cli>Track open rates and clicks, search send history, view statistics, access full message details;\u003C\u002Fli>\n\u003Cli>Assign template and statistic access on a per-role basis;\u003C\u002Fli>\n\u003Cli>[Deprecated] Mail sending via queue instead of realtime;\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cp>Well-Handled is more complex than the average plugin and therefore requires a litlte more from your server:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress 4.7 or later.\u003C\u002Fli>\n\u003Cli>PHP 7.3 or later.\u003C\u002Fli>\n\u003Cli>PHP extensions: date, dom, filter, hash, imap, json, libxml, openssl, pcre\u003C\u002Fli>\n\u003Cli>UTF-8 encoding.\u003C\u002Fli>\n\u003Cli>Well-Handled is \u003Cem>not\u003C\u002Fem> compatible with WordPress Multi-Site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please note: it is \u003Cstrong>not safe\u003C\u002Fstrong> to run WordPress atop a version of PHP that has reached its \u003Ca href=\"http:\u002F\u002Fphp.net\u002Fsupported-versions.php\" rel=\"nofollow ugc\">End of Life\u003C\u002Fa>. Future releases of this plugin might, out of necessity, drop support for old, unmaintained versions of PHP. To ensure you continue to receive plugin updates, bug fixes, and new features, just make sure PHP is kept up-to-date. 🙂\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Well-Handled includes the ability for site operators to track sent emails — either basic metadata or full message content — and see which links the recipients of those messages end up visiting.\u003C\u002Fp>\n\u003Cp>This data resides fully on the hosting web server and is not shared with any third-parties (aside from the SMTP servers used to send the messages).\u003C\u002Fp>\n\u003Cp>While the plugin does not utilize any WordPress GDPR “Personal Data” features, it does provide mechanisms for deleting data, both selectively and automatically.\u003C\u002Fp>\n","Build, manage, preview, send, and track complex transactional email templates from WordPress.",50,7805,3,"2025-04-15T17:56:00.000Z",[90,91,92,93,94],"css","email","email-templates","handlebar","mustache","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwell-handled\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwell-handled.2.4.5.zip"]