[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f6FYGfN1SsXxZl8G7VXz3xdm0A1lVosbYAi74ipAL37g":3},{"slug":4,"display_name":5,"profile_url":6,"plugin_count":7,"total_installs":8,"avg_security_score":9,"avg_patch_time_days":10,"trust_score":11,"computed_at":12,"plugins":13},"brendigo","Brendigo","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrendigo\u002F",2,0,100,30,94,"2026-05-20T15:29:47.998Z",[14,35],{"slug":15,"name":16,"version":17,"author":5,"author_profile":6,"description":18,"short_description":19,"active_installs":8,"downloaded":20,"rating":8,"num_ratings":8,"last_updated":21,"tested_up_to":22,"requires_at_least":23,"requires_php":24,"tags":25,"homepage":31,"download_link":32,"security_score":9,"vuln_count":8,"unpatched_count":8,"last_vuln_date":33,"fetched_at":34},"brenwp-cache","BrenWP Cache","1.0.1","\u003Cp>\u003Cstrong>BrenWP Cache\u003C\u002Fstrong> speeds up WordPress by serving cached HTML pages to anonymous visitors. On a cache miss, WordPress renders the page normally; BrenWP Cache captures the final HTML output and stores it as a file. On subsequent requests, the cached HTML is served early, reducing server load and improving response times.\u003C\u002Fp>\n\u003Cp>This plugin is intentionally minimal, transparent, and WordPress.org-friendly:\u003Cbr \u002F>\n* No telemetry, no tracking, no “phone home”\u003Cbr \u002F>\n* No external services or dependencies\u003Cbr \u002F>\n* Admin UI assets are strictly scoped to this plugin’s pages\u003C\u002Fp>\n\u003Ch3>Key features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Full-page file cache for anonymous visitors\u003C\u002Fstrong>\u003Cbr \u002F>\n* Caches full HTML documents for \u003Cstrong>GET\u003C\u002Fstrong> requests only.\u003Cbr \u002F>\n* Designed for the common “public pages” scenario where most traffic is anonymous.\u003Cbr \u002F>\n* Avoids caching in common non-cacheable contexts such as admin, AJAX, REST, feeds, previews, searches, and similar endpoints.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Rules to prevent caching personalized or dynamic content\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Exclude logged-in users\u003C\u002Fstrong> (recommended; enabled by default).\u003Cbr \u002F>\n* \u003Cstrong>Exclude URLs\u003C\u002Fstrong> (one per line):\u003Cbr \u002F>\n  – Prefix rules (e.g. \u003Ccode>\u002Fcheckout\u003C\u002Fcode>)\u003Cbr \u002F>\n  – Wildcards (e.g. \u003Ccode>\u002Fcart*\u003C\u002Fcode>)\u003Cbr \u002F>\n* \u003Cstrong>Exclude by cookies\u003C\u002Fstrong> (useful for ecommerce\u002Fsession cookies).\u003Cbr \u002F>\n* \u003Cstrong>Exclude by user agent\u003C\u002Fstrong> (bots, scanners, special clients).\u003Cbr \u002F>\n* \u003Cstrong>Bypass query parameter\u003C\u002Fstrong>: when present (e.g. \u003Ccode>?nocache=1\u003C\u002Fcode>) caching is bypassed for that request.\u003Cbr \u002F>\n* Optional 404 caching (disabled by default; enable only if your 404 output is safe and static).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Tools and automation\u003C\u002Fstrong>\u003Cbr \u002F>\n* One-click \u003Cstrong>Purge cache\u003C\u002Fstrong> tool in WP Admin.\u003Cbr \u002F>\n* Optional auto-purge when posts are updated (useful for content sites that publish\u002Fedit frequently).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security and WordPress.org compliance\u003C\u002Fstrong>\u003Cbr \u002F>\nBrenWP Cache is built to meet WordPress.org review expectations:\u003Cbr \u002F>\n* Capability checks + nonces for state-changing admin actions\u003Cbr \u002F>\n* Strict sanitization\u002Fvalidation of input and late escaping for output\u003Cbr \u002F>\n* Cache directory is constrained under \u003Ccode>wp-content\u002Fcache\u002Fbrenwp-cache\u003C\u002Fcode> with path safety guards\u003Cbr \u002F>\n* Cached HTML is served as a full document (not escaped) and is integrity-verified with an HMAC signature; unsigned\u002Finvalid cache is treated as a miss\u003Cbr \u002F>\n* No obfuscation, no remote calls, no dangerous execution patterns\u003C\u002Fp>\n\u003Ch3>Recommended usage (important)\u003C\u002Fh3>\n\u003Cp>A full-page cache should never store private\u002Fpersonalized output. For best results:\u003Cbr \u002F>\n* Keep “Exclude logged-in users” enabled.\u003Cbr \u002F>\n* Add exclusions for dynamic endpoints such as:\u003Cbr \u002F>\n  – \u003Ccode>\u002Fcheckout\u003C\u002Fcode>, \u003Ccode>\u002Fcart\u003C\u002Fcode>, \u003Ccode>\u002Fmy-account\u003C\u002Fcode> (WooCommerce)\u003Cbr \u002F>\n  – Any pages that show user-specific data, pricing, currency switching, or session-based content\u003Cbr \u002F>\n* If a page sets cookies or sends \u003Ccode>Cache-Control: private\u002Fno-store\u002Fno-cache\u003C\u002Fcode>, it will not be cached.\u003C\u002Fp>\n\u003Cp>Developed by \u003Cstrong>Brendigo LTD\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>BrenWP Cache does not collect personal data and does not send telemetry. Optional Preload requests only your own site URLs.\u003Cbr \u002F>\nCaching is file-based on your server, stored under your WordPress content directory, and controlled by your configuration.\u003C\u002Fp>\n","Lightweight, privacy-friendly file-based page caching with a modern, strictly scoped WP Admin UI.",191,"2026-01-02T01:49:00.000Z","6.9.4","6.0","7.4",[26,27,28,29,30],"cache","optimization","page-cache","performance","speed","https:\u002F\u002Fbrenwp.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbrenwp-cache.1.0.1.zip",null,"2026-04-16T10:56:18.058Z",{"slug":36,"name":37,"version":38,"author":5,"author_profile":6,"description":39,"short_description":40,"active_installs":8,"downloaded":41,"rating":8,"num_ratings":8,"last_updated":42,"tested_up_to":22,"requires_at_least":23,"requires_php":24,"tags":43,"homepage":49,"download_link":50,"security_score":9,"vuln_count":8,"unpatched_count":8,"last_vuln_date":33,"fetched_at":34},"brenwp-client-safe-mode","BrenWP Client Safe Mode","1.7.2","\u003Cp>BrenWP Client Safe Mode helps you troubleshoot safely and reduce risk when handing a WordPress site to clients or non-technical users.\u003C\u002Fp>\n\u003Cp>Safe Mode is \u003Cem>per-user\u003C\u002Fem>: it applies only to the currently logged-in user who enabled it. Visitors and other users are not affected.\u003C\u002Fp>\n\u003Ch4>Safe Mode (per-user) can optionally\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Block access to risky wp-admin screens (plugin\u002Ftheme management, core updates, Site Health, and update actions)\u003C\u002Fli>\n\u003Cli>Disable file modifications (plugin\u002Ftheme installs, updates, editors)\u003C\u002Fli>\n\u003Cli>Optionally block update\u002Finstall capabilities (prevents running updates\u002Finstalls even via alternative flows)\u003C\u002Fli>\n\u003Cli>Optionally block destructive capabilities (prevents deleting plugins\u002Fthemes while Safe Mode is enabled)\u003C\u002Fli>\n\u003Cli>Optionally disable the built-in plugin\u002Ftheme editors (capability-based) while Safe Mode is enabled\u003C\u002Fli>\n\u003Cli>Hide update notices\u003C\u002Fli>\n\u003Cli>Trim selected admin bar nodes (Updates \u002F Comments \u002F New Content)\u003C\u002Fli>\n\u003Cli>Auto-disable after a configurable number of minutes (optional)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Client restrictions (role-based + optional user targeting) can\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Optionally target a specific user account (in addition to roles)\u003C\u002Fli>\n\u003Cli>Hide risky menus\u003C\u002Fli>\n\u003Cli>Block direct access to sensitive wp-admin screens\u003C\u002Fli>\n\u003Cli>Disable file modifications\u003C\u002Fli>\n\u003Cli>Hide update notices\u003C\u002Fli>\n\u003Cli>Optionally limit the Media Library to a user’s own uploads (privacy on multi-author sites)\u003C\u002Fli>\n\u003Cli>Optionally hide common Dashboard widgets for restricted roles (UI cleanup)\u003C\u002Fli>\n\u003Cli>Optionally hide the Screen Options dropdown (independent toggle)\u003C\u002Fli>\n\u003Cli>Optionally hide the Admin Bar on the front end for restricted roles\u003C\u002Fli>\n\u003Cli>Optionally block Customizer access (customize.php)\u003C\u002Fli>\n\u003Cli>Optionally block Users screens (Users list\u002FAdd\u002FEdit) even if the broader screen blocklist is disabled\u003C\u002Fli>\n\u003Cli>Optionally block Tools screens (Tools\u002FImport\u002FExport) even if the broader screen blocklist is disabled\u003C\u002Fli>\n\u003Cli>Optionally lock profile email\u002Fpassword changes for restricted roles (prevents self-service account takeover)\u003C\u002Fli>\n\u003Cli>Optionally show a dismissible 2FA security reminder notice (notice only)\u003C\u002Fli>\n\u003Cli>Optionally hide the Admin Bar on the front end for restricted roles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>General hardening (site-wide, optional)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Disable XML-RPC\u003C\u002Fli>\n\u003Cli>Disable the built-in plugin\u002Ftheme editors for all users (capability-based)\u003C\u002Fli>\n\u003Cli>Optional settings export download (admin-only) via a nonce-protected endpoint (default OFF)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Administrators are never restricted by client restrictions. On multisite, super-admins are also excluded.\u003C\u002Fp>\n\u003Ch4>Privacy\u003C\u002Fh4>\n\u003Cp>This plugin does not send data to external services. It performs \u003Cstrong>no tracking, telemetry, analytics, or “phone-home” requests\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>Data stored on your site\u003C\u002Fh4>\n\u003Cp>The plugin stores the minimum required data to provide Safe Mode and optional auditing:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Options (Settings)\u003C\u002Fstrong>: stored in the \u003Ccode>brenwp_csm_options\u003C\u002Fcode> option (site option). This contains your configured settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity log (optional)\u003C\u002Fstrong>: stored in the \u003Ccode>brenwp_csm_activity_log\u003C\u002Fcode> option \u003Cstrong>only if Activity logging is enabled\u003C\u002Fstrong>. This log is bounded by \u003Cstrong>Max entries\u003C\u002Fstrong> and can optionally be pruned by age (Retention days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Operational options\u003C\u002Fstrong>: internal housekeeping options such as \u003Ccode>brenwp_csm_last_settings_change\u003C\u002Fcode> and a short-lived lock key used to avoid concurrent log writes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User meta (Safe Mode)\u003C\u002Fstrong>:\n\u003Cul>\n\u003Cli>\u003Ccode>brenwp_csm_safe_mode\u003C\u002Fcode> (on\u002Foff flag for a user)\u003C\u002Fli>\n\u003Cli>\u003Ccode>brenwp_csm_safe_mode_until\u003C\u002Fcode> (optional expiry timestamp if auto-off is enabled)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Data minimization and retention\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Activity logging is \u003Cstrong>disabled by default\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>The activity log does \u003Cstrong>not\u003C\u002Fstrong> store IP addresses and attempts to redact likely secrets from context values.\u003C\u002Fli>\n\u003Cli>Retention controls:\n\u003Cul>\n\u003Cli>\u003Cstrong>Max entries\u003C\u002Fstrong> caps log size.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Retention days\u003C\u002Fstrong> can automatically prune older entries (0 = disabled).\u003C\u002Fli>\n\u003Cli>The \u003Cstrong>Clear log\u003C\u002Fstrong> action removes all log entries immediately (admin-only, nonce protected).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Privacy tools\u003C\u002Fh4>\n\u003Cp>The plugin:\u003Cbr \u002F>\n* Adds suggested text to the Privacy Policy Guide (Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Privacy)\u003Cbr \u002F>\n* Registers a personal data exporter and eraser for the Safe Mode user meta\u003C\u002Fp>\n\u003Ch4>Data deletion\u003C\u002Fh4>\n\u003Cp>On uninstall (delete), the plugin removes its options, optional log option, Safe Mode user meta, and (best-effort) the optional \u003Ccode>bren_client\u003C\u002Fcode> role if it was created by the plugin.\u003C\u002Fp>\n\u003Ch3>Security\u003C\u002Fh3>\n\u003Cp>This plugin follows WordPress hardening best practices:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>CSRF protection\u003C\u002Fstrong>: all state-changing actions use \u003Cstrong>POST\u003C\u002Fstrong> and require a \u003Cstrong>WordPress nonce\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Authorization\u003C\u002Fstrong>: privileged admin actions are gated by \u003Cstrong>capability checks\u003C\u002Fstrong> (\u003Ccode>manage_options\u003C\u002Fcode> by default, filterable).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XSS defense\u003C\u002Fstrong>: user-controlled data is sanitized on input and escaped on output.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No remote requests\u003C\u002Fstrong>: the plugin does not make outbound HTTP requests.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data minimization\u003C\u002Fstrong>: the activity log is bounded, does not store IP addresses, and redacts likely secrets in log context values.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Assumptions and scope:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The plugin enforces policies inside WordPress; it does not replace server\u002FWAF hardening.\u003C\u002Fli>\n\u003Cli>Safe Mode is \u003Cstrong>per-user\u003C\u002Fstrong> and does not modify the site’s active plugins\u002Fthemes list.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Troubleshooting\u003C\u002Fh3>\n\u003Ch4>I don’t see the Safe Mode toggle in the admin bar\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Confirm the WordPress admin bar is enabled for your account.\u003C\u002Fli>\n\u003Cli>Confirm \u003Cstrong>Enforcement\u003C\u002Fstrong> is enabled in the plugin settings.\u003C\u002Fli>\n\u003Cli>Confirm your role is included in \u003Cstrong>Who can toggle Safe Mode\u003C\u002Fstrong> (or you are an administrator \u002F multisite super-admin).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>My profile email\u002Fpassword cannot be changed\u003C\u002Fh4>\n\u003Cp>If \u003Cstrong>Restrictions \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Lock profile email\u002Fpassword\u003C\u002Fstrong> is enabled and your account is restricted, you will not be able to change your own email or password. Contact an administrator.\u003C\u002Fp>\n\u003Ch4>XML-RPC stopped working\u003C\u002Fh4>\n\u003Cp>If you rely on legacy services that require XML-RPC (some old mobile apps \u002F integrations), disable \u003Cstrong>General \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Disable XML-RPC\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>I get redirected with an “Access blocked” notice\u003C\u002Fh4>\n\u003Cp>A configured policy blocked a sensitive admin screen. Review:\u003Cbr \u002F>\n* \u003Cstrong>Restrictions \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Block direct screen access\u003C\u002Fstrong> (for restricted roles)\u003Cbr \u002F>\n* \u003Cstrong>Safe Mode \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Block risky admin screens\u003C\u002Fstrong> (for your account if Safe Mode is enabled)\u003C\u002Fp>\n\u003Ch4>Safe Mode is enabled but I want to turn it off\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Use the \u003Cstrong>Safe Mode\u003C\u002Fstrong> tab to toggle it off.\u003C\u002Fli>\n\u003Cli>If auto-off is enabled, it will disable automatically after the configured time window.\u003C\u002Fli>\n\u003Cli>If Enforcement is OFF, the UI provides a \u003Cstrong>Clear stored Safe Mode\u003C\u002Fstrong> button to remove the stored flag.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Developer Hooks\u003C\u002Fh3>\n\u003Cp>Filters:\u003Cbr \u002F>\n* \u003Ccode>brenwp_csm_required_cap\u003C\u002Fcode> — change the capability required to manage this plugin (default: \u003Ccode>manage_options\u003C\u002Fcode>).\u003Cbr \u002F>\n* \u003Ccode>brenwp_csm_presets\u003C\u002Fcode> — customize Dashboard presets (label\u002Fdescription\u002Fpatch arrays).\u003Cbr \u002F>\n* \u003Ccode>brenwp_csm_create_client_role\u003C\u002Fcode> — return \u003Ccode>false\u003C\u002Fcode> to prevent creating the \u003Ccode>bren_client\u003C\u002Fcode> role on activation.\u003Cbr \u002F>\n* \u003Ccode>brenwp_csm_client_role_caps\u003C\u002Fcode> — customize capabilities assigned to the \u003Ccode>bren_client\u003C\u002Fcode> role on activation.\u003Cbr \u002F>\n* \u003Ccode>brenwp_csm_remove_client_role_on_uninstall\u003C\u002Fcode> — return \u003Ccode>false\u003C\u002Fcode> to keep the \u003Ccode>bren_client\u003C\u002Fcode> role during uninstall cleanup.\u003C\u002Fp>\n","Per-user Safe Mode plus role-based client restrictions for safer troubleshooting and cleaner client handoff.",334,"2026-01-06T21:54:00.000Z",[44,45,46,47,48],"client","hardening","restrictions","security","troubleshooting","https:\u002F\u002Fbrenwp.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbrenwp-client-safe-mode.1.7.2.zip"]